Agentic Workflow Supervision

Weight: 15%

Sources verified Dec 23, 2025⚠2 sources changed

Why It Matters

Agent-first IDEs (Cursor 2.0, Google Antigravity, Devin 2.0) can now orchestrate multiple autonomous agents in parallel. Harness 2025: 92% of developers report AI increases the 'blast radius' from bad deployments. The new risks include review fatigue (impossible to review 500+ lines of diffs), agentic security threats (OWASP Top 10), and multi-agent coordination failures. Mature users know how to supervise agents, apply 'Least Agency' principles, and use layered verification (AI review + human review + tests).

✓ Harness: 92% report AI increases 'blast radius' from bad deployments ⓘ

×

State of Software Delivery Report 2025: The Role of AI in the SDLC

Harness

Critical counterweight to AI productivity hype. The 67% debugging overhead stat directly challenges simplistic 'AI makes you faster' narratives. The governance gaps (only 48% using approved tools, 60% lacking vulnerability assessment) highlight organizational maturity requirements. The 'blast radius' finding is particularly important for the trust_calibration dimension.

Key Findings:

• 67% of developers spend more time debugging AI-generated code
• 68% spend more time resolving AI-related security vulnerabilities
• 92% report AI increases 'blast radius' from bad deployments

Credibility: high

View Source ↗

✓ Cursor (Anysphere): Cursor 2.0 enables 8 parallel agents with git worktree isolation ⓘ

×

Cursor 2.0: Composer Model and Multi-Agent Architecture

Cursor (Anysphere)

Cursor 2.0 represents the shift to agent-first IDEs: purpose-built Composer model for low-latency coding, up to 8 parallel agents, native browser integration, sandboxed execution. The MoE architecture and RL training show vendor investment in specialized coding models. Critical for understanding the 'agentic IDE' paradigm.

Key Findings:

• Cursor 2.0 released October 29, 2025
• Composer: first in-house large coding model, 4x faster than comparable models
• Multi-agent: up to 8 independent AI agents in parallel via git worktrees

Credibility: high

Referenced by:

Quick Reference: AI Code Checklists

View Source ↗

✓ OWASP GenAI Security Project: OWASP defines critical agentic security risks ⓘ

×

OWASP Top 10 for Agentic Applications 2026

OWASP GenAI Security Project

The first OWASP security framework specifically for agentic AI systems. The 'Least Agency' principle is critical for our agentic_supervision dimension. Key risks (goal hijacking, tool misuse, rogue agents) directly inform supervision recommendations. Released December 2025, this is the authoritative security guide for AI coding agents.

Key Findings:

• ASI01 - Agent Goal Hijack: Prompt injection manipulates agent goals
• ASI02 - Tool Misuse: Agents misuse legitimate tools for data exfiltration
• ASI03 - Identity & Privilege Abuse: Confused deputy and privilege escalation

Credibility: high

Referenced by:

Guardrails Quick Reference: AI Code Checklists Build a Read-Only MCP Server Compare Chat vs RAG vs Agent

View Source ↗

✓ The New Stack: Review fatigue is a 2025 concern ⓘ

×

Is AI Creating a New Code Review Bottleneck for Senior Engineers?

The New Stack

Documents the emerging 'AI Productivity Paradox': AI increases output but creates review bottlenecks. The 91% increase in PR review times despite 21% more tasks completed shows the shifting bottleneck problem. Critical for organizational integration dimension.

Key Findings:

• Teams with heavy AI use completed 21% more tasks but PR review times increased 91%
• 67% of developers spend more time debugging AI-generated code
• 68% note increased time spent on code reviews

Credibility: medium

Referenced by:

AI System Monitoring Compare Chat vs RAG vs Agent

View Source ↗

✓ Cognition: Devin 2.0 shows production-ready agent metrics ⓘ

×

Devin 2.0: Performance Review and Enterprise Metrics

Cognition

Devin 2.0 shows maturation of autonomous coding agents: 4x faster, 67% merge rate, enterprise adoption (Goldman Sachs, Nubank). The $20/month pricing democratizes access. The 'interactive planning' feature addresses human oversight concerns. Critical for understanding the enterprise autonomous coding landscape.

