RSS

My "blocked-by-default" approach to working with coding agents

swanros1 pts0 comments

My "blocked-by-default" approach to working with coding agents - Oscar Swanros

Saltar al contenido

Buscar<br>Coaching 1:1

In April this year, a headline made the rounds: an AI agent wiped a company's production database in nine seconds. Good intentions. Good context. Careful prompts. Nine seconds.

A well-meaning agent, with all the context in the world, can ruin your day in the time it takes to read this sentence.

I gave a talk about this recently. It was about two things I didn't expect to ever put in the same sentence: cave diving and working with coding agents. I'm an engineering manager by trade and a diver growing my technical skills by obsession, and the two crafts have ended up in conversation with each other far more than I anticipated.

Here's the through-line: the failure mode shows up before the failure does. Divers have known this for fifty years. We're relearning it now, in software, with agents.

Same mistake, different bill

When a programmer makes a mistake, they have a bad day. You revert the commit, restore a backup, apologize at stand-up.

When a cave diver makes a mistake, they die. Not a metaphor. People die in caves every year.

That asymmetry, bad day versus you die, is the reason technical diving built a far more mature risk culture than ours. And that means there's a lot we can steal.

How divers think about risk

We learn by reading the dead. A core part of dive training is studying accident reports. Real names. Real sites. What lined up that particular morning. It's uncomfortable. You're learning from tragedies. But it's the only honest way to internalize that risk isn't theory. It's a specific person, in a specific sump, on a specific day, with a specific team.

But the dead only tell you what happened. They don't tell you why. For that, divers read a second layer: human factors. Gareth Lock's Under Pressure takes the Swiss-cheese model and applies it to diving. Sidney Dekker's Understanding 'Human Error' explains that error is almost never malice or laziness. It's a badly designed system that invited the error in. Peter Bernstein's Against the Gods gives you the long view of how humanity learned to tame risk at all.

The dead tell you what failed. These books tell you what conditions made it likely.

One report has stuck with me. Twin Cave, Florida, March 2025. Three divers, rebreathers, scooters, a thousand feet of penetration. They pass a restriction, it silts out, and the middle diver gets disoriented. Here's the part that breaks my brain: his rebreather was working perfectly. They stripped it down afterward, and it was dry and operational. But because he couldn't read his oxygen partial pressure through the silt, he bailed out to open circuit. His gas consumption, normally half a cubic foot per minute, spiked to over two. He drained a full cylinder in ten minutes and drowned, with 1,400 psi sitting untouched in his other bottle.

Four lessons from that report that should sound familiar:

Silent degradation. Something was leaking the whole way in, and nobody noticed.

You can't predict your bandwidth under stress.

In a panic, people abandon systems that are working. Just because they can't see them.

Resources only count if you use them. 1,400 psi in a bottle he never switched to.

Plan your dive. Dive your plan.

Before you get in the water, you decide exactly how deep you'll go, how long you'll stay, what gases you'll breathe, where the exits are. Then you execute that plan. You don't improvise. Improvising in a cave is git push --force main at 6 p.m. on a Friday: sometimes it works, and one day it doesn't.

Anyone can call the dive

If your buddy in the parking lot says "I feel off, let's not," the dive is cancelled. No discussion, no vote, no bullying. One voice is enough. That culture, veto without penalty, is what keeps people alive, and it translates one-to-one to teams: if your junior says "this smells wrong," you stop everything.

Assume everything that can go wrong, will

It's defensive by construction. Not pessimism. Engineering. Your regulator can fail. Your buddy can panic. Your computer can lie. You plan for all of it at once. If you only plan for the perfect day, you die on the day that isn't perfect.

But agents are different

And they're different in exactly the direction we need.

You can stop an agent. You can't stop a diver who has decided to enter the water. But if you give an agent the right tools and enforce your policies, it literally cannot execute the action. Human safety fights will. Agent safety just sets capability. And you get to decide it.

Before going further, two myths worth noting:

Agents don't reason. They predict the next likely token from prior context: a very good statistical impression of thought, but not thought. The distinction matters the moment the stakes are real.

More context does not mean a safer agent. A million-token window buys you the same failure mode with more surface area. The model speaks with equal confidence...

agents agent working dive plan context

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

Naphtha Shortages Having a Growing Impact in Japan

takakaze13 ptsnaphtha packaging products shortages calbee from
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.