Sponsored by

His CFO agent ran a full reconciliation, matched every line, and then didn’t mark the invoices paid.

The reason was mundane. It only had read access to Stripe, and marking an invoice paid is a write action. So it flagged the batch for Chinedum Okerengwor and stopped there. He had scoped it that way on purpose.

Okerengwor runs Royalti.io, music and royalty software out of Nigeria, and by his own account “It consists of four humans, with agents running the executive functions on top of us and alongside us - we all communicate on Mattermost.” In his post he said "I kept pushing Claude Code past what it was for, and eighteen months later, it runs most of my company." That company now has a full C-suite of agents. Finance reconciles across entities. Engineering opens PRs. Sales scores leads. A layer above them maps each agent's output to a real company priority.

He is honest about the ceiling though. "If I only showed you the wins, this would be a brochure," he writes.  Over time, due to agent failures, he has deliberately created many similar scope restrictions.  Sometimes he loses track of what roadblocks he’s created, but he told me that one of his biggest takeaways from this whole experience is, “scope the access and the boundary holds even when you forget where you drew it.”

Welcome back. Let's get to work.

The most important stories and updates from the past week

🔗 Vercel built an agent framework that treats every credential like it's radioactive

Eve turns a filesystem project into a durable backend agent: it auto-discovers agent/ files, drops each agent in an isolated sandbox/, and resolves model strings through Vercel's AI Gateway so a deployed agent authenticates with OIDC instead of a hard-coded provider key. The part worth copying is the default. Most frameworks still ship a "paste your API key here" quickstart. Before you wire your next agent that way, look at what scoped, gateway-brokered credentials plus a per-agent sandbox actually buy you. [READ MORE]

🔗 A field guide for when a second agent is actually worth it

Aron Schuhmann's guide for Mastra gives you a decision framework instead of vibes: add another agent when you have a real security or compliance boundary to enforce, when separate teams need to own separate pieces, or when a module has to scale on its own. Run your use case through those three questions first. Most "we need multi-agent" instincts fail the very first one, and you save yourself a coordination headache you were about to hand-build. [READ MORE]

🔗 One human, ten agents, and a single file that says who escalates to whom

Vibe Technologies runs ten agents, and each one gets its own Slack app, bot token, and GitHub App credentials, so every PR and issue traces to a specific agent instead of a shared account. The handoff contract is one editable AGENTS.md file: a table mapping situations to the @mention that should catch them. They list their own gaps honestly, including no acknowledgment step and no guard against circular handoffs. For a tiny team, per-agent credentials plus one plain-text escalation file makes your audit trail real. Read it as a product post; they are promoting their own OpenClaw tooling. [READ MORE]

🔗 The C-suite of agents with one that can overrule the boss

Yuri Kruman wired up twelve supervisor agents feeding a CEO integrator, and gave one of them teeth: a CHRO agent that can throw a RED status, block new requests, and force a load-reduction plan before work continues. Every decision lands in an append-only log. He built it in five days as a personal attention-management system, not an operating company, and every CEO-level call still gets his sign-off. His firm, PortLev, sells this as a service, so treat the post as a pitch. The idea worth lifting is the veto: an agent whose only job is protecting the human's capacity, with the authority to actually stop the line. [READ MORE]

🔗 McKinsey - agentic commerce could orchestrate $3-5 trillion in B2C retail by 2030

According to McKinsey research, by 2030, orchestrated revenue from agentic commerce in the global B2C retail market could reach as high as $3 trillion to $5 trillion.  Our use of agents in shopping will accelerate the most for categories where shopping is a chore to cross off your to-do list, and not a pleasurable activity.  Retailers in these categories especially, are going to have to rethink everything from advertising and marketing to website design.  The founders with the most frictionless agent buying experience will start to outperform those with just a great brand story and fancy UI. [READ MORE]

💀 GPT-5.6 Sol is reportedly 'deleting files, data, and even entire databases, on its own, without asking first’ - TechCrunch

In a viral X post, the founder and CEO of OthersideAI, wrote that GPT-5.6-Sol deleted almost every single file on his Mac by accident. He is not alone. A few other developers are posting on X and Reddit about similar experiences with the new flagship model from OpenAI. In fairness, they did warn about this 2 weeks before it was released. The system card says, “In coding contexts, misalignment generally stems from a mix of overeagerness to complete the task and interpreting user instructions too permissively – assuming that actions are allowed unless they’re explicitly and unambiguously prohibited.” [READ MORE]

Expense receipts shouldn't require a search party

Adam spent 20 minutes looking for a $36 receipt. His finance team sent three Slack messages. Someone made a sticky note.

Ramp would have matched it automatically the moment he swiped. Auto-coded, in-policy, synced. Nobody had to ask Adam for anything.

This is what finance looks like when it runs itself.

Your team can be Adam. Or they can not be Adam.

The message came in at 2:47 AM. "Feature complete. MR created. Pipeline passing. Ready for your review." The sender was Pavel Kurinnoi's CTO, and his CTO is an AI agent.

Here is the rule that makes the whole thing work: that CTO is not allowed to write a single line of code.

Pavel writes that he runs his own product with one human, himself, and a CTO agent sitting above four parallel development teams. Each team has seven roles: a team manager, two developers, QA, DevOps, docs, and security. Twenty-eight agent roles in total, every one a Claude CLI session, all wired into GitLab. The CTO plans the work, routes it, and reviews what comes back. It never writes the code it signs off on.

What moves work between the agents is deliberately dumb. A plain orchestration script in bash and Python polls GitLab every fifteen minutes for labeled issues and hands them out. "The intelligence is in the agents," Pavel writes. "The scripts are just the nervous system." No AI in the plumbing means no surprises in the plumbing.

The gates are where the discipline lives. QA has to produce a test that fails before the fix and passes after, or it marks the work untestable and kicks it back. Security is prompted to assume the code is broken and go hunting for proof. An agent gets three tries, then the system stops and pings Pavel on Telegram.

The insight worth stealing: put the authority ceiling on your smartest agent. The CTO is the most capable thing in the system and the one piece forbidden from touching the codebase. The writing stays with agents whose output has to survive a test that fails first and passes second. Pavel's single point of control turns out to be small. It is the discipline of writing a precise GitLab issue.

He is honest about what breaks, and lists five failure modes: context drift, the confidently wrong answer, pipelines that loop, merge conflicts, and losing the thread on the platform docs. Several months into running this in production, it still needs a human who reads carefully. The 2:47 AM message is a nice touch. Someone still has to read the code and say ship it.

Three founders in this issue made the same move at three scales. Okerengwor's CFO agent ran the numbers and then didn’t mark them paid, because paying was a write it didn't own. Pavel's CTO plans the entire build and is banned from writing code. Vercel's Eve hands each agent a scoped, temporary credential and nothing more. 

Every one of them drew a deliberate line between which agents can read only, which agents have write access and what stays with the human, then engineered that line more carefully than anything else in the company.

If this was useful, forward it to one founder who thinks automation means handing over everything. The best systems know what to hand back. 

See you next Wednesday.
- Rich

Reply

Avatar

or to participate

Keep Reading