And they decided to leave a token with destructive capabilities in the agents access, and decided to not have verified backups for their database.

My team practices "no blame" retros, that blame the tools and processes, not the individuals.

But the retro and remediations on this are all things the author needs to own, not Railway or Cursor.

- Revoke API tokens with excessive access

- Implement validated backup and restore procedures

- ...