Grantry blog
Governing AI workers in production.
Field notes on giving AI agents controlled access to business tools — permission layers, scoped tokens, approval gates, and audit trails.
Approval gates for AI workers: read freely, gate the writes
The goal is not to slow agents down. It is to let them analyze without friction while pausing the handful of actions that spend money, publish, push, or touch customers.
Read more →Scoped tokens vs. raw API keys: stop handing agents the keys to everything
A raw API key in an agent's runtime is a standing offer to do anything that key can do. Scoped, server-held tokens flip the default from “allow all” to “allow only this.”
Read more →Why AI agents need a permission layer, not just more connectors
Connector catalogs keep adding tools agents can reach. The harder problem is deciding which worker may take which action, in which account, right now — and that is not a connector problem.
Read more →Human-in-the-loop without the bottleneck
Human-in-the-loop fails when it means approving everything. The version that works puts a person at the few decisions that matter and lets the agent run the rest unattended.
Read more →Least privilege for AI agents, in practice
Least privilege is easy to agree with and hard to apply to agents. The practical version is a role per job, scoped to the tools and accounts that job needs — and nothing held "just in case."
Read more →From shared keys to per-worker identity
When several agents share one API key, your logs show the key, not the actor. Per-worker identity makes every call attributable and every revocation surgical.
Read more →Per-client access for an agency's AI workers
Agencies run the same AI workflows across many clients with separate credentials, accounts, and rules. Per-client scoping keeps one engagement from ever touching another's data.
Read more →Prompt injection and the permission boundary
You cannot reliably stop a model from being talked into something. You can make sure that even when it is, the action it attempts is outside its permissions. Defense lives at the boundary, not the prompt.
Read more →Running scheduled AI agents safely
A scheduled agent runs with no human watching. That makes scoping, approval gates, and audit non-negotiable — the guardrails are the only thing in the room at 3 a.m.
Read more →MCP gateways move traffic; they don't decide permissions
An MCP gateway routes and observes protocol traffic. That is necessary plumbing, but it is not the same as deciding whether a given worker should be allowed a given action. Know the difference.
Read more →Routing AI agents to the right account
For agencies and multi-tenant teams, the dangerous mistake isn't the wrong action — it's the right action on the wrong client. Routing by policy fixes the account-confusion problem.
Read more →Tool visibility: don't show an agent what it can't use
If an AI agent can see a tool, it can try to use it. Filtering tools by role before the agent ever discovers them removes a whole class of mistakes.
Read more →What to log in an AI agent audit trail
An audit trail for AI agents has to answer one question after the fact: which worker did what, through which credential, and what happened. Here is the minimum that needs to be in it.
Read more →