The depressing truth is most I know just run all these tools in /yolo mode or equivalents.

Because your coworkers definitely are, and we're stack ranked, so it's a race (literally) to the bottom. Just send it...

(All this actually seems to do is push the burden on to their coworkers as reviewers, for what it's worth)

You're mixing up two things though. One is what the agent does "locally", wherever that might be (for me it's inside a VM), and second is what code you actually share or as you call "send".

Just because you don't want to gate every change in #1, doesn't mean you're just throwing shit via #2, I'm still reviewing my code as much as before, if not more now, before I consider it ready to be reviewed by others.

But I'm seemingly also one of the few developers who seem to take responsibility of the code I produce, even if AI happens to have coded it.

> Just because you don't want to gate every change in #1, doesn't mean you're just throwing shit via #2,

Right but in practice from what I've seen at work, it does.

You're right: it shouldn't inherently, but that's what I've been seeing.

> But I'm seemingly also one of the few developers who seem to take responsibility of the code I produce, even if AI happens to have coded it.

Pretty much what I'm getting at, yeah

There's a huge psychological difference between 1) letting the agent write whatever then editing it for commit, and 2) approving the edits. There shouldn't be, but there is.

Who has time for that? This is how I run codex: `codex --sandbox danger-full-access --dangerously-bypass-approvals-and-sandbox --search exec "$PROMPT"`, having to approve each change would effectively destroy the entire point of using an agent, at least for me.

Edit: obviously inside something so it doesn't have access to the rest of my system, but enough access to be useful.

I wouldn't even think of letting an agent work in that made. Even the best of them produce garbage code unless I keep them on a tight leash. And no, not a skill issue.

What I don't have time to do is debug obvious slop.

I ended up running codex with all the "danger" flags, but in a throw-away VM with copy-on-write access to code folders.

Built-in approval thing sounds like a good idea, but in practice it's unusable. Typical session for me was like:

  About to run "sed -n '1,100p' example.cpp", approve?
  About to run "sed -n '100,200p' example.cpp", approve?
  About to run "sed -n '200,300p' example.cpp", approve?

Could very well be a skill issue, but that was mighty annoying, and with no obvious fix (options "don't ask again for ...." were not helping).

One decent approach (which Codex implements, and some others) is to run these commands in a real-only sandbox without approval and let the model ask your approval when it wants to run outside the sandbox. An even better approach is just doing abstract interpretation over shell command proposals.

You want something like codex -a read-only -s on-failure (from memory: look up the exact flags)

I keep it on a tight leash too, not sure how that's related. What gets edited on disk is very different from what gets committed.

>Who has time for that?

People that don't put out slop, mostly.

That's another thing entirely, I still review and manually decide the exact design and architecture of the code, with more care now than before. Doesn't mean I want the UI of the agent to need manual approval of each small change it does.

Ask mode exists, I think the models work on the assumption that if you're allowing edits then of course you must want edits.