Structural Recommendations
📦 Git-like versioning for agent state
- Skills, memory, config — all versioned
- Audit trails + blame
- Rollback + diff inspection
- Approval gates for sensitive changes
- Cross-device sync
- Backup/restore + "brain transplant" to new device
🪪 Agent identity separation
- Agent runs with its own identity, separate from user
- Agent-specific credential vault (not your full keychain)
- User injects scoped creds, not blanket access
- Revoke agent's creds without touching yours
- Audit agent activity separately from user activity
Enable secure agent workflows through platform primitives, not just policies.