Strong AI Agents Bound Scope, Expose Work, and Undo Mistakes
Mardu Swanepoel of Flinn AI argues that the best agent products are not defined by maximum autonomy, but by how carefully they bound and expose it. Looking across Harvey, Cursor, Manus, and Claude, he identifies four shared patterns: focused modes that narrow the task, transparent execution that lets users inspect the work, personalization that reflects user or organizational methods, and reversibility that limits the cost of mistakes.
Strong agents bound scope, expose work, learn context, and make mistakes reversible
Mardu Swanepoel argues that the strongest agent products do not simply maximize autonomy. Across Cursor, Claude Cowork, Harvey, and Manus, he identifies four recurring design patterns: focused modes, transparent execution, personalization, and reversibility. Together, they make agent work narrower, more inspectable, more aligned with the user’s way of operating, and safer to try on consequential tasks.
| Pattern | Definition in the source | Primary value |
|---|---|---|
| Focused modes | Constrained scope for dedicated tasks | Improves output quality and guides user expectations |
| Transparent execution | Make every step the agent takes visible | Builds trust and enables earlier intervention |
| Personalization | Tailor outputs using user conventions and preferences | Increases speed to understanding |
| Reversibility | Every agent action can easily be undone | Bounds the cost of mistakes |
Swanepoel frames the exercise through Picasso’s line, “Good artists copy, great artists steal,” but clarifies that “steal” means studying something deeply enough to understand it, make it your own, and use it to produce something better. His point is practical: builders can look at the best current agents and extract product patterns worth reusing.
The first pattern is constraint. Swanepoel calls it “focused modes”: putting an agent into a dedicated mode with a narrower action and input space, such as planning, research, debugging, or asking. The engineering benefit is that a smaller space can be improved more deliberately. Teams can remove unnecessary tools, refine the system prompt, and optimize evaluations for one bounded task before allowing the agent to “just do anything.” As he puts it, engineers can “drop a bunch of tools,” refine prompts, and tune evals to perform well in a smaller space first.
The user benefit is equally important. Open-ended agent interfaces often leave users unsure what kind of input will produce the best result, while also encouraging broad expectations. A focused mode tells the user what kind of behavior to expect and how to interact with the system. It constrains not only the model’s action space, but the whole interaction around a specific task.
Cursor is Swanepoel’s main example. Its chat interface lets a user switch between modes such as Plan, Ask, Agent, and Debug. In planning mode, Cursor does not write code; it develops a plan and asks questions. In debug mode, Swanepoel says, it takes a more hypothesis-driven approach: identifying possible code issues, spinning up a dedicated debug server, pushing logs there, and working through the problem. The useful feature is not the label on the mode. It is the product decision to make each mode do a narrower job well.
Transparency turns delegation into collaboration
Transparent execution is Swanepoel’s second pattern: making “every step the agent takes visible.” He describes the goal as a shift from delegation to collaboration. Instead of giving an agent a task and receiving only the final output, the user sees what the agent is doing, what tools and context it is using, and what steps it is preparing to take.
That visibility serves two functions. First, it builds trust in the output. Swanepoel compares it to receiving work from a person: a result with no explanation inspires less confidence than one accompanied by process, assumptions, sources reviewed, and uncertainties. Second, transparency lets the user intervene before waste accumulates. If an agent reads the wrong Notion documents in step two, the user can stop it and redirect the work rather than discovering the problem only after the final response.
Claude Cowork is his clearest example. The interface he shows exposes a progress or to-do list, the working context, connected apps and skills, and the actual tool calls the agent makes. In the screenshot, Claude displays a tool integration request to fetch an FDA document URL, including a JSON-like request with the page URL and intent, and a response indicating success. Nearby panels show a working folder, progress items, and context such as connectors and skills.
