<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Sean Burn</title>
    <description>The latest articles on DEV Community by Sean Burn (@sean_burn_5b90f0a9f31d0f6).</description>
    <link>https://dev.to/sean_burn_5b90f0a9f31d0f6</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2646502%2F0b8cb6ff-b4e4-4307-ada2-e1766a76b19a.png</url>
      <title>DEV Community: Sean Burn</title>
      <link>https://dev.to/sean_burn_5b90f0a9f31d0f6</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/sean_burn_5b90f0a9f31d0f6"/>
    <language>en</language>
    <item>
      <title>AI writes my code now. Here's how I stopped rubber-stamping it.</title>
      <dc:creator>Sean Burn</dc:creator>
      <pubDate>Wed, 08 Jul 2026 03:53:51 +0000</pubDate>
      <link>https://dev.to/sean_burn_5b90f0a9f31d0f6/ai-writes-my-code-now-heres-how-i-stopped-rubber-stamping-it-dij</link>
      <guid>https://dev.to/sean_burn_5b90f0a9f31d0f6/ai-writes-my-code-now-heres-how-i-stopped-rubber-stamping-it-dij</guid>
      <description>&lt;p&gt;Six months ago my job quietly changed.&lt;/p&gt;

&lt;p&gt;My coding agents got fast — genuinely fast. Whole features in an afternoon. And somewhere in there I stopped &lt;em&gt;reviewing&lt;/em&gt; their pull requests and started &lt;em&gt;rubber-stamping&lt;/em&gt; them, because reading every diff properly would have erased the entire speed-up.&lt;/p&gt;

&lt;p&gt;Then it bit me. A change did exactly what I asked — &lt;strong&gt;plus one thing I didn't.&lt;/strong&gt; It shipped. It was fine that time. But I couldn't stop thinking: how many times has that happened that I &lt;em&gt;didn't&lt;/em&gt; catch?&lt;/p&gt;

&lt;p&gt;The problem isn't that agents write bad code. It's that they write it faster than any human can review — and "trust me" isn't a security model.&lt;/p&gt;

&lt;p&gt;So I built &lt;strong&gt;&lt;a href="https://wardrail.ghostables.io" rel="noopener noreferrer"&gt;Wardrail&lt;/a&gt;&lt;/strong&gt; — an independent referee for AI-written code.&lt;/p&gt;

&lt;h2&gt;
  
  
  The idea in one line
&lt;/h2&gt;

&lt;p&gt;You agree a set of rules for your project — a &lt;strong&gt;contract&lt;/strong&gt; — and Wardrail enforces it on every change. Two things run on each diff:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;a &lt;strong&gt;deterministic security scan&lt;/strong&gt; (AST-level, file:line), and&lt;/li&gt;
&lt;li&gt;an &lt;strong&gt;independent LLM verdict&lt;/strong&gt; — did the agent do what was asked, and &lt;em&gt;nothing it shouldn't&lt;/em&gt;?&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;You get a trust score and a precise, shareable proof — not a gut feeling.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight console"&gt;&lt;code&gt;&lt;span class="gp"&gt;$&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;wardrail check PR#482
&lt;span class="go"&gt;
CONTRACT ....... v3  (12 rules)
SECURITY ....... ✓ clean
DRIFT .......... ⚠ auth.ts:42 reaches billing/ — off-limits
TRUST SCORE .... 86 / 100
verdict ........ changes requested
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  The part I care about most: it never sees your code
&lt;/h2&gt;

&lt;p&gt;A tool that reviews your code shouldn't be the thing you have to worry about. So Wardrail is built to know as little as possible:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Bring your own key, zero-knowledge.&lt;/strong&gt; Your model key is encrypted in your browser. We can't read it, and every inference runs on &lt;em&gt;your&lt;/em&gt; key.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The PR verdict runs in your own CI.&lt;/strong&gt; Our servers are never in the path of your code.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Read-only GitHub scope.&lt;/strong&gt; It reads the diff; it never writes to your repo or runs it.
&lt;/li&gt;
&lt;/ul&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="c1"&gt;# .github/workflows/wardrail.yml&lt;/span&gt;
&lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;uses&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;your-org/wardrail@v1&lt;/span&gt;
  &lt;span class="na"&gt;with&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
    &lt;span class="na"&gt;anthropic-api-key&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;${{ secrets.ANTHROPIC_API_KEY }}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The key is a repo secret your CI injects — it never reaches us. We see nothing and pay nothing.&lt;/p&gt;

