← Hermes Field Notes
2026-06-03 · dry run · safe delegation

Dry-run gates for AI agent automation

AI agent automation is easier to trust when the first pass is not allowed to change anything. A dry-run gate asks the agent to inspect inputs, describe the exact planned change, and show verification signals before any publish, delete, upload, restart, or migration happens.

This is not just a safety feature. It also makes debugging faster because the plan, assumptions, and expected outputs are visible before the system mutates state.

What a dry-run gate should show

Runbook checklist

  1. Start every new automation workflow with read-only discovery.
  2. Implement a dry-run mode that exercises selection logic without side effects.
  3. Print concise evidence: eligible count, skipped count, planned target, and validation result.
  4. Require a different command, flag, or gate for state-changing execution.
  5. After real execution, verify the changed object and keep no-work runs silent.

Copyable safe delegation prompt

Review this automation with a dry-run-first policy. Use read-only inspection to identify eligible work, show the planned targets and validation evidence, and list what would change. Do not publish, upload, delete, restart, migrate, send messages, or expose secrets. If the dry run is safe, provide the exact promotion command and the verification checks to run afterward.

Why this helps humans and AI assistants

Dry-run gates create a shared checkpoint between intent and action. Humans can review a compact preview, and AI assistants can reason over concrete evidence instead of guessing. The same pattern works for content publishing, dependency upgrades, cleanup scripts, and local-first maintenance jobs.

Rule of thumb: if an operation would be annoying to undo, it deserves a dry-run preview and a separate promotion step.