The Human Role in Agentic Coding Workflows: A Responsibility Test
Keep humans responsible for promises, acceptance, exceptions, and consequences. Delegate coding work when it is bounded, inspectable, and reversible.

Coding execution can spread across agents while acceptance remains a named responsibility.
The human role in agentic coding workflows becomes clear in a familiar scene: a founder has three agent-produced pull requests ready before lunch. Two are routine. The third changes authentication. The code is finished, the tests are green, and one question is still waiting for a person: is this evidence enough to release a change that could lock customers out?
TL;DR: That question defines the human role in agentic coding workflows better than a list of tasks that today's models cannot do. Keep humans responsible for setting the promise, defining the agent's authority, accepting the evidence, deciding exceptions, and answering for consequences. Delegate implementation when the task is bounded, the output is inspectable, and failure is reversible. Human line-by-line review can shrink without removing a named acceptance owner.
Anthropic's analysis of roughly 400,000 Claude Code sessions found that people made about 70% of planning decisions while Claude made about 80% of execution decisions. This is vendor research based on model-classified sessions, not proof that every team should divide work this way. It does show that planning and execution are already separating in real use. [1]
The split sounds efficient. It becomes uncomfortable when generated output grows faster than a small team can absorb its consequences.
More Generated Work Is Not The Same As More Work Absorbed
Ten dependency updates may be easy to generate, test, and reverse. One payment-flow change can create a new customer promise and a new on-call obligation. Counting both as one completed task hides the work that begins after the diff exists.
Absorbed work is work the team can understand well enough to accept, support, and undo. That capacity does not automatically rise with generation speed. Stack Overflow's 2025 survey received more than 49,000 responses from 177 countries. It found that 46% of respondents did not trust the accuracy of AI output, 45% described debugging generated code as time-consuming, and 61.3% said they would still seek human help because they wanted to understand their code fully. These are self-reported attitudes, not a causal study of agent workflows, but they locate the pressure clearly: output can arrive before confidence and understanding do. [2]
Even the productivity number is harder to settle than the sales pitch suggests. METR's later experiment covered 57 developers, 143 repositories, and more than 800 tasks. METR judged its current estimate unreliable because adoption changed which developers and tasks could be randomized, while multi-agent work made time accounting harder. Its earlier slowdown result does not establish a current universal effect. [3]
So I would not use lines changed, tasks closed, or an old speed benchmark to decide whether a team can safely delegate more. Those measures describe production. The missing measure is whether someone can accept what was produced without borrowing confidence from a green checkmark.
That calls for criteria that should remain useful after the next model upgrade.
Use The Bounded, Inspectable, Reversible Test
The bounded, inspectable, reversible test is a practical inference from the research, not a validated industry standard. It asks three questions before an AI coding assistant starts:
- Bounded: Can the team state the intended change, protected behaviour, and stop conditions without asking the agent to invent a product promise?
- Inspectable: Can the handoff return evidence that a reviewer can check, such as a focused diff, tests, logs, screenshots, review findings, or observed behaviour?
- Reversible: Can the team undo the change quickly and completely enough for the consequence at stake?

A copy change can score strongly on all three. The requested words fit in one component, a screenshot exposes the result, and a revert restores the old text. Delegate the execution and review the evidence.
A database migration is mixed. Its schema change may be bounded and its migration checks inspectable, but rollback after partial writes may be costly. Stage it, name a stop point, and keep a person close to the irreversible step.
An ambiguous pricing-rule change is weak before anybody opens the repository. If the team has not decided whether an existing customer keeps an old entitlement, the agent is being asked to set a commercial promise through code. No test suite can discover the missing policy. Keep the framing human, then delegate the implementation once the promise is explicit.
One practitioner's Hacker News proof of concept offers a useful example without proving prevalence. The system used an explicit ask_human channel, per-task artifacts, isolated worktrees, and a separate worker that validated and merged changes. The notable design choice was not the number of agents. It was the deliberate point where ambiguity returned to a person. [4]
This test is separate from choosing an assistant. If the tool decision is still open, the control-surface test for AI coding tools asks where steering and durable state should live. Here, the narrower question is how much authority a particular task can safely carry.
