Agents
How to Make AI Work Pick Up Where It Left Off
A saved chat is not enough. Give the next person or session the last verified state, the proof behind it, and a clear instruction to continue, check what changed, go back, or stop.
Use this when
you need the work to hold up in real use.
Make AI-assisted work resumable after a reset, handoff, or interruption without confusing a saved chat or checkpoint with the latest verified state.

Your AI-assisted project stops halfway through a three-day change.
Tomorrow, a teammate or a fresh session opens the files. The old conversation is still available, but it is long and partly stale. A few files changed. A test may have failed. An approval may have expired. Nobody can tell whether an outside action actually happened.
The problem is not that the AI forgot a sentence. The problem is that the next person cannot prove what is true now or what is safe to do next.
That is what recoverable state solves.
A checkpoint helps, but it is only a saved boundary. It does not prove that nothing changed afterward. A handoff helps, but it can be wrong. A complete recovery process combines the saved state with current evidence and checks outside the chat. It then decides whether to continue, reconcile by checking what changed, roll back to the last known good point, or stop.
This guide shows the smallest version worth building. It includes a portable resume packet, a fresh-session test, a clean-stop versus hard-kill experiment, and the recovery controls and scaling lessons I verified while auditing WarpOS, my agentic operating-system project.
Key takeaways
- Save the last verified state, not a hopeful summary of progress.
- Keep conversation, workflow, workspace, and outside-system state separate.
- Treat a checkpoint as a recovery boundary, not proof that the latest work was captured.
- Make a fresh person or controller return one verdict: continue, reconcile, roll back, or stop.
- Never replay an outside action until you have checked its receipt, permission, and current state.
What must survive for work to continue safely?
Recoverable state is what lets someone new pick up the work without guessing or asking you to retell the old chat.
More precisely, it is the saved information and proof a fresh person or controller needs to find the last verified state, check what changed, choose the next safe action, and return to a known good point when continuing is unsafe.
The word durable matters. Information held only in the previous model's working context disappears with that process. Information saved to the wrong file, or saved without a reader that knows where to find it, may as well have disappeared.
It helps to divide state into four layers. This prevents a familiar mistake: saving the conversation and assuming the work itself is recoverable.
| State layer | What it includes | What can go wrong |
|---|---|---|
| Conversation state | Instructions, messages, model responses, tool calls, and discussion history | The history can preserve what was said while missing the current files, workflow stage, or outside result |
| Workflow state | Objective, owner, current stage, completed steps, next allowed action, acceptance criteria, risks, and approvals | A new session may repeat finished work, skip a gate, or act on an expired decision |
| Workspace state | Files, data, branch, dependencies, generated artifacts, and uncommitted changes | The saved conversation can describe files that no longer match the actual workspace |
| Outside-system state | Deployments, tickets, emails, payments, database writes, permissions, timestamps, and receipts | The outside world can change after the checkpoint and cannot be restored by replaying a chat |
What should a resume packet contain?
A resume packet is the portable record a fresh person or controller reads before continuing. It should point to durable evidence instead of trying to retell the entire conversation.
The packet below is intentionally small. Each field answers a recovery question that becomes expensive when left implicit.
| Packet field | Question it answers |
|---|---|
| Workflow and run ID | Which piece of work is this packet about? |
| Created time and source checkpoint | How old is this state, and where did it come from? |
| Objective and scope | What are we trying to accomplish, and what is outside the job? |
| Last verified state | What was the last condition supported by evidence? |
| Completed work and evidence | What finished, and where is the test, file, review, or receipt that proves it? |
| Workspace reference | Which branch, files, artifact versions, or fingerprints were checked? |
| Decisions and constraints | Which choices still govern the work? |
| Risks and open questions | What remains uncertain or dangerous? |
| Failed attempts | What should the next person avoid repeating without a new reason? |
| Outside-system state | What was observed outside the workspace, when was it observed, and where is the receipt? |
| Next action | What is the smallest allowed step from the last verified state? |
| Acceptance criteria | What exact evidence would show that step succeeded? |
| Permissions and expiry | Which actions are allowed, by whom, and until when? |
| Recovery point and rollback | Where can the work return if continuation fails? |
| Recovery verdict | Can the next person continue, or must they reconcile, roll back, or stop first? |
What changes between a clean stop and a hard kill?
A clean stop gives the workflow a chance to save its latest verified state. A hard kill can happen after work changed but before the next save.
