How can a coding agent fix a bug, run tests, and commit while you stay in control?

Question

Accepted Answer

A coding **agent** can drive a bug fix end-to-end — reproduce, locate, fix, verify, commit — but you stay in control by gating the loop with **scoped permissions, human approval, and small reversible steps**. The agent does the typing; you decide what actually lands.

## The loop

```text
1. REPRODUCE  → write/run a failing test that demonstrates the bug (red)
2. LOCATE     → search the codebase, read the relevant files, form a hypothesis
3. PROPOSE    → draft a minimal fix (you can review the plan before any edit)
4. VERIFY     → run tests + lint/typecheck → fix is proven by the test going green
5. REVIEW     → show the DIFF for your approval (nothing committed yet)
6. COMMIT     → only after approval, on a branch, with a clear message
```

The key idea is **test-driven verification**: the agent does not claim "fixed" — it proves it by making a failing test pass. The failing test from step 1 is the objective signal that the change worked.

## Control mechanisms

```text
- SCOPED PERMISSIONS → allowlist safe commands (test, lint); prompt for the rest
- APPROVAL GATES     → human confirms destructive/irreversible actions + the final commit
- SMALL STEPS        → one focused change at a time → easy to review and revert
- BRANCH / WORKTREE   → work isolated from main; throw it away if it goes wrong
- DIFF REVIEW        → read the actual diff before commit, not just the agent's summary
```

```bash
# The agent runs the suite itself and reports the result before proposing a commit
npm test -- --runInBand   # red before the fix, green after → objective verification
git diff                  # you review every line that will be committed
```

Running in a **branch or git worktree** means the worst case is `git checkout main` — the experiment never touched your working state. Small, reversible commits make any single step easy to inspect and undo.

## Why it matters

Agentic coding shifts you from typing every line to **reviewing and steering**. The leverage is real, but so is the risk of an agent confidently shipping a wrong or destructive change. Keeping a human approval gate before commits, verifying with tests rather than trusting prose, and isolating work in a branch lets you capture the speed of automation while staying the one who decides what reaches `main`.