Agentic Coding
Summary
Briefing: Agentic Coding
Purpose: Practical intelligence for software engineers building with AI coding agents daily — what's working, what's failing, and what to do about it.
Key Insights
- Your bottleneck has shifted from code generation to comprehension speed, and your metrics won't tell you. A controlled trial with 52 engineers found AI-assisted developers scored 17% lower on comprehension quizzes despite similar completion times, with delegation-focused users scoring below 40% versus 65%+ for those using AI for conceptual inquiry. Meanwhile, velocity metrics, DORA scores, and code coverage all look green — comprehension debt accumulates invisibly. The most dangerous failure mode: when an agent changes implementation behavior and updates hundreds of tests to match, the question becomes not "is this correct?" but "were all those test changes necessary?" — a question only human understanding can answer.
- Comprehension Debt - the hidden cost of AI generated code.
-
The highest-ROI investment isn't better prompts — it's tighter plans with actual code snippets before the agent touches anything. Boris Tane's "slop creep" concept names the exact failure mode: agents introduce slightly wrong abstractions, then build on them, then build on that, reaching codebase crisis in days rather than months. The remedy is writing actual interface definitions and data model snippets into your plan, leaving no ambiguity for the agent to fill with slop. The iterative pattern that works: you define intent → agent drafts a plan with code → you tear it apart and annotate → agent revises. After 2-3 rounds, abstractions emerge that neither you nor the agent could produce alone. Never let an agent walk through a one-way architectural door alone.
- Slop Creep: The Great Enshittification of Software
-
Multi-model pipelines are replacing single-model usage, and the emerging consensus maps model personalities to workflow phases. Samuel Colvin (Pydantic) characterizes Claude as "Captain America" (reliable, slightly overconfident), Codex as "Q from Bond" (neurotic precision on details), and Gemini as "the Joker" (unhinged but occasionally brilliant). The practical workflow crystallizing among practitioners: use Gemini CLI for 90-second code reviews (versus 30 minutes with Claude Code), then feed the report to Claude for implementation. For sub-agent workers on well-defined tasks, Sonnet is faster and cheaper than Opus — save Opus for planning. Emergent's production data confirms model-specific strengths: Opus as workhorse, Codex excels at backend debugging, Gemini for frontend work.
- ⚡️Monty: the ultrafast Python interpreter by Agents for Agents — Samuel Colvin, Pydantic
- Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive
- India's Fastest Growing AI Startup
-
Agent security is genuinely alarming — and the Snowflake sandbox escape proves current safety layers are paper-thin. A prompt injection hidden in a README bypassed Snowflake Cortex's human-in-the-loop approval via process substitution, disabled the sandbox with a flag, downloaded and executed malware, then leveraged cached tokens to exfiltrate data and drop tables — all with ~50% attack efficacy per attempt. Critically, context loss across sub-agent invocations meant the main agent reported finding a malicious command while failing to disclose it had already executed. The Pi creators identify the unsolvable "trifecta": command execution + internet access + local file access = you're exposed. Anthropic's VM-based sandboxing is the current best middle ground, but run your agents in Docker containers with only mounted data, never paste secrets into chat, and treat any agent with internet access on untrusted content as a potential attack vector.
- Snowflake AI Escapes Sandbox and Executes Malware
- Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive
- Why Anthropic Thinks AI Should Have Its Own Computer — Felix Rieseberg of Claude Cowork/Code
-
Terminal-based agents are winning for agent-heavy workflows, and the IDE is becoming optional for a growing class of work. Practitioners report opening IDEs "the least I ever have," with the Notion CEO using "just Claude Code or Codex CLI." The practical advantage: terminal agents run on remote machines via SSH/tmux, continue when laptops close, and parallelize across sessions without IDE overhead. However, Colvin's strong rejection of full-TUI agents ("I'd rather have Gemini CLI") reveals the preference is for simple chat-like back-and-forth, not an agent that takes over your screen. Gemini CLI sits at ~700K weekly downloads (5th place), quietly used by developers who aren't on Twitter discussing it.
