Skip to content
agents.cli

Automation

In Extending you taught the agent new tricks — skills, MCP servers, the things that widen what a single session can reach. Every one of those still assumed you were sitting there, typing the prompt and reading the replies. This chapter cuts that cord. We take the same agent you’ve been driving by hand and let it run with nobody watching: once on every pull request in CI, and again as a nightly job that flags regressions before the team is awake.

That shift sounds like a small thing — same tool, no terminal — but it changes the stakes completely. In an interactive session, the permission system is a safety net you mostly ignore: when the agent reaches for something dicey, it stops and asks, and you decide. Take the human out of the room and that net disappears. There is no one to answer the prompt. So everything you set up in Permissions & modes — allow rules, deny rules, locked-down modes — stops being a convenience and becomes the only thing standing between an unattended agent and a bad afternoon. Automation doesn’t introduce a new safety model; it makes the one you already have load-bearing.

The job we’ll automate

Section titled “The job we’ll automate”

Same payments service we’ve been working in all course. You’ve got a test-and-review pass you keep running by hand before you trust a change: run the suite, look at the diff, flag anything that smells like a regression. It works, but it only happens when you remember to do it. We’re going to make it run on its own, two ways:

  • On every pull request, as a CI check — the agent reviews the diff and comments before a human ever looks at it.
  • Every night, as a headless job — the agent runs the full suite against main and reports any regression it finds, so the first person online sees a flag instead of a surprise.

The trick the whole chapter circles is the one above: non-interactive means no human to approve prompts, so the run either has permission to do what it needs in advance, or it dies the moment it reaches for something it wasn’t granted. Getting that pre-grant exactly right — generous enough to finish the job, tight enough that a hijacked run can’t hurt you — is the real skill of running an agent unattended.

We’ll build it up in order:

By the end you’ll have the payments review running in two places without you, and — more durably — a feel for the line between delegating a task to an agent and abandoning one.

Start with the headless flag.