<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Dayel Ostraco · Insights</title><description>Field notes on agents, identity, and shipping inside the federal boundary, from 20 years of mission engineering.</description><link>https://dayelostra.co/</link><language>en-us</language><item><title>The Agent Can&apos;t Run That Command. That&apos;s Least Privilege.</title><link>https://dayelostra.co/insights/least-privilege-is-a-list/</link><guid isPermaLink="true">https://dayelostra.co/insights/least-privilege-is-a-list/</guid><description>Least privilege at the OS layer is not a posture. It is a list. A deny-by-default command allow-list that scopes what an agent may run, the layers that enforce it, and the escalation paths it forecloses.</description><pubDate>Tue, 07 Jul 2026 00:00:00 GMT</pubDate><author>Dayel Ostraco</author></item><item><title>The CLI Is the New API. Govern It Like One.</title><link>https://dayelostra.co/insights/cli-is-the-new-api/</link><guid isPermaLink="true">https://dayelostra.co/insights/cli-is-the-new-api/</guid><description>For an agent, the command line is a first-class invocation surface. It now needs what every API already has: a stable contract, structured output, authorization per call, and audit. Here is the gap I keep finding, and how to close it.</description><pubDate>Tue, 23 Jun 2026 00:00:00 GMT</pubDate><author>Dayel Ostraco</author></item><item><title>Agents Are Just Identities. The Boundary Hasn&apos;t Moved.</title><link>https://dayelostra.co/insights/boundary-doesnt-move/</link><guid isPermaLink="true">https://dayelostra.co/insights/boundary-doesnt-move/</guid><description>Federal IT already owns every primitive an agent needs: identity, authorization, lifecycle, audit. The new work is governance at machine speed, not a new IAM tier. Most of what the agent-platform market is selling is a layer you do not need.</description><pubDate>Mon, 08 Jun 2026 00:00:00 GMT</pubDate><author>Dayel Ostraco</author></item></channel></rss>