Key Findings:

• Devin 2.0 released April 2025 with $20/month Core plan (down from $500)
• 4x faster problem solving, 2x more efficient resource consumption
• 67% PR merge rate (up from 34% in 2024)

Credibility: high

View Source ↗

Learn More

• ConceptUnderstand autonomous agent patterns and supervision strategies
• ConceptUse TDD to anchor agent behavior and avoid vibe coding
• ConversationLearn when to delegate vs maintain control
• ExerciseBuild and supervise a multi-step agent workflow
• ExerciseConfigure Claude Code hooks and Git hooks for automated verification
• ConversationOrchestrate multiple agents with git worktree isolation
• ConversationMaintain context across multi-day agent sessions

2025 Context

Late 2025 saw a paradigm shift to 'agent-first' IDEs: Cursor 2.0's Composer model enables 8 parallel agents, Google Antigravity's Manager view orchestrates autonomous agents, and Devin 2.0's 67% PR merge rate shows agents are production-ready. OWASP's Top 10 for Agentic AI (Dec 2025) formalized security risks including goal hijacking and tool misuse. The new skill is 'agent supervision' - not writing code, but directing and verifying AI that writes code.

Assessment Questions (10)

Maximum possible score: 46 points

○ Q1 single choice 4 pts

How often do you use agent mode or autonomous coding features?

[0] Never / Not available to me

[1] Rarely - I prefer manual control

[2] Sometimes - for specific types of tasks

[3] Regularly - it's part of my workflow

[4] Frequently - I supervise agents daily

✓ GitHub: GitHub Copilot agent mode enables autonomous multi-file coding ⓘ

×

GitHub Copilot Agent Mode Documentation

GitHub

GitHub Copilot's agent mode enables autonomous multi-file editing, allowing AI to plan and execute complex changes across a codebase without step-by-step human approval. This capability requires careful supervision practices since agents can introduce cascading errors across multiple files. Critical for agentic_supervision dimension - assessing how organizations manage autonomous AI coding.

Key Findings:

• Agent mode can edit multiple files autonomously across a codebase
• Requires explicit approval before applying changes (diff review checkpoint)
• Supports iterative refinement: review, request changes, re-generate

Credibility: high

Referenced by:

Scoped Task Delegation: Giving AI the Right Level of Autonomy

View Source ↗

✓ Google DORA: Agent mode represents the next evolution in AI-assisted development ⓘ

×

State of AI-Assisted Software Development 2025

Google DORA

The 2025 DORA report introduces the 'AI Capabilities Model' identifying seven practices that amplify AI benefits. The core insight is that AI is an 'amplifier' - it magnifies existing organizational strengths AND weaknesses. Key stats: 89% of orgs prioritizing AI, 76% of devs using daily, but 39% have low trust. The trust research is critical: developers who trust AI more are more productive, but trust must be earned through organizational support (policies, training time, addressing concerns). The 451% adoption increase from acceptable-use policies is remarkable - clarity enables adoption.

Key Findings:

• 89% of organizations prioritizing AI integration into applications
• 76% of technologists rely on AI for parts of their daily work
• 75% of developers report positive productivity impact from AI

Credibility: high

Referenced by:

Debug a Hallucinating AI Monthly Source Audit: Maintaining Content Accuracy

View Source ↗

○ Q2 multi select 5 pts

What scope of tasks do you delegate to agent mode?

[1] Single file edits

[1] Multi-file refactoring

[1] Implementing new features

[1] Bug fixes with test updates

[1] Framework/library migrations

[0] I don't use agent mode

✓ BMad Code: Task decomposition is critical for effective agentic workflows ⓘ

×

BMAD-METHOD: Breakthrough Method for Agile AI Driven Development

BMad Code

BMAD represents the multi-agent orchestration approach to AI development. Unlike simple chat-based AI assistance, BMAD uses specialized agents (Analyst, Architect, Developer, QA) coordinated by an orchestrator. Key innovation: zero context loss between tasks. Represents advanced maturity in agentic workflows.

