The Short Leash AI Coding Method for High-Quality Software
The Short Leash AI Coding Method for High-Quality Software
The Short Leash Method: Prioritizing Human Oversight Over AI Autonomy
To produce high-quality software in security-critical systems, expert developers must treat AI agents as tools requiring constant supervision rather than autonomous orchestrators. The "Short Leash" method rejects the "vibe engineering" approach—where multiple agents operate in parallel with minimal human intervention—and instead mandates that the human developer remains the primary decision-maker and reviewer at every step of the process.
The Failures of Autonomous AI Coding
Autonomous AI coding systems often produce "slop"—code that may function but is inefficient, aesthetically poor, and lacking in architectural integrity. This is particularly prevalent in niche domains where training data is sparse, as models cannot think beyond their training sets.
Key risks of autonomous AI usage include:
- Loss of Codebase Understanding: Developers who remove themselves from the coding process lose the ability to understand how their own software works.
- Agent Drift: AI agents frequently "go off the rails," implementing unwanted changes or deleting previously completed work.
- Quality Degradation: Even frontier models like Fable 5 can produce inefficient and "ugly" code if left unsupervised.
Implementing the Short Leash Workflow
The Short Leash method is designed specifically for professional software developers who possess the expertise to outclass frontier AI models in their specific domain. The workflow consists of the following requirements:
1. Planning and Tracking
Developers should use a dedicated planning phase to research the task and formulate a plan. Tools like a "tasks skill" should be used to break large objectives into manageable subtasks to track progress accurately.
2. Strict Permission Control
To prevent the AI from making uncontrolled changes, developers must:
- Disable "YOLO" mode: Never skip permission prompts.
- Analyze Diffs: Use a coding agent that displays a diff of proposed changes within the permission prompt. The developer must manually analyze every change before granting permission.
- Deny Permissions: Immediately reject any proposed change that does not align with the intended goal.
3. Continuous Integration and Versioning
To avoid the loss of work—a known issue with models like Opus—commits must be made at the end of every single subtask. This ensures that the AI cannot accidentally delete previously verified progress.
Dual-Layer AI and Human Reviews
High-quality code requires a hybrid review process. A PR reviewed by both a human and an AI is consistently more accurate than a PR reviewed by either alone. In this model, the AI acts as a high-speed linter to catch common mistakes, while the human focuses on high-level architectural issues and directional changes.
The Review Protocol
- Contextual AI Review: The AI reviewer must have access to the full context, including the issue, PR description, the codebase, and the specific changes.
- AI Disclosure: Every PR description must include an "AI Disclosure" heading specifying the exact models used. This informs maintainers of the potential weaknesses of the models used and signals transparency.
- Mandatory Self-Review: If AI was used to generate the code, the author must review their own PR line-by-line as if they were reviewing a stranger's work. The author must explicitly confirm their approval before requesting a maintainer's review.
This process ensures that the human submitting the PR fully understands the code they are submitting, maintaining the integrity of the security-critical system.