The security thread from this week kept circling one thing, so I want to pull it out and look at it directly. We're all building the same architecture: folders of markdown, an agent on top, git underneath. And it's genuinely great. The agent reads files natively, you own the bytes, grep works everywhere, history is free. I run my whole operation this way and I'd recommend it to anyone working solo. But here's the thing I can't unsee. Every problem raised in that thread (who can read client seven's folder, the clone that walks out the door, the doc comparing two clients) is the same missing feature: the filesystem has no idea who is asking. A database ties every query to an identity. Git ties access to one question, "did you clone it," and after that it's manners. The irony is the industry spent thirty years building exactly what we want. SharePoint, Confluence, CRMs: identity, permissions, audit logs, the works. And we all walked away from it, because agents are dramatically better at files than at APIs. We traded the access model for the agent interface, and mostly we didn't notice we were trading. I've spent time in environments with real controlled-document systems. Documents live encrypted in a database, and reading one is a logged decryption event tied to a person. Nobody "has" a document there. You were shown it, once, on the record. Coming from that world, "unencrypted client data in a repo everyone clones" isn't a bottleneck to optimize. It's the part you'd never be allowed to build. So files scale content fine. They can't scale people, because they were never told people exist. Solo, that costs nothing. The question is what you do the day it's not just you. Bolt identity on top (hosted workspace, per-page permissions)? Split into a repo per boundary and live with coarse walls? Move the sensitive stuff into a database and keep files for the working notes? Put the whole brain behind the agent and let it answer questions instead of handing out files?