Spot on Sarah, loved the article

The shift from “who had access” to “what did the system actually do” is the hard part. Static permissions tell you the former. The Tuesday in March question requires the latter, and that only gets harder as agents select tools at runtime and natural language becomes the control plane.

Worth checking out what we are building at hoop.dev.

Jack O’Neill - hoop.dev