Tin Computer operating method

Six AI skills for autonomous products that keep shipping

An autonomous product needs more than a model and a tool connection. It needs a bounded operating loop that can read evidence, make a diagnosis, change the right surface, prove the result, handle customer signals, and stop for judgment when the risk changes.

Free five-step scan · No card · See it run on your site

The six AI skills for autonomous products are observation, diagnosis, execution, verification, support, and decision gates. Together they turn an agent from a prompt responder into a bounded operator: it can notice a problem, explain the cause, make a reversible change, prove what happened, learn from customers, and ask for approval before an action becomes hard to undo.

This is the model Tin Computer uses for growth work. The agent reads product analytics, search data, runtime logs, support messages, and the product code. It then converts that evidence into a shipped fix, a measured finding, or a specific founder decision. Autonomy means the loop keeps moving inside clear permissions. It does not mean unrestricted production access.

The distinction matters because most agent systems are strong at isolated generation and weak at operating continuity. They can write code or copy, but they do not know which evidence is current, what belongs to the customer, how to protect unrelated work, what proof closes the task, or when a human call is the product feature. Those are skills, not model settings.

How it works

  1. 01

    Observe the real system

    Read product events, search performance, runtime logs, customer messages, and code from their current sources. Mark missing data as missing instead of turning it into a false zero.

  2. 02

    Diagnose one cause

    Join the smallest useful journey across source, time, page, account, and outcome. Separate public behavior from internal, automated, and test activity before recommending a change.

  3. 03

    Execute a bounded change

    Turn the diagnosis into one reviewable artifact: a code fix, page, reply draft, task, or configuration change. Preserve unrelated work and stay inside the action's permission boundary.

  4. 04

    Verify the result

    Run focused checks, inspect the rendered result, probe the live route, and confirm that measurement still works. Separate immediate proof from outcomes that need a longer window.

  5. 05

    Treat support as evidence

    Investigate customer reports against product state before asking for more information. Use repeated confusion and failures to improve the product, not just close the conversation.

  6. 06

    Stop at decision gates

    Escalate public promises, customer sends, spend, destructive actions, and high-risk releases with the full consequence visible. Approval should change the path, not merely acknowledge it.

Does autonomous mean the agent can change production whenever it wants?

No. Useful autonomy is bounded by risk, reversibility, and evidence. A low-risk metadata repair can move through checks automatically. A homepage promise, pricing change, customer email, ad budget, payment mutation, or production deployment may require a founder decision. The system is autonomous because it can carry safe work to completion and prepare risky work to the exact approval boundary without stalling.

An autonomous product is an operating loop, not a chat window

A product becomes operationally autonomous when it can move from a live signal to a checked outcome without the founder rebuilding the workflow each time. The unit is not a clever answer. It is a closed loop with a source, a decision, an action, proof, memory, and a clear stopping rule.

Tin applies this to growth. A search page receives impressions but no clicks. A support message says a button did nothing. A signup journey stops before workspace creation. A runtime warning explains why a dashboard feels slow. Each signal enters the same operating model, but each one needs different evidence and a different permission boundary.

The one-workday autonomy test

A useful autonomy test: if the founder disappears for one workday, can the system find one material issue, make the safest useful move, prove the result, and leave the risky decision in a form that takes one informed tap?

Skill 1: observation with source provenance

Observation starts with knowing which system can answer which question. Product analytics can show events and journeys. Search Console can show how Google crawls, indexes, and surfaces pages. Runtime logs can show failures that never become clean product events. The support inbox can reveal customer language and edge cases. The code explains what the product was designed to do.

The agent must preserve provenance: source, time window, filters, freshness, and known gaps. A dashboard value of zero may mean measured zero, a collector that skipped, the wrong property, or an event that never fired. Treating those states as equal causes the agent to optimize fiction. Tin checks source health before it treats an empty metric as behavior.

OpenTelemetry describes traces, metrics, and logs as different signals that offer different views of a distributed system. That is a useful design principle beyond observability. An autonomous product should combine complementary signals without pretending one source can answer every question.

Skill 2: diagnosis that joins a real journey

Diagnosis turns an observation into a causal claim narrow enough to act on. The agent reconstructs the smallest useful journey using stable keys, URLs, timestamps, source properties, and outcomes. It separates visitors from signed-in users, customers from internal operators, and real sessions from smoke tests or automation.

Evidence thresholds should match the change. One confirmed broken button can justify a fix. One customer report can justify checking logs and code. A copy or onboarding change usually needs a repeated pattern from comparable people. When the journey cannot be joined, the right diagnosis may be a measurement repair rather than a product change.

PostHog events and properties make behavior sequences inspectable, while session replay can answer questions about what appeared on screen. Tin uses replay only when visible context matters and follows privacy controls such as input masking. When replay is unavailable, the review stays at the event-sequence level and says what it cannot prove.

Skill 3: execution that produces a bounded artifact

A diagnosis has no operating value until it changes something. Execution means producing the smallest artifact that can create the intended outcome: a focused code change, a public page, an analytics event, a support reply draft, or a task with a clear done state. The agent should not finish with a long recommendation when a reversible change is within reach.

For code, Tin works from a clean branch, preserves unrelated changes, follows the existing component and content systems, and keeps the pull request narrow. For content, it uses the site's real page registry, internal-link graph, metadata rules, and call to action. For support, it prepares the exact reply in the original thread but does not confuse a draft with a sent message.

Execution also needs an explicit reversal path. A code change can often be countered or reverted. An email cannot be unsent, so the recovery plan is a correction or a more careful next touch. Designing the reversal before acting makes autonomy safer and faster.

