Managed agents can execute code, call tools, and read files. Control boundaries need evidence.
Free agentic development security checklist

Antigravity agentic development security checklist for AI coding teams

For teams using Google Antigravity, Antigravity CLI, AI coding agents, terminal workflows, repository automation, or code-generation agents. Use the matrix to identify boundaries, approvals, logs, tests, review evidence, and rollback gaps before developer adoption scales.

Use the matrixReview the control map
Development team reviewing an Antigravity agentic development security dashboard with controls for repositories, terminal commands, secrets, code review, tests, logs, and rollback.
Agentic development needs more than generated code. It needs repository scope, command boundaries, review evidence, test records, and rollback paths.
No loginBrowser-side matrixSecure SDLC triageNot security assurance

Answer first

If an AI coding agent can read files, run commands, change code, call tools, or prepare pull requests, treat it as a development control surface. The minimum evidence set is simple: define the repository scope, protect secrets, constrain terminal execution, require human code review, keep test and artifact evidence, and preserve a rollback path.

The issue is not whether Antigravity makes development faster. The issue is whether a team can later explain what the agent touched, what it changed, what evidence was reviewed, and who approved the work before it reached a branch, build, or release path.

Use this checklist if one of these is true

Agentic coding

AI can modify code

Your team is using agents that generate code, change files, propose pull requests, or operate inside a development environment.

Terminal risk

Commands need boundaries

Agents or developers can trigger package installs, build steps, migrations, tests, shell commands, or cloud-connected actions.

Security evidence

You need retained proof

You need reviewable records for scope, secrets, dependency changes, code review, test evidence, logs, and rollback decisions.

Control map for Antigravity agentic development security showing repository scope, secrets boundary, terminal command approval, dependency review, test evidence, code review, logs, and rollback.
The core question is not whether an agent can write code. It is whether the team can verify, review, and reverse what the agent changed.

Antigravity agentic development security matrix

Select the maturity state for each control. Use Enforced only when there is retained evidence that the control is applied, not merely a team habit or verbal instruction.

Scoring rule: Missing = 0. Defined = 1. Enforced = 2. Maximum score = 24.

Your score

0/24

Not ready for agentic coding scale

Start by documenting what the agent may touch, execute, change, and commit before wider developer rollout.

Recommended route

Start with ACT-1 or the Google AI readiness checklist before enabling wider use.

Security controlMissingDefinedEnforced
Project and repository scopeThe repository, branch, task, and files in scope are written down before the agent starts work.
Secrets and credential boundaryThe agent cannot read, print, commit, or expose secrets, tokens, keys, environment files, or credentials.
Local file and workspace accessThe team defines what local folders, generated files, config files, and temporary artifacts the agent may touch.
Terminal and command executionShell commands, build steps, package installs, migrations, and destructive commands require a written boundary.
Dependency and package changesPackage updates, new libraries, lockfile changes, and transitive dependency changes are reviewed before merge.
Code change reviewA human reviewer checks generated code, tests, error handling, security impact, and maintainability before acceptance.
Test and build evidenceThe agent or developer keeps test results, build logs, screenshots, recordings, or other review artifacts.
Pull request and branch controlAgent-generated changes use reviewable branches, pull requests, commit messages, and reviewer assignment.
External connection boundaryBrowser use, web fetches, APIs, MCP servers, cloud projects, and third-party tools have explicit approval rules.
Artifact verificationScreenshots, plans, recordings, diffs, and logs are used to verify what the agent claims it changed.
Rollback and release separationThe team knows how to revert agent changes and keeps deployment separate from code generation.
Admin policy and observabilityAdmins can review access, usage, logs, policy settings, and who is allowed to use agentic development features.

This is a first-pass development control signal. It is not a certification score, legal opinion, audit result, secure-code review, or security assurance.

Result summary

Security control maturity

The visible buckets keep the page clean. The copy button still captures the full detailed result for your internal notes.

0 Enforced with evidence

None yet.

0 Defined only

None yet.

12 Missing

All controls.

