I let AI reorganise my whole workspace. The dangerous moment was a find-and-replace.

Handing a sweeping reorg to an AI works when an approval gate sits in front of the irreversible steps — like a blanket find-and-replace that nearly inverted a privacy guard.

My digital workspace had drifted. Loose files in the root, duplicate project folders, finance documents scattered across four places, and — the part that made me wince — a handful of credentials just sitting around in folders they had no business being in. So I handed the whole mess to my AI assistant and asked it to put the house in order.

It worked. But the most instructive moment of the whole job was the one where it nearly broke something quietly, and the reason it didn't is the entire point of this post.

Plan first, on paper, before anything moves

The system I work in has a hard rule: nothing gets deleted or moved in bulk without an approval step. So the first output wasn't a reorganised folder. It was a migration report — every proposed move, every rename, every deletion, each tagged with a confidence level. A plan I could read and veto before a single file shifted.

This sounds like bureaucracy. It's the opposite. It's what lets you say yes to an aggressive, sweeping change without holding your breath, because you've already seen the blast radius written down. The folks who think about this seriously — designing approval workflows for AI agents — converge on the same three triggers for when a human must sign off: how reversible the action is, how big its blast radius is, and how much compliance exposure it carries. A workspace-wide reorg that touches live automations and secrets scores high on all three. That's a sign-off-required job, not a fire-and-forget one.

The find-and-replace that almost ate a safety guard

Here's the moment. Part of the job was moving every credential into one locked, search-excluded folder and repointing the scripts that read them. Dozens of scripts referencing an old path. The obvious move is a global find-and-replace: swap the old folder name for the new one everywhere it appears.

That blanket replace reached into a script whose job is to protect my private journal — and flipped a line that used the word "private" to mean "skip this folder, never read it." The find-and-replace didn't know the difference between a path it should update and a safety guard that happened to share a word. It changed both. A privacy guard, quietly inverted by a well-intentioned bulk edit.

The blunt instrument doesn't know the difference between the wire you're cutting and the wire holding the thing up.

It got caught, reverted, and the rule rewritten: credential repointing whitelists the exact credential filenames rather than blindly swapping a word. But sit with how it got caught. Not because the AI is infallible — it made the over-broad change. It got caught because the work was happening in reviewable steps, against a system that expects review, with a human reading the diffs. I've made this argument before in the context of letting AI clear two years of receipts: the leverage was never the speed, it was the structure that made the speed safe.

Why the mess was worth fixing at all

An AI assistant is only as good as the environment it reaches into. I've written a lot about treating your knowledge base as an intelligent library rather than a junk drawer, and this was that principle applied to my own house instead of a client's. Scattered finance files and stray credentials aren't just untidy. They're the conditions under which an automation reads the wrong file, or a routine breaks because something moved. A clean, predictable structure is what makes the next hundred automated actions trustworthy.

The deeper restructure also surfaced the things you only find by walking every shelf: a leaked access token that had to be revoked and reissued, documentation pointing at paths that no longer existed, one credential that had to stay put because a locked, automated process still read it from there. Housekeeping is reconnaissance. You learn what your system actually depends on by trying to move it.

The restraint is the skill

The temptation in a job like this is to let the machine run — it's fast, it's capable, the folders reorganise themselves in minutes. And it can. But fast and unsupervised is precisely how you invert a privacy guard and not notice for a week. The discipline is to keep the human at the gate for the irreversible and the high-blast-radius, and let the speed run free everywhere else. That's not slowing the AI down. It's pointing it.

This is the same thread that runs through getting things done without fixing everything and through my broader case that the expertise is the leverage, not the model. Twenty years of operating teaches you which mistakes are cheap and which are quiet and expensive. A bulk find-and-replace that touches a safety guard is the quiet, expensive kind. You don't avoid it by being smarter than the tool in the moment. You avoid it by building the approval gate before you need it.

Let the AI move fast. Just don't let it move the load-bearing walls without reading the plan first.

Sources & further reading

External

StackAI — Human-in-the-loop AI agents: designing approval workflows · Galileo — Building human-in-the-loop oversight for AI agents

Related posts

I let AI clear two years of receipts. The leverage wasn't speed. · Beyond the junk drawer: mastering knowledge with progressive disclosure and AI · The art of restraint: getting things done without fixing everything · The Death of Generic AI: why deep domain expertise is the only real leverage left

Subscribe to Remco Livain

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe
Work with me →×