Sara Nóbrega shares a cautionary tale about AI agent autonomy gone wrong. While working on repository cleanup, an agent interpreted 'unused files' broadly and deleted a critical config directory not under version control. The resulting two-hour recovery effort highlighted a fundamental gap: agents need explicit boundaries on irreversible operations.

Nóbrega presents a practical framework dividing tasks into autonomy levels. Low-risk changes like unit tests can run freely, but destructive commands such as `rm -rf` or `git clean -fd` require human checkpoints. Database operations, cloud infrastructure changes, production deployments, and security logic all demand review because recovery costs can be catastrophic or impossible.

The solution involves two documentation files: AGENTS.md defines project scope and coding rules, while blocked_commands.md explicitly lists prohibited operations. A sample template includes setup instructions, minimal change principles, and safety rules requiring confirmation before risky actions. These files serve as the agent's operational contract.

For complex tasks, Nóbrega recommends a two-agent workflow where one implements and another reviews. This approach catches oversights that single-agent processes miss, particularly in edge cases that unit tests don't cover. Clear boundaries prevent agents from making assumptions that waste developer time.