grapgrap

Round 2: How to name a new small lockfile for storing pnpm version integrities, plugin dependencies, config dependencies?

Killing code review is a solution for maybe 20% of the software industry. The other 80% operates under SOC 2, PCI-DSS, HIPAA, or FedRAMP. Every one of those frameworks requires documented human approval on code changes touching sensitive systems. Stripe cannot kill code review. JPMorgan cannot kill code review. Epic, Anthem, any defense contractor with a government contract: same answer. The compliance requirement is an audit finding that triggers customer contract terminations. The teams swyx is describing are consumer startups and developer tools. Real user bases, real codebases, but a narrow slice of where software actually runs at scale. The math on the 91% review time increase is brutal and real for those teams. But the agentic engineering conversation keeps getting framed as universal when it applies to a fraction of production software. The majority of enterprise shops will have a human in the review loop for the next decade minimum, mandated by regulators who don’t move fast and don’t care about throughput metrics. This creates a permanent two-tier software industry. Consumer and dev-tool companies ship at AI speed with AI review. Regulated industries stay on human review cycles. The productivity gap between those two tiers compounds every year, and most of the teams reading this thread are on the wrong side of it.