AI is great at writing glue code. Yes, it’s often great at other stuff too, but the glue is the “boring” part where a lot of the hidden productivity actually comes from.
I just exported Stripe transactions and the format it gave didn’t work with my accounting software (nor in the way I wanted to bookkeep it). So I just dropped it in a CC VM I had open and asked Claude to write a Ruby script to convert the given file to the format I wanted (splitting fees out as their own transactions, consolidating the description, etc). Two sentences and under a minute later it was done. And asking it to write the script vs just convert it itself also means it’s easy to audit and it’s fully reusable without wondering if it’ll subtly do something different next time.
Could I have written the Ruby code? Yes, obviously. Would I have? That part remains unclear. I have a lot of random scripts and code I’ve written over the years to handle stuff like this, but I think I would’ve done this manually many times before I got annoyed enough to automate it. The reward to effort ratio now is just so high it fits in the “if a task takes under two minutes to do, just do it now” bucket.
The examples of this are countless. A toy camera I have for my kid produces the wrong dates in the EXIF data. No problem, just script updating the offset vs manually editing each image. Need to pull some piece of data out of an API? Used to be cumbersome, now it’s free. These are tangible quality of life improvements beyond just “it mashes out CRUD scaffolding quickly”. More specifically, it is solving problems I otherwise would not have resolved but that would have still annoyed me.
One problem I’ve had is I don’t know where to put or organize all these random scripts.
So, I wrote a little tool-calling server (really just a Deno wrapper) called tool.dance. I actually think this could also serve as a great permission layer for the “lethal trifecta” issue (yes yes, maybe everyone is just unintentionally reimplementing their own MCP).
The idea is to split who writes the snippet/tool and who can execute it, so:
- have global API keys for editing tools (“management”), e.g. have Claude Code write the Stripe
transformation code and
PUT https://tool.dance/convert-stripe-transactions { the JS snippet }to save it there. - have (many!) specifically-scoped “caller” API keys that can run the tools, e.g.
POST https://tool.dance/convert-stripe-transactions { the CSV content }to get back the result, additionally with human-approval-required as a flag, so these API key can safely be in an env var in the harness directly
The theory is that if it’s trivial to generate and store glue/tools “somewhere”, you’ll do it more often. Convenience goes a long way in changing or reframing the mental habit towards automation. And then having a proper security boundary means you don’t have to make a decision on whether it’s “sensitive” or not each time. Without those things resolved, it won’t ever become the default workflow.
Then it just (all automagically via the API based on what permissions the given caller key has) exposes
this as a CLI tool-dance convert-stripe-transactions < raw.csv > formatted.csv and produces
tool-dance --help to pair. Different harnesses can have different keys and they’ll learn what they can
run based on the generated help text.
Those two concepts combined mean it should be so easy that you naturally end up with an email(to, subject, message)-style tool that has “human intervention/permission required” (so it can’t just email
anyone and thus can’t be prompt-injected to exfiltrate data) while also having email_nathan(message)
for notifying/alerting me (with my email address hard-coded) as a separate tool that is open.
And now I have a place to drop all these helpful glue tools in a safe way and no excuse not to use it!
(This is one of many thoughts swirling around the theme of answering the question: what could AI do if you trusted it with all your data?)