Strong scores justify more delegated execution. They do not erase the decisions a person remains answerable for after the agent returns clean evidence.
Five Human Decisions In Agentic Coding Workflows
The most useful real-world boundary I found is in Linux kernel policy. AI assistance is permitted, but an agent must not add a Signed-off-by line. A human submitter reviews the generated code, checks licensing, certifies the Developer's Certificate of Origin, and takes full responsibility. Related kernel guidance says submitters must understand and be able to defend what they submit. [5] [6]

The policy does not require the person to type every line. It reserves five kinds of authority that a small team can apply beyond kernel contributions:
- Frame the promise. Decide whose problem matters, what must not change, and what counts as done.
- Set the responsibility boundary. Decide what the coding agent may change, when it must stop, and who can approve a wider scope.
- Accept the evidence. Decide whether the returned tests, logs, screenshots, and review findings are sufficient for this consequence.
- Own the exception. Choose the tradeoff when evidence conflicts, time is short, or rollback is costly.
- Carry the relationship. Explain the decision to teammates or customers and repair trust if the accepted result fails.
Take an agent-built permissions change. A person decides which users must never gain access. The same person, or another named owner, decides whether an authorization test, audit log, diff review, and rollback plan are enough. If a known edge case is accepted for an emergency release, someone approves that exception. If a customer's private project name becomes visible, the agent may draft the incident note, but the team owns whom to contact and what to promise next.
Agiflow is one example of keeping that task state and review evidence in a shared work-state surface outside an assistant session. It is a project board for external AI assistants, not the coding agent and not the acceptance owner. For the team norm that governs what a submitter owes a reviewer, see AI coding team norms for generated pull requests.
Responsibility survives delegation. The sharper objection is whether any human review needs to survive with it.
Let Machines Inspect More, But Do Not Confuse Inspection With Acceptance
Martin Monperrus argues in the 2026 preprint The End of Code Review that coding agents can serve every traditional review goal and that mandatory human review cannot scale with agent throughput. It is a serious objection. A rule that requires one tired person to inspect every generated line can become theater, especially when automated tests, static analysis, and a second coding agent can check more paths than the reviewer has time to trace. [7]
Another July 2026 preprint reaches a different organizing claim after collecting 38,709 practitioner documents and coding a sample of 3,100. Its authors describe review as the control point through which a team determines whether coding-agent output helps or harms the software. They also report that repository trends changed under different defensible analysis choices. Both papers are recent preprints, not settled evidence that AI review is universally better or worse. [8]
The practical answer is to separate inspection from acceptance.
An agent can run static analysis, ask a second agent to challenge the diff, execute targeted tests, and prepare a rollback plan. Those are inspection jobs. A person still decides whether that package is enough before a Friday release changes customer data retention. That is acceptance authority.
Review depth should follow consequence, inspectability, and reversibility. A copy fix with a screenshot and instant rollback may need a glance. A retention-policy migration may deserve a domain expert, staged rollout, and explicit approval even if two agents agree that the implementation is correct. The rule is not that human eyes are inherently superior. The rule is that residual risk needs a named owner who understands what the checks did not establish.
Without enough task-specific understanding, acceptance is only a signature. The failure usually becomes visible when the normal path breaks.
Keep Enough Understanding To Own The Exception
A test suite passes. During review, someone notices that a permissions fallback exposes a customer's internal project name. The incident is not hard because the team lacks text generation. An agent can propose a patch, draft a customer message, and list rollback commands in seconds. The hard part is deciding whom to interrupt, whether rollback creates another exposure, which promise was broken, and how the team will repair trust.