&lt;h2&gt;
  
  
  Your agent can &lt;em&gt;query&lt;/em&gt; the repo, not just read it
&lt;/h2&gt;

&lt;p&gt;Wardrail builds a native &lt;strong&gt;code graph&lt;/strong&gt; across TS/JS, Python, PHP and Go. Instead of burning tokens reading files, your agent asks structural questions — who calls this, what's the blast radius, what's the shape of this project.&lt;/p&gt;

&lt;p&gt;There's an in-app companion (the &lt;strong&gt;Warden&lt;/strong&gt;) that answers in plain English:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;you › what's the blast radius of chargeCard()?
warden › 7 callers. A change here touches checkout,
         refunds and the webhook consumer — and 2 are
         off-limits in your contract. Proceed carefully.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;And an &lt;strong&gt;MCP server&lt;/strong&gt;, so Claude Code / Cursor / Windsurf get your contract and graph &lt;em&gt;while they write&lt;/em&gt;:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;claude mcp add wardrail &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;-e&lt;/span&gt; &lt;span class="nv"&gt;WARDRAIL_URL&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;https://wardrail.ghostables.io &lt;span class="se"&gt;\&lt;/span&gt;
  &lt;span class="nt"&gt;--&lt;/span&gt; npx &lt;span class="nt"&gt;-y&lt;/span&gt; @wardrail/mcp
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Guardrails your agents actually follow
&lt;/h2&gt;

&lt;p&gt;The contract compiles to a committed &lt;code&gt;CLAUDE.md&lt;/code&gt; your agents read. There's also a library of &lt;strong&gt;238 battle-tested skills and loops&lt;/strong&gt; — across backend, security, testing, frontend, data and AI-agent work — that you can drop in. &lt;em&gt;Skills&lt;/em&gt; teach an agent to do one thing your way; &lt;em&gt;loops&lt;/em&gt; are recurring jobs (like a nightly security sweep) that run and report on their own.&lt;/p&gt;

&lt;h2&gt;
  
  
  It's early — and I'd love your feedback
&lt;/h2&gt;

&lt;p&gt;I'm a solo founder, and this is a launch, not a victory lap. Wardrail has a &lt;strong&gt;free forever tier&lt;/strong&gt; (no card): connect a repo, compile your contract, and get an independent verdict on the next change your agent makes.&lt;/p&gt;

&lt;p&gt;If your team ships AI-generated code and you've ever felt that quiet unease about what actually went out, I'd genuinely love for you to try it and tell me where it falls short.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;a href="https://wardrail.ghostables.io" rel="noopener noreferrer"&gt;wardrail.ghostables.io&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;What do you use to keep your agents honest? I'd love to hear it in the comments.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>devtools</category>
      <category>security</category>
      <category>productivity</category>
    </item>
    <item>
      <title>13 years in, AI nearly left me behind. So I stopped fighting it and started building.</title>
      <dc:creator>Sean Burn</dc:creator>
      <pubDate>Wed, 24 Jun 2026 21:53:56 +0000</pubDate>
      <link>https://dev.to/sean_burn_5b90f0a9f31d0f6/13-years-in-ai-nearly-left-me-behind-so-i-stopped-fighting-it-and-started-building-1pmg</link>
      <guid>https://dev.to/sean_burn_5b90f0a9f31d0f6/13-years-in-ai-nearly-left-me-behind-so-i-stopped-fighting-it-and-started-building-1pmg</guid>
      <description>&lt;h1&gt;
  
  
  13 years in, AI nearly left me behind. So I stopped fighting it and started building.
&lt;/h1&gt;

&lt;p&gt;I've been writing code for thirteen years. I mention that not to flex, but because it's exactly why the last couple of years rattled me.&lt;/p&gt;

