6 articles
Six weeks ago a security audit told me I had 268 plaintext secrets scattered across my AI agent platform. This week I closed out the migration that fixed it. Here is what I learned about credentials, AI agents, and the gap between what we build and what we secure.
cb365 adds 28 new commands across four workloads with a governance framework inspired by real enterprise AI policy. Three workloads went smoothly. Loop exposed a gap in Microsoft's platform that competitors solved years ago.
How I built 23 hardcoded safety rules into cb365, a Microsoft 365 CLI, to prevent data loss and unauthorised actions when AI agents interact with enterprise systems.
Taking cb365 from internal tool to public release meant solving the trust problem: signed binaries, Software Bill of Materials (SBOM), and a certificate authentication bug that only appeared when tested against a real Entra ID tenant.
Microsoft retired their Graph CLI. PowerShell is the official answer. But AI agents don't speak PowerShell. Here's why I built a new CLI from scratch, the trade-offs I wrestled with, and why security made me almost abandon the whole thing.
I designed a Microsoft 365 CLI for AI agents. Then I built it. The Graph API had opinions about my architecture. Here's the build log - the gotchas, the fixes, and why my agent now reviews my task list every morning before I wake up.
