CLAUDE LABJP
FORK — Claude Code 2.1.212 changes what /fork does: it copies your conversation into a new background session with its own row in claude agents, so you can keep working. The old in-session subagent is now /subtaskLIMITS — WebSearch calls are now capped at 200 per session by default, and subagent spawns get the same 200 ceiling, so a runaway search or delegation loop stops on its ownMCPBG — MCP tool calls running past two minutes now move to the background automatically, keeping the session usable. Tune the threshold with CLAUDE_CODE_MCP_AUTO_BACKGROUND_MSPLANFIX — Fixed plan mode auto-running file-modifying Bash commands such as touch and rm without a permission prompt or an SDK canUseTool callbackSONNET5 — Claude Sonnet 5 is running on introductory pricing of $2 per million input tokens and $10 per million output. After August 31 it moves to $3 and $15IPO — Bankers are reportedly lining up investor meetings for Anthropic ahead of a possible public listing as soon as OctoberFORK — Claude Code 2.1.212 changes what /fork does: it copies your conversation into a new background session with its own row in claude agents, so you can keep working. The old in-session subagent is now /subtaskLIMITS — WebSearch calls are now capped at 200 per session by default, and subagent spawns get the same 200 ceiling, so a runaway search or delegation loop stops on its ownMCPBG — MCP tool calls running past two minutes now move to the background automatically, keeping the session usable. Tune the threshold with CLAUDE_CODE_MCP_AUTO_BACKGROUND_MSPLANFIX — Fixed plan mode auto-running file-modifying Bash commands such as touch and rm without a permission prompt or an SDK canUseTool callbackSONNET5 — Claude Sonnet 5 is running on introductory pricing of $2 per million input tokens and $10 per million output. After August 31 it moves to $3 and $15IPO — Bankers are reportedly lining up investor meetings for Anthropic ahead of a possible public listing as soon as October
Articles/API & SDK
API & SDK/2026-06-02Advanced

Guard Your Agent's Destructive Operations with Pre- and Post-condition Contracts

A design for wrapping an autonomous agent's writes in deterministic pre- and post-condition checks. A contract gate stops the destructive operations that better prompts can never reliably prevent.

Claude Agent SDK13Autonomous AgentsArchitectureReliability5Design6

Premium Article

The scariest thing about running an autonomous agent in production is not when it crashes. A crash, at least, is honest. The truly dangerous failure is when a language model like Claude fails plausibly: it produces wrong content, confidently, in a perfectly well-formed shape. The schema validates. The types line up. The logs say success. And yet what got written is broken. That is the failure mode that keeps me up at night.

I have been running several apps and sites solo since 2014, and for the past couple of years I have handed parts of my publishing and deployment to autonomous agents. My first naive setup let the agent push to git directly, and once or twice a week something broken would reach production: a link pointing at a page that did not exist, a mismatch between the number of Japanese and English articles, a config file whose internal consistency had quietly drifted. Every one of these is the kind of failure you think you can fix by writing a more careful prompt. But no matter how much I polished the instructions, the leak rate never reached zero.

Here is the conclusion up front: what worked was not better prompting. It was physically wrapping the agent's write operations in deterministic gates. This article generalizes that design as a "contract gate" and walks all the way to an implementation you can bolt onto Claude Agent SDK tool calls.

Why "Ask the AI to Be Careful" Designs Break Down

Most agent implementations delegate safety to the prompt: "Do not write broken data," "Verify consistency before you push." It seems to work, but it is fundamentally a probabilistic defense. The model decides slightly differently every time. Even at 99% reliability, if you run it dozens of times a day, that remaining 1% will surface, reliably.

This is where an old idea from software engineering helps: Design by Contract. You give a function a precondition (the states in which it may be called) and a postcondition (what it guarantees afterward), and if either is violated you refuse to run. An autonomous agent's tool call is exactly the place that needs such a contract. Whatever the model is "thinking," the machine checks the invariants before and after the write, and a state that violates an invariant never reaches production. You move the locus of judgment from the model to deterministic code.

Official docs often present permission hooks like canUseTool as a way to insert human approval. But in real operation, the most effective thing to interpose is not a human and not the model — it is a deterministic check with neither in the loop. Human approval does not work in a nightly batch, and the model's self-check is, as noted, probabilistic.

The Shape of a Contract Gate: tryGuard, apply, commitGuard, rollback

A contract gate wraps a single destructive operation in four phases.

  1. tryGuard (precondition) — Check whether the state permits the operation. If violated, refuse without executing.
  2. snapshot — Record the pre-operation state for reversal.
  3. apply — Perform the actual write.
  4. commitGuard (postcondition) — Check whether the post-write state satisfies the invariants. If violated, roll back to the snapshot.

The key is that the postcondition phase follows an "apply, then check, then revert if bad" flow. Preconditions alone cannot verify the result of applying. For example, the invariant "the Japanese and English article counts are equal" can only be confirmed after the files are written. That is precisely why apply, check, and reversal must be treated as one unit.

Thank you for reading this far.

Continue Reading

What follows includes implementation code, benchmarks, and practical content we hope you'll find useful. This site runs without ads — server and development costs are supported entirely by members like you. If it's been helpful, we'd be truly grateful for your support.

WHAT YOU'LL LEARN
A complete, dependency-free TypeScript implementation of a contract gate that wraps tool calls in tryGuard, apply, commitGuard, and rollback
Clear criteria for what belongs in pre- and post-conditions: only invariants that resolve deterministically against external state
Concrete patterns for safe rollback via snapshots and idempotent reversal, plus a real breakdown of what the gate actually caught in production
Secure payment via Stripe · Cancel anytime

Unlock This Article

Get full access to the rest of this article. Buy once, read anytime. This site is ad-free — your support goes directly toward keeping it running.

or
Unlock all articles with Membership →
Share

Thank You for Reading

Claude Lab is ad-free, supported entirely by members like you. We publish practical guides daily with implementation code, benchmarks, and production-ready patterns. If you've found it useful, we'd love to have you on board.

  • Copy-paste ready implementation code
  • New advanced guides published daily
  • $5/mo or $10 for lifetime access
View Membership →

Related Articles

API & SDK2026-06-28
Every Tool Call Succeeds, Yet Nothing Moves Forward: Detecting Stagnation in Unattended Agents
No errors, yet the agent keeps replaying the same move while your budget quietly drains. Here is how to detect a success-but-no-progress loop using a progress oracle and action fingerprints, with a working Python implementation that halts safely.
API & SDK2026-06-25
When the Previous Run Hasn't Finished and the Next One Starts: Leases and Fencing Tokens for Scheduled Agents
A scheduled agent that runs on a fixed clock can overtake itself and start twice. From the moment a naive lock breaks to leases, fencing tokens, and bounded catch-up — worked through with the implementation I actually run.
API & SDK2026-07-08
Rolling Out Agent Behavior Changes Gradually with Feature Flags
When an unattended agent changes its prompt or behavior all at once, quiet regressions hide until morning. Here is a design for assigning new behavior to only a fraction of runs, keeping a control group, and adding deterministic bucketing, canary comparison, and automatic rollback.
📚RECOMMENDED BOOKS
Build a Large Language Model (From Scratch)
Sebastian Raschka
LLM Dev
Prompt Engineering for LLMs
Berryman & Ziegler
Prompting
AI Engineering
Chip Huyen
AI Eng
* Contains affiliate links
See all →