Vaccari's Code

Programming with AI on a short leash to beat Fable

7/5/2026

The promise of Artificial Intelligence in software development is tempting: autonomous agents generating high-quality code while we, developers, dedicate ourselves to more strategic tasks or, who knows, have a coffee on the beach. But, as every veteran knows, there's an abyss between promise and reality. After more than a year of in-depth research into using AI agents to write high-quality software for security-critical systems, my perspective is clear: total automation is a dangerous mirage.

This post is not for those who hate AI, nor for those who see it as a way to skip learning. It's for the experienced developer, one whose skills surpass any "frontier AI model" in their area of expertise, and who seeks in artificial intelligence a lever to boost their performance without ever compromising quality.

The Illusion of Total Automation

Anyone who has ventured with AI agents knows well what happens: the initial idea proves flawed, or the agent simply "goes off the rails," heading in undesirable directions. I've seen videos with millions of views where content creators describe elaborate systems with 12 parallel agents, complex orchestrators, and the promise that they no longer need to be involved in the coding process. The result? A festival of low-quality code, where AI writes and reviews "slop" (crappy code), while the human delights in a supposed paradise of idleness.

It's humanly impossible to build a solid understanding of a codebase by adopting this "vibe engineering" approach. The AI will have deviated countless times, and you'll only realize it when the software is actually used. While this method might be acceptable in scenarios where quality isn't a concern, in serious systems, it's a disaster. The problem is that even code written or reviewed by advanced models like Fable 5 can "stink": it works, but it's horribly inefficient and ugly. This is even more common in niche areas, where models lack sufficient training data. Contrary to what certain CEOs say, these models cannot think beyond their training data.

The "Short Leash" Method: Human Hand on the Wheel

This is where the "Short Leash" method for using AI agents in coding comes in. This approach isn't for everyone; it requires professional developers. But what makes it excellent is that it leads to results that surpass even those of frontier models, like Fable.

In the "Short Leash" method:

  • Planning Phase: You start with in-depth task research, formulating a clear plan and using tools to track progress and break larger tasks into smaller steps.
  • No "YOLO" (You Only Live Once): Forget the "dangerously skip permissions" mode. You don't hand over full control.
  • Constant Presence: The AI never works "while you play video games." You are actively present.
  • Diffs and Permissions: Use a coding agent that displays a diff of the changes about to be made via a permissions prompt.
  • Rigorous Human Analysis: You sit down, like a 20th-century madman, and analyze every change the AI proposes.
  • Always in the Loop: Always stay in control, instead of removing yourself from the process, as some content creators advocate.
  • Diffs as an Understanding Tool: Use the diffs in permission prompts as a way to keep your understanding of the codebase updated and the AI on a "short leash."
  • Deny Permissions: Whenever the AI is about to do something you don't want, deny permission.
  • Frequent Intervention: Intervene whenever necessary to prevent the AI from "going off the rails."
  • Commits per Sub-task: Make commits at the end of each sub-task to protect yourself from AI errors that might, for example, delete previously done work (I've seen Opus do this).
  • Final Review: At the end, perform a complete review.

Intelligent Reviews with AI

A Pull Request (PR) reviewed only by a human or only by an AI will have more errors than a PR reviewed by both. AI can be treated as a super-powered linter: it will quickly catch common errors, while the human will focus on high-level issues and necessary directional changes.

Therefore, when it comes to reviews:

  • AI on every PR: Use AI to review every PR.
  • Full Context: The AI should have access to sufficient context: the issue, the PR description, the codebase, and the proposed changes.
  • Cutting-Edge Models: Use the latest and best models available for review.
  • AI Disclosure: The PR description should disclose the precise models used (if any) in the PR's creation, under an "AI Disclosure" header. This serves several purposes:
    • Informs the maintainer that AI was used.
    • Allows the maintainer to suggest better models, should weak models have been employed.
    • Signals that you are a "good guy" developer and are not trying to "hide" the use of AI.
  • Author Review: And, finally, the most important point: the PR must be reviewed by the author themselves if AI was used. AI-assisted PRs are, in reality, PRs from an AI with human assistance. Therefore, the human submitting the PR is expected to understand what they are submitting, and they cannot do so if they haven't reviewed the code that the AI wrote. They should treat their own PR as if they were reviewing someone else's PR, line by line. Only then can they confirm their own approval and request the maintainer's attention. This builds and demonstrates their understanding of the codebase.

Ultimately, AI is a powerful tool. But, like any powerful tool, it requires mastery and discipline to be used effectively. In high-quality software development, especially in critical systems, the partnership between the human developer and AI must be one of control and collaboration, not blind delegation. The "short leash" ensures that machine intelligence amplifies yours, and doesn't replace it.


Sources


📬 Enjoyed this? Subscribe to the Vaccari's Code newsletter for the next wave of software & AI trends, straight to your inbox: Subscribe here

← all posts · listen to the episode →