Duraid Wadie

Head of M&A Architecture

Practice Note ยท

Designing SaaS for Agent Users: Identity, Permissions, and Product Boundaries

SaaSAgentsIdentitySecurityProduct

Why this matters

AI assisted development is not the risk. Unbounded AI suggestions inside an ungoverned codebase is the risk.

This note captures a practical way to turn tools like Cursor into a controlled contributor by codifying rules, boundaries, and review triggers so suggestions converge on your architecture rather than eroding it.

The failure mode this prevents

A workable rule system

Treat rules as layered guardrails, not a single monolithic policy file. Keep a small set of global constraints, then add narrow rules that only apply to the folders where they are relevant.

If you can describe the boundary in a code review comment, you can describe it as a rule. The difference is that a rule repeats perfectly.

Related practice on this site

If you are working on agents in production, you may also want to read Software agents in delivery pipelines and Cursor rule governance.

Signals your rules are working

Evidence and related writing

A narrative example of this topic is published on Medium: Read the Medium article.

The shift most products miss

SaaS products are still designed as if every action originates from a human. Menus, workflows, confirmations, and guardrails all assume a person is present. Agent driven usage breaks this assumption quietly. APIs are exercised at scale, features are combined in unexpected ways, and feedback loops collapse.

The danger is not misuse. The danger is invisibility. When agents act on behalf of users, intent becomes indirect. Without deliberate observability, systems cannot distinguish between meaningful demand and automated noise.

Implications for product design

Designing for agent users requires thinking in terms of contracts, not screens. Rate limits, semantic validation, and outcome based APIs become first class product features. This is uncomfortable for teams used to optimizing flows rather than interfaces.

Products that adapt early gain leverage. Those that do not often respond by adding friction later, which tends to punish legitimate use more than automated behavior.