Using the `fly` CLI allows you to know what changes are being made when you update the pipeline (it shows a diff), and when your configuration is invalid (or when the update fails for another reason).
That command would just be `fly` or something else coming from Concourse. To me it makes more sense for the entry into the system to be safeguarded with validation, and then possibly bring your own filesystem-based configuration management system that goes through that same front door, building on trusted tools from Concourse itself. Mucking with files on disk that directly affect a live system (shipping production code!) seems like a recipe for disaster.