How much time will I actually save with Fazm?

Most users report saving 45-90 minutes per day on repetitive tasks. The biggest time savings come from email management (drafting replies, sorting, archiving), form filling (expense reports, CRM updates, applications), research (comparing products, gathering data from multiple sites), and social media (cross-posting, scheduling, replying). For example, booking a flight that normally takes 10 minutes of clicking through airline sites takes a single voice command with Fazm. Filing an expense report that requires opening a PDF, extracting numbers, and entering them into a spreadsheet becomes one spoken sentence. The more repetitive and multi-step your daily work is, the more time you get back.

What exactly can Fazm control?

Fazm controls everything you can do manually on your Mac. That includes mouse movements and clicks, keyboard typing, browser navigation and form filling, app switching, file management in Finder, and system-level actions. It uses direct browser DOM control for web interactions - meaning it reads and manipulates the actual page structure rather than taking screenshots and guessing where to click. For native macOS apps, Fazm uses accessibility APIs to interact with buttons, menus, text fields, and other UI elements. This works across any application: Chrome, Safari, VS Code, Slack, Figma, Terminal, Mail, Calendar, and more.

How is Fazm different from ChatGPT or Claude?

Chatbots like ChatGPT and Claude give you answers in a conversation window. Fazm takes action directly on your computer. When you say 'reply to Sarah's email,' Fazm opens your email app, finds Sarah's message, writes a contextual reply, and sends it. A chatbot would tell you what to write, but you still have to do all the clicking and typing yourself. Fazm moves your mouse, types on your keyboard, clicks buttons, and navigates between apps. It is a computer agent, not a chat assistant.

How does the memory layer work?

Fazm builds a personal knowledge graph by extracting information from your files, browsing history, conversations, and daily activity. Over time, it learns your contacts (names, emails, relationships), accounts and credentials, preferences (formatting, tone, scheduling habits), and frequently used workflows. In your first week, you might say 'Reply to Sarah's email, she's my cofounder, her email is sarah@acme.com.' By week four, you just say 'Reply to Sarah' because Fazm already knows who she is. By week eight, Fazm can draft the reply before you even ask. All of this data stays locally on your Mac - your knowledge graph never leaves your machine or gets sent to any cloud service.

Is Fazm safe? Can it mess up my computer?

Safety is built into every layer of Fazm. You watch every action in real-time on your screen - Fazm moves your mouse and types visibly, so there is nothing hidden. You can stop any action at any point by pressing a keyboard shortcut. Fazm also shows you what it plans to do before executing destructive actions like deleting files or sending emails, giving you a chance to confirm or cancel. Because Fazm is open source, the code is fully auditable on GitHub. There is no hidden behavior, no background processes making changes you cannot see, and no actions that bypass your screen.

What platforms does Fazm support?

Fazm currently supports macOS, running natively on both Apple Silicon (M1, M2, M3, M4) and Intel Macs. It is built with Swift and uses macOS-specific frameworks like ScreenCaptureKit for screen analysis and Accessibility APIs for app control, which is why macOS is the primary platform. Windows and Linux support are on the roadmap but do not have release dates yet. You can also control your Mac remotely from your phone using Fazm Remote, which gives you voice access to your desktop while you are away from your computer.

How does Fazm voice input work?

One keyboard shortcut activates push-to-talk. Hold the key, speak naturally about what you need done, and release. Fazm transcribes your speech locally using on-device models, so there is no network latency for the voice recognition step. You do not need wake words like 'Hey Siri' or 'OK Google' - just press and talk. You can also type commands into the floating toolbar if you prefer text input. Fazm understands natural language, so you do not need to memorize specific commands. Say 'book me a flight to Tokyo next Thursday' or 'find the cheapest AirPods on Amazon' and Fazm figures out the steps.

Is my data sent to the cloud?

Fazm processes screen analysis and memory entirely on your machine. The personal knowledge graph, file indexing, and screen capture all run locally. The only data that leaves your Mac is the intent - a text description of what you want to accomplish, which is sent to the AI model (Claude or GPT) for action planning. Your actual screen content, file contents, browsing history, and personal knowledge graph never leave your computer. Fazm is also open source, so you can verify exactly what data is transmitted by reading the code on GitHub. For users who need complete air-gapped operation, local model support is planned.

Back to Blog

How to Build AI Agents You Can Actually Trust - Bounded Tools and Approval UX

Fazm Team·March 13, 2026·3 min read

ai-safetyagent-designtrustuxdesktop-agent

How to Build AI Agents You Can Actually Trust

The single biggest lesson from building a desktop AI agent: giving the agent broad system access is a recipe for disaster.

Early versions of Fazm had relatively open access to macOS APIs. The agent could click anything, type anywhere, open any app. It worked great in demos. In real use, it occasionally did things like closing the wrong window or sending a half-drafted email. The why local-first matters argument becomes even stronger when you consider trust - keeping data processing local reduces the blast radius of agent mistakes.

Bounded Specialized Tools

The fix was moving every action through a typed tool interface. Instead of "click at coordinates (x, y)", the agent calls press_button(app: "Safari", element: "Submit"). Instead of "type this text", it calls fill_field(app: "HubSpot", field: "Deal Notes", value: "...").

This gives you:

Type safety. The agent cannot click a button that does not exist or type into a read-only field.
Audit trail. Every action is a structured call with named parameters. You can log and review everything the agent did.
Permission boundaries. You can allow the agent to read from any app but only write to specific ones.

The Approval Fatigue Problem

The obvious safety mechanism is approval: the agent proposes an action, you approve it. But if the agent asks for approval on every single click, the UX is worse than just doing the task yourself. This is approval fatigue, and it kills agent adoption.

The solution is batching related actions into plans that get approved once:

Plan: Update CRM with call notes
1. Open HubSpot
2. Navigate to Acme Corp deal
3. Add note: "Call with Sarah - discussed Q2 timeline..."
4. Update stage to "Negotiation"
5. Set follow-up date to March 20

[Approve] [Edit] [Cancel]

One approval for five actions. The user sees exactly what will happen, can edit any step, and approves the entire sequence at once. This is the sweet spot between safety and usability. These are exactly the kind of cross-app workflows where batched approval shines - multiple apps, one confirmation.

Accessibility Tree as a Safety Layer

Using the accessibility tree for UI interaction is not just a reliability choice - it is also a safety choice. The accessibility tree tells you exactly what each element does. A button labeled "Delete All" is clearly destructive. A button labeled "Save" is clearly safe.

When the agent works through the accessibility tree, you can build policies like "never click elements with destructive labels without explicit approval" directly into the tool interface. With screenshot-based agents, you would need a vision model to make that judgment call, which adds latency and uncertainty. Our comparison of DOM control vs screenshots explains why structured access is more reliable for this kind of policy enforcement.

Fazm uses bounded tools and plan-based approval for safe desktop automation. Open source on GitHub. Inspired by discussions in r/AI_Agents.

How to Build AI Agents You Can Actually Trust - Bounded Tools and Approval UX

How to Build AI Agents You Can Actually Trust

Bounded Specialized Tools

The Approval Fatigue Problem

Accessibility Tree as a Safety Layer

Related Posts

Designing a Tiered Permission System for AI Desktop Agents

How LLMs Can Control Your Computer - Voice-Driven, Local, No API Keys

Auto-Detecting What Your AI Agent Should Do Based on App Context