A direct answer to your “what will your team build first” question, from someone running a few agents today on Telegram, Discord, and an internal build ops dashboard:
I will have one change-window originator. Every coding agent we run hits the same wall – agent decides at 3am that migration is OK, executes, no one notices until morning. Sandboxing + audit logs help with postmortem, but the real core thing I want is “This agent cannot apply any written actions against the product between Mon-Fri 09:00-18:00 [timezone]Unless an on-call human signs in to Slack.” Half of my custom orchestration code is getting reimplemented exactly the same way, badly.
Adjacent question: When an agent runs with a BYO OAuth token, whose scope applies – the user who triggered the agent, the user who packaged it, or the service account owned by the team? This gets increasingly awkward in multi-agent setups, and the answer depends on whether the runtime is “orchestration” or “actual enterprise-grade permissions infra.”
<a href