Recommended next step

Document repository scope, secrets boundaries, terminal command limits, code-review evidence, and rollback rules first.

Result summary will update when you change the control maturity in the matrix.

The five control areas that matter most

Agentic coding risk concentrates around a small number of control areas. Keep the public page simple, then use ACT-2 or a sprint to build the full internal evidence system.

1Scope

What code and files can the agent touch?

Define the repository, branch, folder, task, and file boundary before the agent starts work.

Evidence to keep: task brief, repository scope, branch name, excluded folders, approved files, reviewer notes.
2Secrets

What must the agent never read or expose?

Secrets, tokens, private keys, credentials, environment files, and customer data require explicit boundaries.

Evidence to keep: secret-handling rule, exclusion list, scan result, redaction note, incident route.
3Execution

Which commands require approval?

Builds, migrations, package installs, destructive shell commands, and cloud-connected actions need review rules.

Evidence to keep: command boundary, approved command list, terminal log, approval record, failed-run note.
4Review

Who validates the code before merge?

Generated code still needs review for security, correctness, tests, maintainability, and dependency impact.

Evidence to keep: pull request, diff review, test evidence, dependency review, reviewer approval.
5Rollback

Can the team reverse unsafe agent changes?

Agent-generated changes should stay separate from release decisions. The team needs a rollback owner, revert path, and retained evidence.

Evidence to keep: rollback path, release separation rule, deployment note, change log, owner assignment.

Turn the checklist into working development evidence

The matrix identifies weak controls. The next step is to convert those gaps into artifacts that security, engineering, buyers, or auditors can inspect.

Broad readiness

Google AI Readiness Matrix

Use this if the team has not yet mapped Google AI features, owners, data access, approvals, logs, and vendor evidence.

Open the readiness checklist →

Agent control

Managed Agents Matrix

Use this if agents can call tools, execute code, browse the web, read/write files, or act in managed environments.

Open the managed agents matrix →

Implementation

ACT-2 or Sprint

Use ACT-2 or a sprint when agentic development controls must become reusable evidence, not one-off notes.

View ACT tiers →

AI coding speed creates security debt if evidence is missing.

Use the matrix as a first screen. Use ACT-2, M78Armor, or an implementation sprint when repository, runtime, or release-path controls need to be formalized.

View ACT tiersReview M78ArmorEvaluate the Sprint

Source basis and limits

This page is based on public Google and standards sources reviewed on 2026-05-23. It is intended as operational implementation guidance, not legal, audit, certification, procurement, secure-code, or security assurance.

  • Google I/O 2026 developer announcements were reviewed for Antigravity, Antigravity CLI, Antigravity SDK, Managed Agents, and AI Studio references.
  • Google Cloud Gemini Code Assist documentation was reviewed for coding assistance, agentic chat, output-validation warning, and migration references.
  • NIST AI RMF and ISO/IEC 42001 public materials were reviewed as general AI risk management and AI management system references.
  • Move78 control wording is an implementation interpretation and must be reviewed by qualified engineering, security, privacy, legal, or compliance owners before use in production.

Questions before using the matrix

Use it if your team is using or evaluating Google Antigravity, Antigravity CLI, AI coding agents, agentic IDE workflows, terminal-based agents, or agents that can change code, run commands, or touch repositories.
No. It is a first-pass implementation and evidence tool. It helps identify missing controls, but it does not provide security assurance, legal advice, certification, or audit evidence by itself.
No. The matrix runs in the browser and does not submit selected answers to Move78. Site analytics may load only if the visitor accepts analytics cookies.
Start with repository scope, secret-handling boundaries, terminal-command approval, code-review evidence, test logs, and rollback rules before allowing agentic development workflows to scale.

Last reviewed: 2026-05-23.

Public source basis: Google I/O 2026 developer highlights, Google Cloud Gemini Code Assist documentation, NIST AI RMF, and ISO/IEC 42001 public overview.

Move78 materials are informational and implementation-support resources only. They are not legal, tax, regulatory, audit, certification, conformity-assessment, procurement, secure-code-review, or security advice.