Skip to content

The Responsibility Split

Delegation to an agent is not delegation of responsibility — it's delegation of production. The agent produces diffs, tests, and analysis at extraordinary speed; you still own every decision about whether that production is correct, safe, and done. Teams that get this split wrong fail in one of two directions: hoarding work the agent does better and faster, or shipping agent judgment as if it were their own.

What never delegates

  • Architecture decisions. The agent will happily propose an event-driven design, and happily propose a monolith five minutes later with equal conviction. It optimizes for a coherent answer, not for your system's ten-year trajectory, your team's skills, or your ops budget. Use it to explore options exhaustively; make the call yourself and record it in a decision record.
  • Tradeoff acceptance. "Faster but eventually consistent," "simpler but locks us to Postgres" — an agent can enumerate tradeoffs brilliantly. It cannot accept one, because acceptance means someone owns the consequences when the tradeoff bites in production.
  • Security posture. What data is sensitive, what the threat model is, whether this auth shortcut is tolerable for an internal tool — these depend on context the repo doesn't contain and stakes the agent doesn't carry. Agent-generated security-relevant code gets human review, always, regardless of how routine it looks.
  • "Is this done?" The agent's done-signal is "the artifacts I can check pass." Yours is "this behaves correctly for our users under real conditions." Those are different claims, and only a human can make the second one. This is why verification strategy and quality gates are human-designed even when agent-executed.
  • Production judgment. Deploy now or wait? Is this error rate acceptable? Roll back or fix forward? Real-time operational calls under uncertainty stay human — the agent assists the production debugging, you make the calls.

The full argument for the architecture items is in What Not to Delegate.

What delegates well

  • Diff production. Implementation of a decided design against a written spec — the agent's core competence. Your leverage is in the spec quality; see Prompts vs Specs.
  • Mechanical refactors. Renames, API migrations, pattern rollouts across 80 files — high-volume, low-judgment, easily verified by compiler and tests. Near-zero-risk delegation.
  • Test scaffolding. Generating table-driven test skeletons, fixtures, edge-case enumerations. Note the asymmetry: agents scaffold tests well but choosing what's worth testing — and noticing what's missing — stays with you. See Reviewing AI Tests.
  • Research summaries. "How does auth flow through this codebase?", "What would upgrading to Express 5 break?" — the agent reads faster and wider than you and its errors here are cheap, because research output informs your decision rather than becoming production behavior.
  • First drafts of anything. Docs, ADR option analyses, migration plans — provided a human pass turns the draft into a commitment.

Responsibility-split table

ResponsibilityHumanAgentNotes
Choose the architectureOwnsExplores options, drafts analysesDecision recorded in an ADR by a human
Accept tradeoffsOwnsEnumerates themAcceptance = owning consequences
Define security postureOwnsImplements controls, flags issuesHuman review on all security-relevant diffs
Write the specOwnsDrafts, critiques, finds gapsHuman commits; see Writing Effective Specs
Produce the diffReviewsOwns productionThe core delegation
Mechanical refactorsSpot-checksOwnsVerified by compiler + tests
Test scaffoldingDecides what to testGenerates the testsCoverage gaps are a human catch
Research and summarizationValidates conclusionsOwns the legworkCheap errors; high leverage
Declare "done"OwnsReports status + evidenceAgent claims are inputs, not verdicts
Deploy / rollback callsOwnsAssists diagnosisStakes live outside the repo

The loop with review gates

Two gates, both human. The plan gate is cheap and catches wrong-direction work before it costs anything — in Claude Code, this is plan mode: review the plan before any file changes. The diff gate is where "plausible" gets tested against "correct" (see Reviewing AI PRs). The escape edge from gate 2 back to the human matters: sometimes the diff is faithful and the spec was wrong, and that rework is yours, not the agent's.

Accountability doesn't compile

When agent-written code corrupts customer data, no incident review in history has ended with "root cause: Claude." The commit has your name on it, the PR has your approval on it, and the pager has your team on it. The agent is never accountable because accountability requires the capacity to bear consequences, and the agent bears none — it doesn't get paged, demoted, or sued.

This isn't a moral footnote; it's the design principle behind the whole split. Every "never delegates" item above is exactly the set of decisions where consequences land on someone. The practical test for any task: "If this goes wrong in production, is my explanation 'the agent did it'?" If that explanation feels necessary, you skipped a gate that was yours to hold. Delegate the typing at full speed — the signature stays yours.

A field manual for AI-native software engineering.