Mythos-Nexus beta is live for $MYTHOS holders - Nexus beta - Try it out

6 min readMythos Team

External Agents Need a Filesystem Boundary

If another agent can generate file actions, the next question is not which model wrote them. It is who verifies what actually changed on disk.

External AgentsMCPSWDReceipts
mythos-router v1.13.0

External agents are getting easier to build. They can plan, call tools, inspect repositories, and generate patches. The missing layer is often less glamorous: a reliable boundary for applying file changes.

That boundary should not depend on trusting the agent's story. It should verify what happened on the actual filesystem.

Mythos Insight

The agent can generate the plan. The execution layer should prove the result.

The Problem

Most agent integrations blur two jobs together:

LayerResponsibility
AgentDecide what should change
Execution boundaryValidate, apply, verify, and record what changed

When those jobs are mixed, failures become hard to reason about. Did the agent choose a bad edit? Did the tool write the wrong file? Did a path escape the project? Did a sensitive file get touched? Did the final file actually match the claimed result?

The Mythos Path

mythos-router gives external agents two ways into the same verified boundary:

bash
mythos mcp
cat actions.json | mythos swd apply --stdin --json
mythos swd apply --file actions.json --json

No model call is made by Mythos in this path. An external agent can bring its own model, key, runtime, MCP client, or framework. Mythos only receives structured file actions and handles the execution boundary.

What Gets Checked

The boundary is intentionally boring:

- input shape is validated - paths must stay project-relative - sensitive files are blocked by default - deletes and command-surface files require explicit opt-in - SWD snapshots before and after state - failed writes can roll back - successful non-dry-run applies write receipts

That makes the output useful for automation:

json
{
  "ok": true,
  "approvedCount": 1,
  "rejected": [],
  "receipt": {
    "id": "swd-20260524-..."
  }
}

Why Receipts Matter

Receipts are the difference between "the agent said it worked" and "the filesystem matched the verified final state at this time."

For external agents, receipts can include external agent metadata, file operations, before and after hashes, rollback status, git context, and later drift verification. That makes agent runs easier to inspect without forcing every project to adopt the same agent stack.

The Product Bet

There will be many agents. There should be fewer ways for them to touch a repository unsafely.

Mythos Router is useful when it stays focused: local-first, model-agnostic where possible, and strict about proving file edits before calling them done.

๐Ÿš€

Try mythos-router

Get started in one command. Zero slop. Full verification.

โญ GitHubNPM

Continue reading

7 min read

One-Shot AI Coding Agents Need Verification, Not Just Better Prompts

Scriptable AI coding agents are useful only when they keep the same safety guarantees as the interactive chat loop. Here is why one-shot execution still needs filesystem verification.

Read article โ†’
8 min read

The GitHub PR Surfaces AI Agents Should Never Change Quietly

AI code review should care less about impressive summaries and more about the files that can change installs, CI, deploys, secrets, and command execution.

Read article โ†’