Before resuming, the incoming owner should identify which condition occurred. The difference determines whether the next step is continuation or investigation.
| Interruption | What is likely durable | What may be missing or stale | Safe response |
|---|---|---|---|
| Clean stop after a verified checkpoint | Objective, completed work, evidence, next action, and acceptance criteria | Outside state or permission may have changed since the save | Check freshness, then continue if the packet still matches reality |
| Hard kill before work started | The prior checkpoint | Little or no new work | Confirm the workspace, then restart from the checkpoint |
| Hard kill after unpersisted work | The prior checkpoint only | Current state, files, next action, criteria, and possible side effects | Reconcile the workspace and outside systems before replaying anything |
| Approval expired during interruption | Work and evidence may be intact | Permission to perform the next action | Get a fresh approval tied to the exact action |
| Outside action has no receipt | Local state may say the action was attempted | Whether the action succeeded, failed, or partly completed | Query the outside system before retrying |
| Durable records disagree | Several saved versions of the work | Which record is authoritative | Apply a documented precedence rule or stop for human resolution |
What did the clean-stop and hard-kill test show?
I tested this boundary with a small local fixture. It did not call a model, use the network, or touch an outside system.
In the clean-stop condition, the first process saved the objective, current state, completed work, evidence, decisions, constraints, risks, failed attempts, next action, three acceptance criteria, required permissions, and a recovery point.
A fresh process received only the saved files. It recovered the exact next action, all three acceptance criteria, and the evidence status. Its verdict was safe to continue.
In the hard-kill condition, a child process saved a checkpoint before a bounded implementation step. It then changed its in-memory current state, next action, and acceptance criteria without writing another checkpoint. The parent terminated it.
The durable packet still said to start the bounded implementation step. The killed process had already moved to verifying the uncheckpointed implementation result.
The fresh reader correctly found that three tested fields were stale or lost: current state, next action, and acceptance criteria. It blocked continuation from the supposed latest state and allowed only a rollback to the saved checkpoint followed by reconciliation.
This proves that a complete packet can make a bounded synthetic workflow resumable without the old process's memory. It also shows why the last checkpoint is a recovery boundary, not a complete account of everything that happened before the interruption.
It does not prove recovery across machines, credentials, remote services, or real production side effects. It also does not prove that replay is safe.
| Condition | Fresh reader observed | Recovery decision |
|---|---|---|
| Clean stop | Exact next action, all three acceptance criteria, and ready evidence | Continue from the saved boundary |
| Hard kill after in-memory changes | Saved next action remained stale; current state, next action, and criteria were lost | Roll back to the checkpoint and reconcile |
What has WarpOS proven about recovery?
I use WarpOS, my agentic operating-system project, to build and coordinate work across multiple production applications. For this article, I inspected one frozen public commit so every recovery claim stays pinned to evidence.
A core mechanism is its live handoff writer. It runs after completed turns and on session end, records Git state in a per-session file, and writes the file atomically so a reader should not see a half-written snapshot.
The recovery boundary is explicit. A completed turn can leave durable state for the next session. A mid-turn hard kill creates a measured loss window because no completion hook can save work it never sees.
WarpOS also has structured sprint checkpoints with the phase, last completed step, next action, resume command, notes, and a safe-to-continue field.
That operating history also gives me precise hardening tests. The frozen audit produced three focused upgrades: calculate the continuation verdict from current evidence, test the checkpoint writer and startup reader as one end-to-end contract, and apply a clear precedence rule when several saved records represent different moments in a run.
Each upgrade came from inspecting actual runtime paths and saved records, not inventing a hypothetical failure. That is how a production system becomes easier to trust as it handles more work.
That is the value of a system with real operating history. WarpOS already preserves handoffs, checkpoints, Git evidence, and resume instructions across production-app work. Each audit can now turn an observed edge case into a stronger runtime control.
A saved packet is still a claim about state. Recovery begins by checking that claim against the workspace, the workflow record, and the outside world.
What do current agent platforms actually preserve?
Vendor capabilities differ, and those capabilities change. Avoid a blanket claim that a vendor session is only a chat or that a checkpoint saves everything.
This table describes the specific features in the linked documentation. Choose a feature by matching it to the state layer you need, then test its trigger, storage, expiry, restore path, and failure behavior.
| System | What the documented feature preserves | Important boundary |
|---|---|---|
| OpenAI Agents SDK Sessions | Conversation history across runs | Conversation history is not the same as workspace or outside-system state |
| OpenAI sandbox state and snapshots | Serialized sandbox connection state or saved workspace contents | A snapshot can restore a workspace, but mounted and ephemeral paths may not be durable |
| Anthropic Managed Agents | Conversation history and, when idle, a checkpoint of the full sandbox state | Sandbox checkpoints have a documented retention window |
| Microsoft Agent Framework checkpoints | Executor state, pending messages, requests, responses, and shared state at completed workflow steps | Recovery needs durable storage and explicit saving of custom executor state |
| LangGraph persistence | Thread-scoped graph checkpoints plus separate cross-thread application data stores | In-memory checkpoint storage disappears when the process restarts |
Why can replay make recovery worse?
Resume and rerun are not the same action.
