update README.md

Author: carderne

README.md

@@ -5,7 +5,13 @@
 
 Sanitise agent-written SQL for multi-tenant DBs.
 
-You provide a tenant ID, and the agent supplies the query.
+1. Agents prefer code to tools
+2. Security is important
+3. [LLMs (and humans) are dumb](https://x.com/BenjDicken/status/2035821666170008046)
+
+Rather than write hundreds of tools for your deployed agent, just give it one: `executeQuery`.
+Then let `agent-sql` sanitise those queries to stop it from doing anything dangerous (or dumb).
+Primarily targeting deployed agents, but you should get your coding harness to use it too.
 
 Apparently this is how [Trigger.dev does it](https://x.com/mattaitken/status/2033928542975639785).
 And [Cloudflare](https://x.com/thomas_ankcorn/status/2033931057133748330).
@@ -22,11 +28,11 @@ agent-sql works by fully parsing the supplied SQL query into an AST and transfor
 - **`JOIN`s added:** if needed to reach the guard tenant tables (save on tokens).
 - **No sneaky joins:** no `join secrets on true`. We have your back.
 
-## What's next
+## Coming soon
 
-- [ ] Support `INSERT`, `UPDATE`, even `DROP TABLE` as user-configurable options
+- [ ] Configurable support for `INSERT`, `UPDATE`, even `DROP TABLE`
 - [ ] Support CTEs, subqueries and more, once they can be fully hardened
-- [ ] Skills for common harnesses
+- [ ] Plugins/hooks for common harnesses
 
 ## Quickstart