- a low-risk path can apply
- a risky path waits for approval
1. Prove the workflow first
2. Run one low-risk live change
Use the preview-safe Vercel path from Vercel. Look for:plan.risk.level: "low"nextAction: "apply_plan"plan.execution.mode: "provider-api"
3. Then inspect an approval-gated path
Look for:plan.risk.level: "high"nextAction: "wait_for_approval"- live execution only if every target has a supported connected adapter
Why this matters
The wedge is not “agent can change infra”. The wedge is:- agent proposes
- Keycli structures
- Keycli checks risk and scope
- human approves when needed
- adapter applies
- audit records what happened