For agents, the safety is the product

I started building an agent that does workflows. It quickly became an agent you can trust to do workflows, which is a different product.

The interesting surface turned out to be the scaffolding. Nothing runs until a human approves it. Every proposal, approval, and action gets written to an append-only log. The tools are mocks with a dry-run default, so you can prove the safety model with zero blast radius.

When I demo it, people don't poke at the model. They poke at the audit trail and the permissions. That tells you what they're actually buying.