The standard agentic loop — give the agent a task, get code back — has no checkpoint between your intent and the agent's execution. You find out what the agent decided to do by reading what it already did. The CORE workflow closes that gap by splitting every agentic task into two sequential sessions: one that drafts a plan and stops, and one that executes the approved plan and returns a PR. Human judgment sits at the decision point between them — not at every tool call, not after the damage is done. TL;DR The agentic approval workflow has six stages: Write a structured task file with scope constraints and an explicit stop instruction Run a planning session — agent drafts a plan, writes it to disk, and stops Review the plan file, edit if needed, then approve by leaving it unchanged Run a separate execution session that reads the approved plan and returns a diff Run a QA inspector agent to audit the diff for scope violations before merge Review the PR diff against the approved plan and merge No micromanaging…