Suppose an AI workflow sends an email and crashes before saving the receipt. Replaying the step may send the email twice. The same problem applies to charges, deployments, ticket creation, database writes, remote pushes, and destructive operations.
AWS's Agentic AI Lens makes the connection directly: checkpoint recovery is safe only when workflow steps are idempotent. An idempotent step produces the same result when repeated with the same input. Outside calls need idempotency keys, state changes need conditional writes, and emitted events need deduplication.
If the receipt is missing, query the outside system. Do not infer failure from silence and repeat the action.
What is the smallest recovery system worth building?
You do not need complex recovery infrastructure to improve tomorrow's handoff.
Start with one resume packet at a meaningful boundary, such as an accepted plan, a completed implementation step, a reviewed artifact, or an outside action. Require evidence for completed work, then give the packet to a fresh person or session without the old conversation.
Ask the incoming owner for the last verified state, the exact next action, its acceptance criteria, the risks, the permissions, and one recovery verdict. If they need the old chat explained, the packet failed. If they return continue without checking freshness and evidence, the test also failed.
Once the manual boundary works, automate checkpoints before and after expensive steps, make replay safe, and run a hard-kill test between checkpoints to measure what disappears.
FAQ
Is conversation history the same as recoverable state?
No. Conversation history can preserve instructions, responses, and tool calls. Recoverable state also needs the current workflow position, workspace state, completion evidence, outside-system state, permissions, next action, and recovery point.
What is the difference between a checkpoint and a handoff?
A checkpoint is saved state at a known workflow boundary. A handoff explains what an incoming owner needs to know and points to the evidence. A good recovery process uses both, then checks them against current reality before continuing.
How often should an AI workflow create checkpoints?
Create them at natural boundaries where repeating the work would be expensive or risky. Good examples include an accepted plan, a completed implementation step, a reviewed artifact, and the point before or after an outside action. Tie checkpoint frequency to recovery value.
Can a hard kill recover the latest work?
Only if the latest work reached durable storage before the kill or can be reconstructed from another trusted source. In-memory decisions and changes disappear. Files or outside actions may remain partly updated, which is why reconciliation comes before replay.
Is replaying from a checkpoint safe?
Not automatically. Replay can duplicate emails, charges, tickets, deployments, or writes. Safe replay needs idempotent steps, outside-state checks, receipts, valid permissions, and a recovery path.
What should an AI session handoff contain?
At minimum: the objective, scope, last verified state, completed work with evidence, decisions, constraints, risks, failed attempts, next action, acceptance criteria, permissions, outside-system state, and a recovery point. It should also state whether continuing is currently safe.
Conclusion
The test is not whether the old chat can reopen. The test is whether a fresh person or controller can prove what is true, identify the next safe action, and stop when the saved story no longer matches reality.
Start with one resume packet. Give it to a fresh session without the old conversation. If it can recover the exact next action and its acceptance criteria, you have a useful boundary. Then kill a synthetic run between checkpoints and find out where certainty actually ends.
Recoverable state is one part of the wider system that keeps AI-assisted work accurate, provable, and controllable. Use the complete 12-part system map to connect continuity with shared truth, workflow gates, evidence, approvals, and learning.
If your AI workflow crosses days, owners, or outside systems and still depends on someone retelling the story, I can help audit its continuity and recovery path.
Sources
- Microsoft Agent Framework: Checkpoints
- AWS Agentic AI Lens: Checkpoint recovery and idempotency
- LangGraph: Persistence
- OpenAI Agents SDK: Sessions
- OpenAI Agents SDK: Sandbox state and snapshots
- Anthropic: Managed Agents session recovery
- WarpOS frozen source at commit 8b083d7
- WarpOS recovery truth sources
- WarpOS checkpoint template
- WarpOS live handoff and hard-kill boundary
- WarpOS checkpoint verdict helper
- WarpOS active sprint registry
- WarpOS current sprint recovery record
- WarpOS halted sprint progress record
- WarpOS periodic checkpoint writer
- WarpOS startup checkpoint reader
Next move
Want me to audit your AI workflow?
Bring one product-delivery bottleneck, operations workflow, or early MVP. I will help decide what AI should own, where human judgment stays, and how to measure the result.
Talk about an AI workflowAbout the author
Related articles
Keep going
What an AI Building System Needs: 12 Practical Parts
A plain-language guide to the 12 parts that keep AI-assisted work accurate, reviewable, and recoverable, backed by a frozen WarpOS audit.
AI Coding Feels Magical Until The Project Gets Serious
AI coding breaks when the work needs memory, handoffs, evidence, review, and recovery. That is an operating-system problem.
Stop Paying AI To Re-Read The Same Context
Every stale instruction, repeated file, and oversized chat history has a cost. Context management saves tokens by giving the model the right state, not the whole project.