Manus follows a similar pattern. Its interface shows task progress, completed and pending steps, and descriptions of what the agent has looked at and concluded. In the example shown, Manus is collecting screenshots and UX examples from Harvey, Aurora Prima RMA, Quiltbot, and other AI-powered Word add-ins. The task list exposes searches, site visits, scrolling, and organization work as discrete actions.
Personalization should accelerate understanding, not just output
Mardu Swanepoel distinguishes speed to outcome from speed to understanding. Many agents can generate an answer quickly, but he argues that speed alone is insufficient if the result does not match the user’s conventions, preferences, principles, or implicit expectations. Personalization, in his definition, gives the agent the “thoughts and systems and knowledge and principles and patterns” the user would have applied if doing the task themselves.
The purpose is not merely a friendlier voice or remembered preference. It is to help the agent do the right thing rather than just something. A fast output that ignores how the user or organization works is, in Swanepoel’s words, “going to be useless.”
Harvey’s playbooks are his main example. In his description, a legal firm can create a playbook representing the methods and principles it uses to review a certain contract. Harvey can then apply that structured approach so the agent works in the way the firm would have worked. Swanepoel is careful to qualify that he is “not a legal expert,” but the product pattern is clear: domain-specific institutional method becomes part of the agent’s operating context.
The Harvey example also includes memory. As users instruct the agent, it creates memories that can be used in later interactions. The screenshot shown includes a matter-specific prompt asking for a memo summarizing top risks, a “Searching Memory” status, and remembered context such as “User prefers concise and direct language” and “Acme is a Delaware C-Corp and you are representing the buyer.”
Claude represents a broader version of the same idea through customization, skills, connectors, and profile instructions. The visible settings panel lets a user specify how Claude should respond and what Claude should know about them. The example instructions describe an AI engineer building software for medical device manufacturers, asking for well-formatted responses, accurate code blocks, no “fluff,” and use of the user’s acronyms. The agent’s knowledge of the user’s operating style can be made explicit rather than rediscovered every session.
Reversibility makes higher-value agent work less costly to try
The fourth shared pattern is reversibility: the ability to undo agent actions. Swanepoel’s argument is that reversibility “binds the cost of mistakes.” If a user knows the downside is limited, the return-on-investment calculation becomes easier. The user can authorize the agent to attempt more valuable tasks because failure does not carry an open-ended cost.
That bounded downside changes behavior. Swanepoel says users become bolder and more willing to take risks when they know the agent’s actions can be reversed.
Cursor again provides the most detailed example. Swanepoel emphasizes that its reversibility appears at multiple levels of granularity. A user can accept or reject changes at the line level, accept changes at the file level, or move back to earlier points in the conversation state — undoing the last messages and the associated changes. Cursor also allows multiple outputs from the same input to run in parallel using different models. In that setup, the user is effectively choosing to discard all but one of the outputs if only one proves useful.
Reversibility here is not a single “undo” button. Cursor lets the user try, compare, reject, and revert without treating every agent action as a permanent commitment.
Harvey shows a domain-specific version inside Microsoft Word. In Swanepoel’s example, Harvey runs as a Word add-in and integrates with the native Word API so changes can be made and viewed in the way a reviewer or editor would normally use Word. The screenshot shows a document review task with remaining suggestions and explicit Accept and Reject controls for individual edits, such as updating a lease date or tenant. The agent’s work fits into an existing review workflow where proposed changes remain subject to human acceptance.
The shared pattern is bounded agency
Swanepoel’s examples do not point toward maximum autonomy as the default product goal. They point toward agents whose scope, process, context, and downside are made explicit enough for users to work with them.
Focused modes bound what the agent is trying to do. Transparent execution shows the steps while there is still time to redirect them. Personalization gives the agent the user’s or organization’s way of working before it produces an answer. Reversibility limits the cost when the agent changes a real artifact.
For builders, the checklist is direct: decide when the agent should be narrowed, when its work should be exposed, what user or organizational context it must carry, and how its actions can be undone. Those are product design choices, not just model capabilities.