What AI Agents Should Never Do on Their Own

AI agents require clear boundaries and rules to prevent them from causing irreversible damage during autonomous operations. Certain categories of tasks, such as destructive file operations, database migrations, infrastructure changes, and production deployments, should always require human review due to their high recovery cost. To manage this, developers can create an `AGENTS.md` file that specifies the project scope, rules, and a list of blocked commands for the agent to follow. For more complex work, a two-agent loop, where one agent implements and a second agent reviews the code, can effectively catch bugs and security issues. This structured approach with explicit safety rules ensures agents are effective without creating unintended problems.