available for workalex@axxe · Netherlands · agents · automation
AXXE
← All writing
PlaybookMar 10, 2026 · 5 min read

A checklist before you let an agent write to prod.

Before an agent gets permission to change a real system, it earns it. Here's the checklist I run through every time. It's the difference between an automation and an incident.

An agent that only reads is a research assistant. An agent that writes is a colleague with root access. The jump between those two is where almost all the risk lives, and it's worth being deliberate about it. This is the list I don't skip.

Before it can write

  • Dry-run mode by default: the agent proposes the change and shows the diff before anything happens.
  • A human gate on anything irreversible or high-value; one-click approve, not silent execution.
  • Scoped credentials: the agent can touch exactly what it needs and nothing else.
  • An eval suite that has to be green before a new version is allowed near prod.

While it runs

  • Every action logged with its inputs, its reasoning, and its result, auditable after the fact.
  • Confidence thresholds that escalate the uncertain cases instead of guessing.
  • A kill switch a non-engineer can hit, and a documented rollback for every kind of write.
  • Rate limits and blast-radius caps so a bad loop can't run away.

The principle underneath

None of this is about distrusting the model. It's about giving it the same guardrails you'd give a capable new hire on their first week with production access: clear scope, a review step, and an easy way to undo a mistake. Do that and writing to prod stops being scary. Skip it and it's only a matter of time.

Next read
Your first agent should be boring.
// Get in touch

Got something worth automating?

Whether it's an agent to build, a workflow to kill, or a team to level up, tell me what you're wrestling with and I'll tell you straight if I can help. I read every message myself.

Prefer email? Reach me directly at alex@axxe.tech