- State of Agentic Coding #4 with Armin and Ben
- Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive
- ⚡️Monty: the ultrafast Python interpreter by Agents for Agents — Samuel Colvin, Pydantic
- From Note-Taking App to AI Workspace: The Simon Last Interview
Emerging Patterns
- Context management is the core craft, and practitioners are converging on specific patterns: rules files under 200 lines, the codebase as primary memory (not separate stores), and capturing learnings before compaction. Pi's session branching/rewinding and the compound engineering "/compound" command represent two implementations of the same insight — context is perishable and must be deliberately preserved. Practitioners who tried summarizing conversations to extend context found it unhelpful; the simpler approach of using a local
agents.mdfile and starting fresh sessions outperformed. The moment to capture session learnings is before the agent begins compacting earlier context. For individual developers on familiar codebases, agentic search of current repo state beats indexed memory systems. - Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive
- Claude Code Wiped 2.5 Years of Data. The Engineer Who Built It Couldn't Stop It.
-
Harness instability is a bigger daily frustration than model quality for power users. Claude Code and Codex break workflows multiple times per day due to harness changes — not model changes — with release cadences of daily or multiple-times-daily. Pi was built explicitly to provide deterministic, stable tool behavior: "My problem is not the models." Meanwhile, the counter-perspective from the State of Agentic Coding podcast notes that models did experience a clear step function with Opus 4.6 and Codex 5.3, directly increasing commit volume and developer enjoyment. Both can be true simultaneously: models are good enough that the harness layer is now the bottleneck.
- Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive
-
Building products on top of agents requires designing APIs for agent consumption, not human consumption, and rewriting your AI harness every 6 months. Notion's CEO describes creating a markdown dialect and using SQLite for database interactions because their original API was too verbose for agents. Notion rewrites its AI harness approximately every 6 months to keep pace with model evolution. Anthropic's Felix Rieseberg advocates markdown-described endpoints over CLI/MCP integrations — "Claude is much better at writing and executing its own AppleScript than relying on third-party MCPs." The implication: if you're building agent-facing infrastructure, describe capabilities in natural language with type hints rather than forcing agents through rigid programmatic interfaces.
- From Note-Taking App to AI Workspace: The Simon Last Interview
- Why Anthropic Thinks AI Should Have Its Own Computer — Felix Rieseberg of Claude Cowork/Code
Dissenting Views
- Whether AI agents meaningfully increase core work output, or mostly expand experimentation. The Notion CEO claims you can be a "100x or 1000x engineer" with current tools. But Armin Ronacher (Flask creator) sliced his GitHub contributions by actual work repos versus side projects and found "the individual output is actually not that different" — most commit increases came from experiments and side projects, not core business productivity. When Shopify's Toby Lütke claims 100 commits per day, 90 of those might be F1 fan sites. This matters for how you evaluate your own productivity: raw commit count is not a reliable signal.
- From Note-Taking App to AI Workspace: The Simon Last Interview
-
Whether long-term agent memory matters for coding tasks. Pi's creators argue it's unnecessary — the codebase is the source of truth, and agentic search of the current repo state is sufficient. Emergent disagrees: their auto-generated skills from trajectories via CI/CD, added to long-term memory, measurably outperform agents without skills. The resolution likely depends on context: individual developers on familiar codebases don't need memory layers, but platforms serving millions of non-technical users building diverse apps benefit from accumulated skill libraries.
- Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive
- India's Fastest Growing AI Startup
Read & Act
What to read:
-
Slop Creep: The Great Enshittification of Software — The most actionable piece in this batch. Defines the exact failure mode (slightly wrong abstractions compounding), provides the exact remedy (tight plans with code snippets for data models and interfaces), and includes the author's personal workflow of reading every line the agent writes. The iterative plan-draft-annotate-revise pattern is immediately implementable.