Key Findings:

• 19+ specialized AI agents with distinct roles (Analyst, Architect, Developer, QA)
• 50+ workflows covering full SDLC: requirements → architecture → implementation → testing
• Model routing by task complexity: Haiku for routine, Sonnet for analysis, Opus for novel problems

Credibility: medium

View Source ↗

✓ GitHub: Agent mode works best with well-scoped tasks ⓘ

×

GitHub Copilot Agent Mode Documentation

GitHub

GitHub Copilot's agent mode enables autonomous multi-file editing, allowing AI to plan and execute complex changes across a codebase without step-by-step human approval. This capability requires careful supervision practices since agents can introduce cascading errors across multiple files. Critical for agentic_supervision dimension - assessing how organizations manage autonomous AI coding.

Key Findings:

• Agent mode can edit multiple files autonomously across a codebase
• Requires explicit approval before applying changes (diff review checkpoint)
• Supports iterative refinement: review, request changes, re-generate

Credibility: high

Referenced by:

Scoped Task Delegation: Giving AI the Right Level of Autonomy

View Source ↗

○ Q3 single choice 5 pts

How do you review changes made by agent mode?

[0] I accept if it runs/compiles

[1] Quick skim of the diff

[2] Careful line-by-line review of all changes

[3] Review + run comprehensive tests

[4] Use AI to review AI changes, then spot-check

[5] Layered approach: AI review + human review + tests

Note: Using AI to review AI (e.g., asking Opus to review changes made by Flash) is an emerging best practice

✓ Qodo: AI reviewing AI is an emerging best practice ⓘ

×

AI Code Review and the Best AI Code Review Tools in 2025

Qodo

Comprehensive overview of AI code review tools and AI-reviewing-AI patterns. Key for agentic_supervision dimension - validates that AI reviewing AI is an emerging best practice.

Key Findings:

• 84% of developers now using AI tools, 41% of code is AI-generated
• Leading AI review tools: CodeRabbit, Codacy Guardrails, Snyk DeepCode
• AI-to-AI review is an emerging pattern (AI reviews AI-generated code)

Credibility: high

Referenced by:

Guardrails

View Source ↗

✓ Anthropic: Multi-agent debate with diverse models outperforms single-model approaches ⓘ

×

Multi-Agent Collaboration Best Practices

Anthropic

Official guidance on multi-agent patterns including debate (multiple models reviewing each other), TDD splits (one writes tests, another implements), and Architect/Implementer separation. Research shows diverse model debate (Claude + Gemini + GPT) achieves 91% on GSM-8K vs 82% for identical models.

Key Findings:

• Separate Claude instances can communicate via shared scratchpads
• Multi-agent debate with diverse models outperforms single-model approaches
• Writer/Reviewer and TDD splits improve output quality

Credibility: high

Referenced by:

Agentic Loops TDD for AI Agents Running Multiple AI Agents in Parallel

View Source ↗

○ Q4 single choice 4 pts

How often do you intervene during an agent mode session?

[1] Never - I let it finish completely

[2] Rarely - only if obviously going wrong

[3] Sometimes - I course-correct when needed

[4] Regularly - I treat it as pair programming

[3] Frequently - I stay engaged throughout

Note: 'Pair programming' approach scores highest—active but not micromanaging

✓ Addy Osmani: Trust but verify pattern applies to agent mode supervision ⓘ

×

The 'Trust, But Verify' Pattern For AI-Assisted Engineering

This article provides the conceptual framework for our trust_calibration dimension. The three principles (Blind Trust is Vulnerability, Copilot Not Autopilot, Human Accountability Remains) directly inform our survey questions. The emphasis on verification over speed aligns with METR findings. Practical guidance includes starting conservatively with AI on low-stakes tasks.

Key Findings:

• Blind trust in AI-generated code is a vulnerability
• AI tools function as 'Copilot, Not Autopilot'
• Human verification is the new development bottleneck

Credibility: high

Referenced by:

Calibrated AI Use When AI Gives Garbage Output: A Systematic Troubleshooting Guide Knowing When NOT to Ask AI: Preserving Core Skills Good vs Bad Context: A Side-by-Side Comparison Catching a Hallucination: Trust but Verify Security Review Workflow: AI-Assisted Code Auditing

View Source ↗

✓ Google DORA: Active supervision remains critical even with autonomous AI ⓘ

×

State of AI-Assisted Software Development 2025

Google DORA

The 2025 DORA report introduces the 'AI Capabilities Model' identifying seven practices that amplify AI benefits. The core insight is that AI is an 'amplifier' - it magnifies existing organizational strengths AND weaknesses. Key stats: 89% of orgs prioritizing AI, 76% of devs using daily, but 39% have low trust. The trust research is critical: developers who trust AI more are more productive, but trust must be earned through organizational support (policies, training time, addressing concerns). The 451% adoption increase from acceptable-use policies is remarkable - clarity enables adoption.

