Doing this with the AI generating the backend is definitely going to be challenging, it's essentially the user vibecoding operations that mutate data and hoping for the best.

When I envisioned this, I though about this being more frontend focused by having UI components/sections that disclosure which actions (endpoint calls) they can access. This would be virtually risk free.

But I supposed you guys are trying to solve a much bigger problem then.