Local agents, remote services, and where I draw the line
My favorite agent workflows start local. They inspect the codebase, run tests, draft changes, and explain tradeoffs before anything touches a remote service.
Remote permissions are still useful, but I want them to be intentional. A tool that can deploy, buy, delete, or update DNS should have a smaller surface area than a tool that only reads documentation.
The line I keep coming back to
If an operation can cost money, expose private data, or affect a production user, it deserves a confirmation step and a clear audit trail. Everything else can usually move faster.
That boundary keeps the workflow practical. The agent can still do real work, but the riskiest steps stay visible.