Key Findings:

• 89% of organizations prioritizing AI integration into applications
• 76% of technologists rely on AI for parts of their daily work
• 75% of developers report positive productivity impact from AI

Credibility: high

Referenced by:

Debug a Hallucinating AI Monthly Source Audit: Maintaining Content Accuracy

View Source ↗

○ Q5 single choice 4 pts

How often do you reject or rollback agent mode changes?

[0] Never - I always accept

[2] Rarely - less than 10% of the time

[4] Sometimes - 10-30% of the time

[3] Often - 30-50% of the time

[1] Very often - more than 50%

Note: 10-30% rollback rate indicates calibrated supervision. Never or >50% suggests miscalibration.

✓ GitHub/Accenture: Calibrated acceptance/rejection rates indicate healthy AI usage ⓘ

×

Research: Quantifying GitHub Copilot's impact in the enterprise with Accenture

GitHub/Accenture

This is the primary source for the 30% acceptance rate benchmark and the 88% code retention statistic. The 95% enjoyment and 90% fulfillment stats are powerful for adoption justification. The 84% increase in successful builds directly supports the claim that AI doesn't sacrifice quality for speed. Published May 2024, so represents mature Copilot usage patterns.

Key Findings:

• 95% of developers said they enjoyed coding more with GitHub Copilot
• 90% of developers felt more fulfilled with their jobs when using GitHub Copilot
• Developers accepted around 30% of GitHub Copilot's suggestions

Credibility: high

Referenced by:

The AI Productivity Paradox

View Source ↗

○ Q6 single choice 5 pts

For complex tasks spanning multiple sessions, how do you maintain context?

[1] I restart context each session - no continuity

[2] I copy/paste relevant context manually

[3] I maintain project context files (CLAUDE.md, etc.)

[4] I use persistent memory tools (Beads, etc.)

[5] I use structured multi-session workflows (BMAD, Spec Kit)

Note: Multi-session memory is a 2025 frontier capability. Beads (Steve Yegge) and BMAD represent mature approaches to context continuity.

✓ Steve Yegge: Beads provides persistent session memory for coding agents ⓘ

×

Introducing Beads: A Coding Agent Memory System

Beads solves the 'context loss' problem in multi-session AI development. Rather than storing tasks in unstructured markdown, Beads uses Git-backed JSONL files that agents can query for 'ready' work. Key for long-horizon tasks spanning multiple days or sessions. Represents the frontier of AI workflow tooling for persistent memory.

Key Findings:

• Git-backed issue tracker designed for AI coding agents
• Persistent session memory across restarts
• Dependency-aware task graph (DAG)

Credibility: high

View Source ↗

✓ BMad Code: BMAD provides zero context loss between tasks ⓘ

×

BMAD-METHOD: Breakthrough Method for Agile AI Driven Development

BMad Code

BMAD represents the multi-agent orchestration approach to AI development. Unlike simple chat-based AI assistance, BMAD uses specialized agents (Analyst, Architect, Developer, QA) coordinated by an orchestrator. Key innovation: zero context loss between tasks. Represents advanced maturity in agentic workflows.

Key Findings:

• 19+ specialized AI agents with distinct roles (Analyst, Architect, Developer, QA)
• 50+ workflows covering full SDLC: requirements → architecture → implementation → testing
• Model routing by task complexity: Haiku for routine, Sonnet for analysis, Opus for novel problems

Credibility: medium

View Source ↗

○ Q7 single choice 5 pts

Do you review agent execution plans BEFORE letting agents make changes?

