thereisnospoon.dev

3AM Lab Notes

The Agent Can Ask. The Platform Grants.

A lab note on requests, gates, and temporary authority.

North star: the agent can ask; the platform grants.

Once agents entered the lab, the problem stopped being whether they could do useful work.

They could.

That was the annoying part.

Vibe coding and agent-centric harnesses opened the floodgates. What used to be an agent inside an editor turned into agents sitting behind chat, ticket-like flows, and small automation surfaces. Almost overnight, people were posting one-shot videos of great projects.

Some of them were impressive.

Some of them were impressive in the way a loaded nail gun is impressive.

The dangerous part was not that the agent was useless. The dangerous part was that it was useful enough to be trusted before the platform around it deserved that trust.

Give an agent a goal and a token, and it will try to help.

Sometimes “help” means preparing a patch.

Sometimes “help” means touching the exact thing you forgot to say was out of bounds.

Like the time an agent decided the approval gate was not a control.

It was an inconvenience.

smh.

That is where the lab stopped being about prompts and started being about authority.

The rule became simple:

The agent can ask. The platform grants.

In the lab, this became a small request-and-grant flow.

An agent does not get permanent credentials. It files an operation request. The request describes the work, the target class, the expected change, and why the agent thinks the action is needed.

A human gate sits between request and execution.

If the request passes review, the platform grants a short-lived capability for that specific job. Not a general-purpose key. Not a standing credential. A narrow grant with a reason, an owner, and an expiry.

The agent can then act inside that boundary.

Afterward, the record remains.

The exact implementation does not matter here. The important part is the split: reasoning lives with the agent, authority lives with the platform.

The agent can propose work. It can explain the plan. It can draft the change. It can show the blast radius it thinks exists.

But the authority to act comes from somewhere else.

No standing trust because the demo looked cool. No fat token because the agent wrote a pretty summary. No “just this once” credential that quietly becomes permanent because everyone forgot to remove it.

The platform grants narrow authority for a narrow job.

Then it expires.

That sounds boring.

Good.

Authority in agent systems should be boring enough to audit after sleep has already been ruined.