Trust model

Inspect before install.

The first Checkpoint workflow is intentionally boring: local files, readable output, and no hidden place where project memory disappears.

What gets written

Checkpoint writes project memory under .contextos/ and optional agent-facing Markdown files in your checkout. You can open, diff, edit, or remove them like any other repo artifact. 

.contextos/
  context/
  tasks/
  handoffs/
  decisions/
  state/

What never belongs in handoffs

Keep private values out.

Do not put raw keys, passwords, customer data, private host names, or production-only paths in project memory. Write the fact that a value exists, not the value itself.

Demo data stays fake

The public demo and examples use names such as Acme Notes and Sample Ledger. They avoid real customer data, private repo names, real hostnames, or credential-shaped placeholders.

Final review is human

Generated output is meant to be read before use. If a source note is too detailed for the next session, edit the Markdown and regenerate the pack.

Plain limits are a feature

No account required

Start from a local source checkout and inspect every file.

No hidden database

The primary workflow uses readable files in the project.

No opaque handoff

The pack is Markdown you can edit before the next tool sees it.

No mystery sample values

Examples use fake project names and safe placeholder wording.