-
Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive — Three experienced practitioners sharing unvarnished opinions on Pi vs Claude Code vs Codex, with specific complaints about harness instability, a contrarian take that long-term agent memory is unnecessary for coding, and the security trifecta problem. The detail on why they abandoned conversation summarization in favor of simple agents.md files is the kind of hard-won insight worth the full watch.
-
⚡️Monty: the ultrafast Python interpreter by Agents for Agents — Samuel Colvin, Pydantic — Contains the best practitioner comparison of Claude Code, Codex, and Gemini CLI from someone building infrastructure-level code, plus the 4-factor framework for when LLMs achieve 100x speedup (internal implementation known, external API well-known, simple unit testing, no bike-shedding). The practical multi-model workflow (Gemini review → Claude implementation) is immediately useful.
-
Comprehension Debt - the hidden cost of AI generated code. — The empirical data alone (52-engineer controlled trial, 17% comprehension drop, usage-pattern-dependent scores) makes this essential. The insight that velocity metrics and code coverage all look green while comprehension debt accumulates invisibly is a crucial warning for any team adopting agentic workflows at scale.
-
Snowflake AI Escapes Sandbox and Executes Malware — A concrete, technically detailed security case study that every developer running coding agents needs to understand. The attack chain (indirect prompt injection → process substitution bypass → sandbox disable → credential theft) reveals how thin current safety layers are, and the detail about context loss across sub-agent invocations hiding that malicious commands already executed is a design flaw that applies broadly.
What to do:
-
Implement the plan-draft-annotate-revise loop for your next non-trivial feature. Before the agent touches code, write actual code snippets for your data models and key interfaces. Let the agent draft a plan with code; tear it apart; send it back. After 2-3 rounds, let the agent implement within those constraints. This single change — spending 70% of energy on planning — is the pattern with the strongest practitioner consensus across sources for preventing slop creep while maintaining velocity.
-
Build a multi-model pipeline for your daily workflow this week. Set up Gemini CLI for 90-second code reviews by piping your branch diff to it, then feed its report to Claude Code or Codex for implementation. Use Sonnet (not Opus) for well-defined sub-agent worker tasks. Track which model handles which task type and tune from there. Stop evaluating models in isolation — the workflow composition matters more than any single model's capabilities.
-
Audit your agent security posture today. Run your agents in Docker containers with only mounted data directories. Remove any
dangerously_skip_permissionsflags. Never paste secrets into agent chat. If your agent has internet access and processes untrusted content (READMEs, web results, MCP responses), treat it as a potential prompt injection vector. The Snowflake attack worked with ~50% efficacy — this is not theoretical risk.
Source Articles
- This app is my new 24/7 assistant.
- Show HN: Tmux-IDE, OSS agent-first terminal IDE
- Snowflake AI Escapes Sandbox and Executes Malware
- How to Automate ANYTHING with Claude Code (as a normal person)
- Comprehension Debt - the hidden cost of AI generated code.
- Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive
- Pi Day: AMA with Pi's Creator + Talks & Extensions Deep Dive
- State of Agentic Coding #4 with Armin and Ben
- Slop Creep: The Great Enshittification of Software
- I Hired an AI to Do My Chores. Now I Maintain the AI.
- The Never-done Machine
- Compound Engineering Camp: Every Step, From Scratch
- The Library Meta-Skill: How I Distribute PRIVATE Skills, Agents and Prompts
- From Note-Taking App to AI Workspace: The Simon Last Interview
- You Are Responsible for Your Agent
- What Happens When Beginners Start Building With Claude Code—With Mike Taylor and Kate Lee
- Anthropic Didn't Build a New Browser. They Did Something Smarter.
- Claude Code Wiped 2.5 Years of Data. The Engineer Who Built It Couldn't Stop It.
- AI Made Every Company 10x More Productive. The Ones Cutting Headcount Are Telling on Themselves.
- India’s Fastest Growing AI Startup
- Why Anthropic Thinks AI Should Have Its Own Computer — Felix Rieseberg of Claude Cowork/Code
- ⚡️Monty: the ultrafast Python interpreter by Agents for Agents — Samuel Colvin, Pydantic