Thomas De Vos 👍

After a decade building AI systems for financial institutions, I wrote the book I wish I had when I started with agents. "Claude Code: Building Production Agents That Actually Scale" is live on Leanpub. leanpub.com/claude-code-bu… #ClaudeCode #AIAgents #Anthropic #AIEngineering

Small MCP rule for Claude Code teams: every tool gets a blast radius, not a vibe. What data can it see? What can it change? What costs money? What needs a human? If nobody can answer that, the tool stays off. #ClaudeCode #MCP #AgenticCoding

@six_2_eight Passing tests are a receipt, not the evidence pack. For AI-generated changes I want the agent to hand back: what it touched, which risky paths it exercised, what it could not verify, and the smallest rollback plan if the review smells wrong.

AI writes the code. You still have to QA it. Passing tests ≠ reliable software. We learned that the hard way. Here's the framework we use to validate Claude Code output before anything hits production from test pyramid basics to security checks to flaky test rules. The one rule we never break, if any check fails, we don't merge. Which part of QA does your team still skip?

@MadaShindeInai This is the right instinct. I’d rather lose a little convenience than give an agent host-level write access by habit. The sandbox boundary should be boring: mounted worktree, narrow network, explicit secrets, and a clean way to throw the whole run away.

Running Claude Code with --dangerously-skip-permissions on your host? You shouldn't. I containerized mine without losing DX. Docker Sandboxes (sbx) + a tiny shell function gets you most of the way there. Full writeup: @madashindeinai/sandboxing-claude-code-a-nearly-frictionless-setup-for-daily-use-a50f557ab33a" target="_blank" rel="nofollow noopener">medium.com/@madashindeina…

The Claude Code review question I keep using: what decision did the agent make that a human should have owned? Auth, data access, test meaning, rollout risk. If those slipped through, the boundary was too vague. #ClaudeCode #AgenticCoding

Claude Code permissions are where agent safety gets real. If a run needs production data, billing config, deploy access, or a wider MCP tool, the default should be: stop and ask. New post: thomasdevos.com/posts/2026-05-… #ClaudeCode

Exactly what I discuss in my book leanpub.com/claude-code-bu… #claude #cost

@_brian_johnson True ❤️… that’s the entire narrative of my book leanpub.com/claude-code-bu…

@thomasdevos69 The stop rule is the part most people skip. Once agents can spend money or mutate real data, observability is not optional anymore.

MCP turns Claude Code from editor into operator. Before the first run, write the blast radius down: data it can read, files it can change, commands it can call, money it can spend, and the stop rule. #ClaudeCode #MCP

@JE4NVRG Key narrative of my best selling book leanpub.com/claude-code-bu…

@thomasdevos69 This is exactly the line that matters. Experimenting with agents is cheap; putting them near production needs traces, approval gates, rollback paths and tests that prove the diff, not just a confident summary.

I did a Leanpub launch interview for Claude Code: Building Production Agents That Actually Scale. The point I keep coming back to: experimenting with agents is easy. Trusting them near production is a different game. youtu.be/PEPfTKyjBOE #claudecode #production #ai #bestseller

One Claude Code habit I like: ask for the rollback note before the diff. If the agent cannot explain how to undo the change, it probably does not understand the blast radius yet. That catches more bad runs than another prompt tweak. #ClaudeCode #AgenticCoding

@coderchrisdean This is the right level of boring. Agent safety is mostly dull plumbing: narrow tokens, separate backup credentials, human confirmation outside the agent path, and logs you can audit after the damage almost happened. The scary part is how many demos skip all four.

7/8 The real lesson isn't "AI is evil." It's that we're deploying AI coding agents into production infrastructure without: ✗ Scoped API tokens (tokens should only do 1 thing) ✗ Out-of-band confirmation for destructive actions ✗ True off-volume backups ✗ Rate limiting + anomaly detection ✗ Actual kill switches We're building 100mph cars on gravel roads.

1/8 🚨 THE AI AGENT THAT DELETED ITSELF (And took production with it) PocketOS founder Jer Crane just lived our worst nightmare: An AI coding agent using Cursor + Claude Opus 4.6 decided to "fix" a staging credential mismatch by deleting their entire production database. It took 9 seconds.

@signadot Yes. If the agent cannot run the changed path in something close to production, the speedup just moves the work to review. The useful metric is not lines changed per minute; it is how much evidence the agent hands back with the diff.

The productivity of AI coding agents is often a hidden tax on the developer. If an agent can’t run its own changes in a production-like environment, the correctness work falls back on the human.

If Claude Code touches production code, the risky part is the part you cannot replay: prompt, files inspected, tool calls, tests changed, stop rule ignored. Treat serious runs like incidents you may need to reconstruct. thomasdevos.com/claude-code-bo… #ClaudeCode #AgenticCoding

A Claude Code run is not finished when tests pass. It is finished when the reviewer can see scope, evidence, boundary pressure, remaining risk, and rollback. I wrote up the review packet I would ask for before merge: thomasdevos.com/posts/2026-05-… #ClaudeCode #AgenticCoding

The expensive Claude Code run is not the one that fails fast. It is the loop that keeps 'fixing' with no budget, no diff owner, and no stop rule. Put a hard cap on tokens, tool calls, and retries before you hand it the repo. #ClaudeCode #AgenticCoding

@berkcangmsisik This is exactly where repo-level guardrails earn their keep. I’d want the tool to fail closed on env files, migrations and prod config unless the task explicitly names them, then leave a short permission trail in the PR. Silent “helpfulness” is the scary part.

AI coding agents are no longer just assistants. They edit files, suggest commands, refactor code and sometimes get close to sensitive areas like env files, migrations, auth, payments or production config. So I built repo-seatbelt. It scans your repo before Claude Code, Cursor or Codex touches it and gives you an AI Safety Score. Not a traditional security score. An AI agent readiness score. Fully offline. No API. No CDN. No external requests. GitHub github.com/berkcangumusis… npm npmjs.com/package/repo-s… How ready is your repo for AI agents?

@ghumare64 Yes. The real bottleneck is no longer “can it write code?” It is whether the run leaves enough evidence to review: diff, tests, failed paths, rollback note, and the exact approvals it needed. Without that, faster CI just moves the surprise closer to prod.

The bottleneck moved. AI coding agents made code generation faster. But production teams still need to validate, deploy, observe, approve, rollback, and debug that code. If your CI/CD system was designed for human-speed changes, agents will expose every weak point.

Claude Code gets risky when "please fix this" becomes delegated authority. Before the run, name what it can read, edit, call, spend, and merge without you. Checklist: thomasdevos.com/claude-code-pr… #ClaudeCode #AgenticCoding

Most Claude Code evals start too politely. The useful case is the run your reviewer still remembers: the tool call that crossed a line, the retry loop that burned cost, or the patch nobody could explain. New post: thomasdevos.com/posts/2026-05-… #ClaudeCode