&lt;p&gt;When AI coding tools started getting genuinely good, I felt something I hadn't felt since I was a junior: &lt;em&gt;behind&lt;/em&gt;. Thirteen years of hard-won instinct, and suddenly a chatbot could scaffold in thirty seconds what used to take me an afternoon. You tell yourself it's hype. Then you watch a feature ship in a day that would've taken a week, and the floor shifts a little under you.&lt;/p&gt;

&lt;p&gt;So I did what a lot of us did. I started dabbling.&lt;/p&gt;

&lt;h2&gt;
  
  
  The dabbling phase
&lt;/h2&gt;

&lt;p&gt;At first it was small, low-stakes stuff. Summarising things. Turning a wall of server logs into a readable incident report when a site fell over at 2am: paste the logs, one-line prompt, done. Little wins, low trust required. I wasn't betting anything important on it.&lt;/p&gt;

&lt;p&gt;Then the wins got bigger, and so did my usage. I settled on Claude, in a browser tab that was basically always open. I'd describe a small problem, like a bit of functionality a site needed or a fiddly plugin to handle one specific thing, and download the artifact it produced. Copy, paste, tweak, ship. It became a real part of how I worked.&lt;/p&gt;

&lt;p&gt;But a browser tab has a ceiling. You're forever copying things in and out, losing context, re-explaining your codebase every single session.&lt;/p&gt;

&lt;h2&gt;
  
  
  Down the rabbit hole
&lt;/h2&gt;

&lt;p&gt;So I went into the terminal properly. Learning MCP servers, wiring the AI into my actual environment, my actual files, my actual tools. It was not a weekend project. It was a long, frustrating slog of making AI work the way I &lt;em&gt;needed&lt;/em&gt; it to, rather than the way the demos pretended it already did.&lt;/p&gt;

&lt;p&gt;And somewhere in there, I hit the wall I think every serious developer using AI eventually hits:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The time you save prompting, you lose reviewing.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Because AI is confidently wrong in very specific, very repeatable ways. After enough hours you start to recognise the tells:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;It calls a method that doesn't exist, a function the library never had, written so plausibly you almost don't check.&lt;/li&gt;
&lt;li&gt;It imports a package you never installed, or invents a config option that was never in the docs.&lt;/li&gt;
&lt;li&gt;It reaches for a deprecated pattern from three years ago, because that's what the training data was thick with.&lt;/li&gt;
&lt;li&gt;It "helpfully" refactors code you didn't ask it to touch, and quietly reintroduces a bug you fixed last week.&lt;/li&gt;
&lt;li&gt;And the one that started to genuinely worry me: it leaves user input unsanitised, logs things it shouldn't, hardcodes a secret right there in the source, because it's optimising for &lt;em&gt;works&lt;/em&gt;, not &lt;em&gt;safe&lt;/em&gt;.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I found myself spending nearly as many hours auditing AI output as I used to spend writing the code myself. I couldn't find the balance between prompting and policing. And in an industry this competitive, "slower but I trust it" and "faster but I'm anxious about it" are both losing positions.&lt;/p&gt;

&lt;p&gt;That security thread turned out to be the loose end that unravelled everything else.&lt;/p&gt;

&lt;h2&gt;
  
  
  How Ghostables was born
&lt;/h2&gt;

&lt;p&gt;A client raised their hand and asked the question I'd been quietly dreading: &lt;em&gt;"If you're using AI to build our software, how do we know our data is safe?"&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Fair question. And I didn't have a clean answer.&lt;/p&gt;

&lt;p&gt;So I went and built one. That became &lt;strong&gt;Ghostables&lt;/strong&gt;, a way to make the data a project holds genuinely defensible, so that "we used AI" and "your customers' data is protected" can both be true at once. I won't go deep here; the point is it wasn't a startup idea on a whiteboard. It was a real problem a real client had, and I built the thing that solved it.&lt;/p&gt;

&lt;p&gt;But solving it exposed something bigger about &lt;em&gt;how&lt;/em&gt; we were working.&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem that became Snagger
&lt;/h2&gt;

&lt;p&gt;The agency I was at delivered projects… backwards. Feedback lived in screenshots with red circles scrawled on them. Client changes arrived as &lt;em&gt;"the button on the about page, the second one, not that one."&lt;/em&gt; Sign-off was a verbal "yeah, that's fine" that evaporated the second a dispute started. Nothing was tracked. Everyone re-explained everything five times.&lt;/p&gt;

