01 · Validate
Contract checks before code lands
Every agent-proposed change is validated against a declared approval contract before it reaches the codebase. Nothing lands silently, and the decision is recorded.
Bounded automation for coding agents
A control layer for AI coding agents.
Latchpoint is a control layer that sits between coding agents and the codebase. It adds approvals, rollback, audit trails, validation, and clear operating limits to the changes agents propose — so useful automation does not become operational risk.
What the control layer provides
No silent writes. No partial states. No unbounded agents.
02 · Recover
Rollback and audit trail
Writes are atomic and verifiable. Every change produces an evidence artifact, and a failed step rolls back cleanly instead of leaving the repository in a mixed state.
03 · Bound
Clear operating limits
Scope, permissions, and allowed actions are declared in contracts rather than hidden in prompts. Agents operate inside boundaries that humans set and can inspect.
The workflow
Agent proposes. Latchpoint validates. The contract decides.
Three steps, one direction of travel. The contract decides how each change is resolved — autonomously, by a human reviewer, or in a hybrid of the two. The team chooses the mode; Latchpoint enforces it.
Step 01
Agent proposes a change
A coding agent produces a candidate change and hands it to Latchpoint instead of writing to the codebase directly.
Step 02
Latchpoint validates the change
The change is checked against the approval contract: scope, permissions, operating limits, and diff verification. The result is a recorded decision, not an opinion.
Step 03
The contract resolves the change
The contract resolves the change — automatically against declared rules, by escalating to a human reviewer when policy requires it, or both. Approved changes are written atomically with post-write verification; failures roll back cleanly.
Trust and operating posture
What the integration touches, and what it never logs.
The repository permissions Latchpoint requests today, and the categories of data that are kept out of operational logs by design. Both are stated precisely so they can be verified.
Access scope
Current repository permissions
- Checks (read/write), Pull requests (read-only), Metadata (read-only).
- Scope is declared in the approval contract and stays narrow by default.
Operational logging
What stays out of logs
- Webhook payloads are not dumped into logs.
- GitHub tokens and auth headers are excluded from logs.
- Repository identifiers appear as short, de-identified references in webhook telemetry.
- Secrets live in runtime secret management, not in source control.