The Responsibility Split
Delegation to an agent is not delegation of responsibility — it's delegation of production. The agent produces diffs, tests, and analysis at extraordinary speed; you still own every decision about whether that production is correct, safe, and done. Teams that get this split wrong fail in one of two directions: hoarding work the agent does better and faster, or shipping agent judgment as if it were their own.
What never delegates
- Architecture decisions. The agent will happily propose an event-driven design, and happily propose a monolith five minutes later with equal conviction. It optimizes for a coherent answer, not for your system's ten-year trajectory, your team's skills, or your ops budget. Use it to explore options exhaustively; make the call yourself and record it in a decision record.
- Tradeoff acceptance. "Faster but eventually consistent," "simpler but locks us to Postgres" — an agent can enumerate tradeoffs brilliantly. It cannot accept one, because acceptance means someone owns the consequences when the tradeoff bites in production.
- Security posture. What data is sensitive, what the threat model is, whether this auth shortcut is tolerable for an internal tool — these depend on context the repo doesn't contain and stakes the agent doesn't carry. Agent-generated security-relevant code gets human review, always, regardless of how routine it looks.
- "Is this done?" The agent's done-signal is "the artifacts I can check pass." Yours is "this behaves correctly for our users under real conditions." Those are different claims, and only a human can make the second one. This is why verification strategy and quality gates are human-designed even when agent-executed.
- Production judgment. Deploy now or wait? Is this error rate acceptable? Roll back or fix forward? Real-time operational calls under uncertainty stay human — the agent assists the production debugging, you make the calls.
The full argument for the architecture items is in What Not to Delegate.
What delegates well
- Diff production. Implementation of a decided design against a written spec — the agent's core competence. Your leverage is in the spec quality; see Prompts vs Specs.
- Mechanical refactors. Renames, API migrations, pattern rollouts across 80 files — high-volume, low-judgment, easily verified by compiler and tests. Near-zero-risk delegation.
- Test scaffolding. Generating table-driven test skeletons, fixtures, edge-case enumerations. Note the asymmetry: agents scaffold tests well but choosing what's worth testing — and noticing what's missing — stays with you. See Reviewing AI Tests.
- Research summaries. "How does auth flow through this codebase?", "What would upgrading to Express 5 break?" — the agent reads faster and wider than you and its errors here are cheap, because research output informs your decision rather than becoming production behavior.
- First drafts of anything. Docs, ADR option analyses, migration plans — provided a human pass turns the draft into a commitment.
Responsibility-split table
| Responsibility | Human | Agent | Notes |
|---|---|---|---|
| Choose the architecture | Owns | Explores options, drafts analyses | Decision recorded in an ADR by a human |
| Accept tradeoffs | Owns | Enumerates them | Acceptance = owning consequences |
| Define security posture | Owns | Implements controls, flags issues | Human review on all security-relevant diffs |
| Write the spec | Owns | Drafts, critiques, finds gaps | Human commits; see Writing Effective Specs |
| Produce the diff | Reviews | Owns production | The core delegation |
| Mechanical refactors | Spot-checks | Owns | Verified by compiler + tests |
| Test scaffolding | Decides what to test | Generates the tests | Coverage gaps are a human catch |
| Research and summarization | Validates conclusions | Owns the legwork | Cheap errors; high leverage |
| Declare "done" | Owns | Reports status + evidence | Agent claims are inputs, not verdicts |
| Deploy / rollback calls | Owns | Assists diagnosis | Stakes live outside the repo |
The loop with review gates
Two gates, both human. The plan gate is cheap and catches wrong-direction work before it costs anything — in Claude Code, this is plan mode: review the plan before any file changes. The diff gate is where "plausible" gets tested against "correct" (see Reviewing AI PRs). The escape edge from gate 2 back to the human matters: sometimes the diff is faithful and the spec was wrong, and that rework is yours, not the agent's.
Accountability doesn't compile
When agent-written code corrupts customer data, no incident review in history has ended with "root cause: Claude." The commit has your name on it, the PR has your approval on it, and the pager has your team on it. The agent is never accountable because accountability requires the capacity to bear consequences, and the agent bears none — it doesn't get paged, demoted, or sued.
This isn't a moral footnote; it's the design principle behind the whole split. Every "never delegates" item above is exactly the set of decisions where consequences land on someone. The practical test for any task: "If this goes wrong in production, is my explanation 'the agent did it'?" If that explanation feels necessary, you skipped a gate that was yours to hold. Delegate the typing at full speed — the signature stays yours.
Related
- What Not to Delegate — the architecture-specific half of this split, in depth.
- Mental Models — the fast-junior model that explains why judgment doesn't transfer with delegation.
- Why Agents Fail — task execution vs engineering judgment, mechanically.
- Reviewing AI PRs — running the diff gate well.
- Quality Gates — turning "is this done?" from a feeling into a checkable procedure.
- Verification Strategy — designing the evidence you require before declaring done.