DEV Community

yongrean
yongrean

Posted on

Every "autonomous AI agent" is a customer-support ticket waiting to happen

#ai #productivity #buildinpublic #agents

I'm tired of writing apology emails for my own AI.

Last month an agent I was dogfooding cancelled a calendar event I actually cared about. Two weeks before that, a different one auto-replied to an investor with what read like a hostage note from a Slack bot. Both companies have raised more money than I'll see in five years.

The pattern across every "agentic AI" demo on my timeline is the same:

  1. Agent does a thing
  2. Agent emails the user that it did the thing
  3. The thing was wrong
  4. The company ships a fix the following Tuesday

I stopped trusting them. Then I built one that can't do this.

The wedge: agents that wait

Klorn is an approval layer between AI agents and your Gmail / Calendar. The agent does the thinking — reads the email, checks your calendar, drafts the reply, creates the event proposal. Then it stops. Nothing fires until you click approve.

Sounds boring. The constraint is what makes it real.

The constraint that kills "act first, apologize later"

Every meaningful action in Klorn is signed with a payload hash before it fires. send_email literally cannot execute without an ActionReceipt that matches the hash of what was shown to you.

There's an invariant test in the repo that fails the build if anyone — me, a future contributor, an AI agent (the irony) — tries to bypass it. Remove the approval check, the test fails, the build fails, the deploy fails.

You cannot ship a Klorn version that sends emails silently. It's architecturally impossible.

This is the part nobody is building. Every "autonomous agent" demo on my timeline is one feature flag away from the next apology email.

What I shipped this week

The agent loop now runs end-to-end:

  • Meeting request hits inbox → tier-classified (PUSH / QUEUE / SILENT / AUTO)
  • Klorn reads the email, checks the calendar for conflicts
  • Drafts the reply and the calendar event proposal
  • Both wait as PendingActions in your decision queue
  • One click → fires

Plus a production bug that would have killed a less paranoid agent: OpenRouter retired a :free model SKU mid-week. Every autonomous cycle died with 404 No endpoints found. The existing failover only covered 402 / 403 / 429 — not "the model is gone." Shipped a multi-model fallback chain on the same provider so losing one upstream SKU never kills the agent.

That fix is the kind of thing you only ship when you trust the boundary the agent runs inside.

Stop hype-cycling, start gating

If you're shipping an "autonomous AI agent" in 2026, three questions:

  1. Can a user prove what was approved is what was sent?
  2. Can a future contributor bypass your approval check?
  3. What is your invariant test?

If the answers are "no", "yes", and "we don't have one" — you're building the next apology email. Stop.

I'd rather build the firewall.

60-second walkthrough: klorn.ai

Free during private beta. PRO auto-applied on signup.

If you've actually been thinking about where agents should and shouldn't act on their own, I'd love your honest take — even one-line replies. Disagreement especially welcome.

Top comments (0)