[1] No - I let agents work autonomously

[2] Sometimes - for larger tasks

[3] Usually - I use plan mode or similar

[4] Always - I review and approve plans before execution

[5] I edit and refine agent plans before execution

Note: Devin 2.0 introduced interactive planning: users can edit/approve execution plans before task execution. Google Antigravity uses Artifacts to make agent reasoning visible. Pre-execution review is a critical control.

✓ Cognition: Devin 2.0 supports interactive planning: users can edit/approve execution plans ⓘ

×

Devin 2.0: Performance Review and Enterprise Metrics

Cognition

Devin 2.0 shows maturation of autonomous coding agents: 4x faster, 67% merge rate, enterprise adoption (Goldman Sachs, Nubank). The $20/month pricing democratizes access. The 'interactive planning' feature addresses human oversight concerns. Critical for understanding the enterprise autonomous coding landscape.

Key Findings:

• Devin 2.0 released April 2025 with $20/month Core plan (down from $500)
• 4x faster problem solving, 2x more efficient resource consumption
• 67% PR merge rate (up from 34% in 2024)

Credibility: high

View Source ↗

✓ Google: Antigravity Artifacts make agent reasoning visible before execution ⓘ

×

Google Antigravity: Agent-First Development Platform

Google

Google Antigravity represents the 'agent-first IDE' paradigm: agents work autonomously while humans supervise via Manager view. The Artifacts system addresses trust by making agent reasoning visible. Multi-model support (Gemini, Claude, GPT) shows the future is model-agnostic. Critical for agentic_supervision dimension.

Key Findings:

• Announced November 18, 2025 alongside Gemini 3
• Agent-first IDE paradigm (vs AI-assisted coding)
• Two views: Editor view (traditional) and Manager view (agent orchestration)

Credibility: high

View Source ↗

✓ Anthropic: Plan mode shows intentions before making changes ⓘ

×

Claude Code: Best practices for agentic coding

Anthropic

Official best practices for Claude Code agentic development. Key for agentic_supervision dimension - demonstrates multi-file autonomous editing capabilities and supervision approaches.

Key Findings:

• Claude Code is a command line tool for agentic coding
• CLAUDE.md provides project-specific context and instructions
• Plan mode shows intentions before making changes

Credibility: high

Referenced by:

Agentic Workflows Multi-Day Sessions: Maintaining Context Across Days Scoped Task Delegation: Giving AI the Right Level of Autonomy Build Your Own Slash Commands: The Prompt Templates Behind the Magic Good vs Bad Context: A Side-by-Side Comparison Iterative Specification: Refining Your Request Quick Context Patterns for Small Tasks Repository Onboarding: The Golden Prompt from GitHub Docs Spec-Driven Development with Real Slash Commands Match Workflow Weight to Task Size

View Source ↗

○ Q8 single choice 5 pts

Do you apply 'Least Agency' security principles when using AI agents?

[0] Not familiar with agentic security risks or Least Agency

[1] Aware of risks (prompt injection, tool misuse) but don't actively mitigate

[2] I limit agent scope to specific tasks

[3] I restrict agent permissions (file access, network, etc.)

[5] I apply layered controls based on OWASP Agentic AI guidelines

Note: OWASP Top 10 for Agentic AI (Dec 2025) identifies critical risks: goal hijacking, tool misuse, privilege escalation. 'Least Agency' principle: only grant agents the minimum autonomy required. Layered controls combine scope limits + permissions + monitoring.

✓ OWASP GenAI Security Project: OWASP defines 10 critical agentic AI security risks; Least Agency principle for safe agent usage ⓘ

×

OWASP Top 10 for Agentic Applications 2026

OWASP GenAI Security Project

The first OWASP security framework specifically for agentic AI systems. The 'Least Agency' principle is critical for our agentic_supervision dimension. Key risks (goal hijacking, tool misuse, rogue agents) directly inform supervision recommendations. Released December 2025, this is the authoritative security guide for AI coding agents.

Key Findings:

• ASI01 - Agent Goal Hijack: Prompt injection manipulates agent goals
• ASI02 - Tool Misuse: Agents misuse legitimate tools for data exfiltration
• ASI03 - Identity & Privilege Abuse: Confused deputy and privilege escalation

Credibility: high

Referenced by:

Guardrails Quick Reference: AI Code Checklists Build a Read-Only MCP Server Compare Chat vs RAG vs Agent

View Source ↗

○ Q9 single choice 4 pts

How do you approach multi-agent workflows (multiple AI agents working in parallel)?

