Match autonomy to blast radius
The shared-lib change is shipped. You ran it in Agent mode on Default, read every consequential command at the checkpoint, and the new audit event type and threshold rule went out without breaking a single one of the twelve consumers. That’s the climax of Act 1 — the riskiest change in the course, made under the tightest control the tool offers. Now step back and name what you actually did, because the next repo is going to ask the opposite of you.
The same dial, turned two ways
Section titled “The same dial, turned two ways”The thing that decided your permission level wasn’t how hard the shared-lib change was. The code was modest — a new event type, a validation rule. What made it demand Default was blast radius: twelve services downstream, a breaking change hard to walk back. High stakes, short leash. Tight permissions, every command reviewed.
Now picture the work waiting in orders-service — building the approval workflow on top of those new helpers. It’s a bigger job, more files, more moving parts. But it’s your squad’s own app: well-scoped, easy to fix forward, no one downstream. Low stakes, long leash. There you’ll loosen the dial — Bypass Approvals, let Agent mode run without stopping at each command, review the whole change at the end. The interruptions that protected you on shared-lib would just be friction here.
Same engineer. Same week. Same feature, even. Opposite permission settings — and the thing that flipped them was never difficulty. It was what a wrong answer would cost.
shared-lib | orders-service | |
|---|---|---|
| Blast radius | High — 12 consumers, hard to undo | Low — your app, fix forward |
| Permission level | Default — review every consequential command | Bypass Approvals — let it run |
| Your posture | Tight: short leash, close watch | Loose: long leash, review at the end |
This is the whole discipline
Section titled “This is the whole discipline”You met this idea in the modes chapter as a posture — which mode you reach for. Now you’ve made it a setting — chat.permissions.default, a value you choose deliberately before consequential work and check before you trust the one you left on yesterday. Modes were the judgment in your head; permissions are the same judgment written into the tool. That’s the payoff of Act 1: the permission level is how the blast-radius call becomes a dial you can actually turn.
And it’s not a Copilot trick. Match-autonomy-to-stakes is the core discipline of working with any capable agent — you’ll see it under different names across every other course on this site. Get it right and the agent is fast where speed is safe and careful where care is owed, without you re-deciding from scratch each time.
That closes Act 1. The shared library is shipped; the careful work is behind you. But permissions are only one of the two dials you control. The other isn’t about how much the agent is allowed to run — it’s about how much thinking it spends on the problem in front of it, and what that thinking costs. Next chapter: Models & credits.