Expertise matters most at that edge. In Anthropic's analysis of Claude Code sessions, higher task-specific expertise correlated with better success and better recovery from trouble. Again, the outcome labels were model-generated and the data came from Anthropic's own surfaces, so this is a signal rather than a universal benchmark. [1]
A separate Anthropic experiment gives the learning risk a concrete, limited shape. Fifty-two mostly junior developers completed a short coding task using either AI assistance or documentation. The AI-assisted group averaged 50% on an immediate mastery quiz, compared with 67% for the hand-coding group, with the largest gap on debugging questions. The study was small, short, and used a non-agentic interface. It does not prove long-term deskilling. It does suggest that finishing a task and building the knowledge needed to debug its exception are different outcomes. [9]
Small teams cannot keep deep manual involvement in every low-consequence change. They can preserve understanding where recovery depends on it. Rotate who accepts high-consequence work. Require the handoff to expose assumptions and failed checks, not just successful ones. Rehearse the rollback for changes where a written plan may hide a missing permission, stale backup, or one-way data transform.
The practical standard is not whether a person touched every line. It is whether a named person can defend the promise, the evidence, the exception, and the response.
Audit One Delegated Task Before Adding Another Agent
Choose one delegated task from the past week. Write down five answers:
- What promise did the change make, and to whom?
- What evidence came back with the implementation?
- What was the real rollback path?
- Who had authority to accept the remaining uncertainty?
- Who would answer to a customer if it failed?
Linux's human certification boundary is strict because a signature has meaning only when someone can understand and defend the contribution. In agentic coding workflows, the human role is to retain that named responsibility, even when machines perform more inspection. Your team may use a lighter review path, but the same logic holds. A bounded task, inspectable evidence, and a credible rollback can support broad delegation. An unnamed promise or owner cannot.
Take one recent delegated task through this five-question responsibility audit, then send the answers to the teammate who would own the rollback. If the team cannot name those five answers, it is not ready to delegate more authority, even if it can delegate more code.
References
- Anthropic, "Agentic coding and persistent returns to expertise." https://www.anthropic.com/research/claude-code-expertise . Published 16 June 2026. Vendor research based on model-classified Claude Code sessions.
- Stack Overflow, "2025 Developer Survey." https://stackoverflow.co/company/press/archive/stack-overflow-2025-developer-survey/ . Published July 2025. Global self-report survey.
- METR, "We are Changing our Developer Productivity Experiment Design." https://metr.org/blog/2026-02-24-uplift-update/ . Published 24 February 2026. Methodological update explaining why the current estimate is unreliable.
- Hacker News discussion, item 48520757. https://news.ycombinator.com/item?id=48520757 . Captured 12 July 2026. One practitioner's self-described proof of concept, not representative evidence.
- Linux kernel documentation, "AI Coding Assistants." https://kernel.org/doc/html/next/process/coding-assistants.html . Version observed: next-20260710.
- Linux kernel documentation, "Generated Content." https://kernel.org/doc/html/next/process/generated-content.html . Version observed July 2026.
- Martin Monperrus, "The End of Code Review." https://arxiv.org/abs/2606.13175 . Preprint, June 2026.
- Agarwal, Miller, Kästner, and Vasilescu, "3100 Opinions on Code Review in an AI World." https://arxiv.org/abs/2607.07980 . Preprint, 8 July 2026.
- Anthropic, "How AI assistance impacts the formation of coding skills." https://www.anthropic.com/research/AI-assistance-coding-skills . Vendor-run randomized study of 52 mostly junior developers.
More to read
AI Coding Team Norms: What Developers Owe Reviewers Now
AI coding team norms need to define ownership, disclosure, validation, and reviewer rights before AI-generated PRs reach review.
10 min readGPT-5.6 Codex: Get More Reviewed Work From Your Subscription
A practical GPT-5.6 Codex guide to choosing Sol, Terra, Luna, and reasoning effort by task, review risk, and accepted work per allowance window.
18 min readHow to Keep One Project Board Across ChatGPT, Claude, Cursor, and Codex
Use MCP to connect ChatGPT, Claude, Cursor, and Codex to the same project board, then keep the board as the narrow source of truth for scope, status, evidence, and next action.
13 min readPut this project board inside ChatGPT
Open Agiflow in ChatGPT to plan campaigns, create tasks, and check what needs attention. Create a free Agiflow account when you are ready to keep the board for your team.