[0] Never used multi-agent workflows

[1] Tried but prefer single-agent for simplicity

[2] Use occasionally for independent tasks

[3] Regularly use with isolation strategies (git worktrees, remote machines)

[4] Advanced: orchestrate agents with Manager view or similar tooling

Note: Cursor 2.0's 8-parallel-agent architecture and Google Antigravity's Manager view represent the multi-agent frontier. Proper isolation (git worktrees) prevents agents from interfering with each other.

✓ Cursor (Anysphere): Cursor 2.0 enables up to 8 parallel agents via git worktrees ⓘ

×

Cursor 2.0: Composer Model and Multi-Agent Architecture

Cursor (Anysphere)

Cursor 2.0 represents the shift to agent-first IDEs: purpose-built Composer model for low-latency coding, up to 8 parallel agents, native browser integration, sandboxed execution. The MoE architecture and RL training show vendor investment in specialized coding models. Critical for understanding the 'agentic IDE' paradigm.

Key Findings:

• Cursor 2.0 released October 29, 2025
• Composer: first in-house large coding model, 4x faster than comparable models
• Multi-agent: up to 8 independent AI agents in parallel via git worktrees

Credibility: high

Referenced by:

Quick Reference: AI Code Checklists

View Source ↗

✓ Google: Antigravity's Manager view provides agent orchestration ⓘ

×

Google Antigravity: Agent-First Development Platform

Google

Google Antigravity represents the 'agent-first IDE' paradigm: agents work autonomously while humans supervise via Manager view. The Artifacts system addresses trust by making agent reasoning visible. Multi-model support (Gemini, Claude, GPT) shows the future is model-agnostic. Critical for agentic_supervision dimension.

Key Findings:

• Announced November 18, 2025 alongside Gemini 3
• Agent-first IDE paradigm (vs AI-assisted coding)
• Two views: Editor view (traditional) and Manager view (agent orchestration)

Credibility: high

View Source ↗

○ Q10 single choice 5 pts

Under what conditions do you use autonomous/YOLO modes (skip permission prompts)?

[3] Never - I always review each action

[3] Rarely - only for trivial tasks

[5] In sandboxed/throwaway environments only (containers, VMs, temp branches)

[1] On most projects after initial setup

[5] With explicit safeguards (network disabled, no prod credentials, isolated)

Note: YOLO/autonomous modes are powerful for prototyping but dangerous in production. Anthropic guidance: only in containers/VMs with network disabled. Sandboxed + safeguards scores highest.

✓ The Agentic Engineer: YOLO mode can be safe with hooks-based protection ⓘ

×

Taming Claude YOLO Mode with Safety Hooks

The Agentic Engineer

Practical guide to using YOLO mode safely via Claude Code's hook system. Rather than choosing between speed and safety, hooks intercept dangerous operations automatically. Key patterns: credential protection, destructive command blocking, Python-based filtering with regex.

Key Findings:

• Pre-tool-use hooks intercept operations before execution (exit 0 allows, exit 2 blocks)
• Protect credential files: block .env access while permitting .env.sample templates
• Block destructive patterns: rm -rf /, git push --force, chmod 777

Credibility: high

Referenced by:

Build a Test-Driven AI Agent Workflow

View Source ↗

Practice Conversations (4)

Learn through simulated conversations that demonstrate key concepts.

intermediate 12 min

Multi-Day Sessions: Maintaining Context Across Days

You're working on a feature that spans multiple days and need to maintain context between sessions

17 messages →

advanced 15 min

Running Multiple AI Agents in Parallel

You have a complex feature with multiple independent parts that could be developed simultaneously

19 messages →

advanced 15 min

Managing Review Fatigue: When AI Output Overwhelms Human Oversight

Your AI coding agent has generated 500 lines of changes across 12 files. You need to review it but your attention is flagging.

8 messages →

intermediate 12 min

Scoped Task Delegation: Giving AI the Right Level of Autonomy

You're using an AI coding agent (Claude Code, Cursor, Windsurf) that can run commands and modify files

9 messages →