Skill 4: verification at three levels

Verification closes the gap between generated work and real work. Tin checks three levels. The artifact must pass its focused tests and validation. The deployed surface must render, return the expected response, and show the intended change. The measurement path must still record the event or outcome needed to judge the change later.

  • Artifact proof: lint, type checks, build checks, content validation, and a reviewed diff.
  • Live proof: an HTTP 200 response, the correct canonical and metadata, and a visual inspection of the rendered page or interaction.
  • Outcome proof: a defined metric, source, and window that can show whether the change worked after enough real traffic arrives.

These proofs happen on different clocks. A new route can be verified immediately. Search impressions, activation, or retention may take days or weeks. The agent should finish the shipped work honestly without inventing a business result. GitHub protected branches can require status checks before merge, which turns an important verification rule into an enforceable system boundary.

Skill 5: support that improves the product

Customer support is not a separate queue of interruptions. It is one of the product's highest-context sensing systems. A message about an archived project, an invisible file, or a button that appears to do nothing contains a claim about expected behavior. The agent should inspect account state, code paths, analytics, and logs before asking the customer to repeat work.

The support skill has two outputs. The customer gets an accurate answer or a transparent blocker. The product gets a fix, documentation change, instrumentation repair, or a no-action note when the issue is isolated. Repeated confusion is especially valuable because it can expose a missing state, label, or feedback message before aggregate metrics have enough volume to show it.

Customer contact remains a decision boundary. Tin can investigate, repair, and draft autonomously. Sending a sensitive reply, changing an account, mutating billing, or making a new promise requires the permission appropriate to that action.

Skill 6: decision gates that preserve momentum

A decision gate is not a generic request for review. It is a compact boundary around one action whose risk, public meaning, or irreversibility requires human judgment. The agent should arrive with the evidence, the exact proposed change, the consequence of approval, the reversal plan, and a recommended path.

The gate should be proportional. Reversible technical cleanup can proceed through automated checks. Brand-defining claims, pricing, customer sends, ad spend, legal language, destructive data operations, and production releases can stop for a founder call. If approval is denied, the task closes or takes the named alternative instead of silently reappearing.

NIST's AI Risk Management Framework organizes risk work around Govern, Map, Measure, and Manage, with governance running across the lifecycle and human oversight made explicit. An autonomous product does not need to copy that framework mechanically, but it should embody the same operational idea: risk controls are part of the system, not a policy document added after deployment.

Memory is the layer that connects all six skills

Without durable memory, every run repeats the same discovery and risks reversing earlier decisions. The product needs a current objective, product facts, channel state, open customer issues, task history, founder preferences, and decisions with their rationale. Live sources still outrank memory for changing facts, but memory explains why the system chose its current direction.

Tin writes state as work happens, not in a final wrap-up. A shipped fix, new measurement, support finding, or founder decision becomes part of the next run's starting point. This lets the six skills operate as one product rather than six disconnected agents.

A practical readiness test

  • Observation: Can the product name the live source, freshness, filters, and gaps behind every important signal?
  • Diagnosis: Can it reconstruct a real journey and state what the evidence does not prove?
  • Execution: Can it turn the diagnosis into one bounded, reviewable artifact without disturbing unrelated work?
  • Verification: Can it prove the artifact, the live surface, and the future measurement path separately?
  • Support: Can it investigate a customer report internally before asking the customer for more work?
  • Decision gates: Can it carry safe work through while stopping irreversible or brand-defining actions at a one-look decision?

Start with one complete loop, not six broad platforms. A public-site scan is a useful first loop because the inputs are visible, the findings can be ranked, a small fix can be reviewed, and the live result can be checked. Add product analytics, support, and higher-risk execution only after the first loop closes reliably.

Primary sources behind the model

See the operating methods in practice

Frequently asked questions

What is an autonomous product?
An autonomous product can move from a live signal to a checked outcome inside clear permissions. It observes evidence, diagnoses a cause, executes a bounded action, verifies the result, learns from support, and stops for human judgment when risk changes.
What AI skills do autonomous products need?
The core six are observation, diagnosis, execution, verification, support, and decision gates. Durable memory connects them so later runs inherit product facts, decisions, and founder preferences.
How is autonomy different from automation?
Automation repeats a predefined action. Autonomy selects the next bounded action from current evidence, checks its own work, and escalates when the decision falls outside its permission boundary.
Does an autonomous product need access to all company data?
No. Give each skill the minimum sources and permissions needed for its job. Observation should preserve provenance and missing-data states rather than collect broad access without a decision it serves.
Can an AI agent deploy directly to production?
Only when the project's delivery policy permits it and required checks pass. Many systems should merge safe changes after checks but require a separate decision for production deployment or higher-risk releases.
How do you measure whether an autonomous product works?
Measure closed loops, not generated output. Track whether the system found a material issue, produced the right artifact, passed checks, reached the live surface, preserved measurement, and improved the intended outcome over the appropriate window.
Why is customer support an autonomy skill?
Support messages contain high-context evidence about expected and actual behavior. A capable agent investigates the report against account state, code, analytics, and logs, then turns repeated confusion into a product improvement.
What actions should require a human decision?
Public promises, pricing, sensitive customer sends, spend, legal language, destructive data changes, payment mutations, and high-risk production releases commonly need human judgment because they are hard to reverse or change the company's commitments.
What is the best first autonomous product loop?
Start with a public-site scan. Its inputs are visible, findings can be ranked, a reversible fix can be reviewed, and the deployed result can be checked before the system expands into private product data or higher-risk actions.

See it run on your own site

Run the free five-step scan and see exactly what Tin Computer would work on for your project. No card.

Claude Code · Codex · Cursor