Back to Research

AI coding workflow patterns that survive review

Four AI coding workflow patterns that keep agent work reviewable: CLAUDE.md precedence, replay sandwiches, connector cards, and child receipts.

The River Wensum, Norwich, landscape painting by John Crome (1814).
Rogier MullerMarch 15, 20265 min read

An AI coding workflow pattern is a small written contract that says how an agent may work: its scope, its permissions, how it verifies, and what proof travels with the change. The good ones share one trait. The contract lives in a file, not in someone's head, so a reviewer who never watched the session can still defend the merge. Below are the four we set up first when a team adopts Cursor (Anysphere's AI code editor), Claude Code (Anthropic's coding agent), or Codex CLI (OpenAI's coding agent).

We started writing these down after a connector audit that was supposed to take an hour. We found one MCP call that looked harmless until credentials showed up in the transcript, and every merge that touched that session went back into the review queue. The fix was never a smarter agent. It was four files.

Write a precedence clause so sessions stop inventing policy

Bash approvals turn into muscle memory within a week of adopting Claude Code. You click yes, then yes again, and soon each session is making up its own rules about what it may touch.

Hooks help, but the real fix is a precedence clause at the top of CLAUDE.md. State which hooks win, which folders need a human, and where temporary overrides live. Once that is written down, sessions stop improvising mid-run, because the policy is on disk instead of in the last thing someone approved.

Make Codex runs replay without standing behind a terminal

Teams on Codex CLI often merge a green run that no reviewer ever watched execute. The commands ran. The story of why just did not survive the trip to the pull request.

The fix is a replay sandwich. Your AGENTS.md requires three things before any PR opens: one intent line, the command transcript, and a diff summary. Now review is reproducible from the PR body alone. Nobody has to lean over a colleague's keyboard to trust the result.

Give every MCP connector a one-card boundary

Wire up MCP quickly and a connector ends up touching data nobody put on the diagram. Connectors ship as capability demos by default, so least privilege only happens if you write the trust boundary down.

One markdown card per MCP server does it: allowed actions, forbidden actions, owner, rollback. Incidents get smaller because operators know what "off" looks like before anything goes wrong.

Demand a receipt from every child agent

Chained agents return summaries that quietly drop the paths a child owned, and the parent green-lights a diff it never read. The mystery diff is a category of bug, not bad luck.

A child receipt block closes it. Every child returns the paths it touched, the commands it ran, and the tests that prove the regression guards hold. Here is a delegation snapshot you can drop in and adapt to your repo:

---
description: Delegation boundary snapshot (adapt globs to your repo)
globs:
  - "**/*"
alwaysApply: false
---

- Cursor: keep scopes explicit in `.mdc`; forbid undeclared MCP domains.
- Claude Code: cite `CLAUDE.md` precedence before expanding bash scope.
- Codex: ensure `AGENTS.md` carries replay-friendly verification notes for CLI runs.

Check the work in two minutes from the PR

A pattern only counts if a reviewer can test it from the PR body without replaying a chat. These four questions do that:

Gate Question
Receipt match Does the PR body list scopes plus a verification transcript?
Rules precedence Which .mdc, SKILL.md, or CLAUDE.md governed behavior?
Connector truth Which MCP servers fired, and were they expected?
Reviewer path Can someone unfamiliar trace intent without chat replay?

None of this replaces architecture judgment. Agents speed up execution, not ownership. They amplify whatever clarity already exists in your files, hooks, and scopes, and they amplify the ambiguity just as faithfully. The agentic coding governance topic collects the sibling patterns if you want the full set.

The vendor docs are worth a read while you set these up: the Claude Code getting-started guide and the Codex CLI quickstart both cover the config files these patterns lean on. For the connector card, the OWASP Top 10 for LLM Applications is a good checklist of what an MCP boundary should keep out.

Common questions

What are AI coding workflow patterns? They are repeatable contracts for agent-assisted development: written scope, permission precedence, verification commands, and receipts that travel with the PR. A good pattern passes one test. A reviewer who never saw the session can still defend the merge from the artifacts alone, no chat replay required.

How do we stop a coding agent from inventing policy mid-run? Write the precedence into the repo. A clause at the top of CLAUDE.md says which hooks win, which folders need human eyes, and where overrides live. Once that lives on disk, sessions stop improvising and bash approvals stop drifting into reflexive yes-clicking after the first busy week.

Why do agent PRs pass CI but still fail review? Because CI checks behavior while review checks the story. A green run with no intent line, no command transcript, and no diff summary forces reviewers to reconstruct what happened from scratch. The replay sandwich fixes this by making the transcript part of the PR itself, so the narrative arrives with the code.

Start with one pattern, not four

Pick the pattern that matches your loudest recent surprise and turn it into a real file before the next agent run. The fastest way to make these stick is to rehearse them on a live repo with the people who review the merges: team training.

Related training topics

Related research

Ready to start?

Transform how your team builds software.

Book a 15-minute sync