&lt;p&gt;If you've ever sent a developer a screenshot with a red circle and the note &lt;em&gt;"this bit looks off"&lt;/em&gt;, you already know the exact problem I'm describing.&lt;/p&gt;

&lt;h2&gt;
  
  
  I genuinely tried not to build this
&lt;/h2&gt;

&lt;p&gt;Before I wrote a line of code, I did the responsible thing and went looking for the tool that already did the job. I didn't want to build a product; I wanted to &lt;em&gt;use&lt;/em&gt; one. So I tried a lot of them.&lt;/p&gt;

&lt;p&gt;The visual-feedback tools are good at what they do. BugHerd, Marker.io, Usersnap, Pastel, Ruttl and the rest all do their job well. But they nearly all work one of two ways: either you install a script or widget on the site, or they freeze the page into a static screenshot you annotate on top of. The first needs developer cooperation and falls over the moment you're reviewing a client's existing site you don't control, a staging build behind auth, or anything with a strict security policy that throws the snippet straight out. The second hands you a dead image: the menus don't open, the forms don't submit, the JavaScript doesn't run, and you've lost the exact behaviour you were trying to give feedback on. The thing I most needed to review was usually the thing I either &lt;em&gt;couldn't&lt;/em&gt; install on, or couldn't afford to flatten into a screenshot.&lt;/p&gt;

&lt;p&gt;And even when they worked, they only ever solved one slice of the project: the bug list. The feedback lived in BugHerd, but the design review lived in Figma comments, the sitemap lived in Slickplan or FlowMapp, the wireframes lived in Balsamiq or back in Figma, the tasks lived in Trello or ClickUp, and the client approval lived… nowhere, really, beyond an email that said "looks good." Five or six subscriptions, none of them talking to each other, and the context dying every time it crossed a boundary.&lt;/p&gt;

&lt;p&gt;The part that finally pushed me over the edge was sign-off. Not one of them gave me a clean, formal &lt;em&gt;"the client approved this page, on this date, at this viewport"&lt;/em&gt;, the kind of record that ends a dispute instead of starting one. So every approval was a verbal maybe, and every change was an argument waiting to happen.&lt;/p&gt;

&lt;p&gt;I didn't set out to build a product. I set out to find one that covered the whole arc, from audit and planning to wireframing, build review, content, and client sign-off, all without making me install anything on a site I didn't own. It didn't exist. So I built it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Snagger actually does
&lt;/h2&gt;

&lt;p&gt;Snagger lets anyone point, click, and comment directly on a live website. And it works on &lt;em&gt;any&lt;/em&gt; site, with zero installation, because it serves the real, fully-interactive site back through a reverse proxy instead of a dead screenshot or a snippet you have to beg a developer to install. Every comment is anchored to the exact element, on the exact page, at the exact viewport, with a screenshot, an author, a status, a due date. &lt;em&gt;"The spacing is wrong on mobile"&lt;/em&gt; becomes a precise, trackable task pinned to the actual thing.&lt;/p&gt;

&lt;p&gt;And then it keeps going, because feedback was only half the mess. Snagger carries a project across its whole life: audit an existing site, plan the new sitemap, wireframe it on a proper canvas, review the build, stage copy changes, and, the part that protects you, formal &lt;strong&gt;client sign-off&lt;/strong&gt;, per page, per viewport, with revision rounds tracked. New feedback automatically revokes approval, so &lt;em&gt;"but you said it was approved"&lt;/em&gt; is finally over. Agencies can white-label the whole thing and run it as their own tool.&lt;/p&gt;

&lt;p&gt;Stop screenshotting. Start shipping. That's the entire pitch.&lt;/p&gt;

&lt;h2&gt;
  
  
  The third piece: keeping AI on the rails
&lt;/h2&gt;

&lt;p&gt;Building two real products &lt;em&gt;with&lt;/em&gt; AI meant living inside that prompting-vs-policing problem every single day. I needed a way to keep the agent on the rails: to hold it to what I'd actually asked for, stop it wandering off and rewriting things, and (not a small thing when you're paying per token) stop it burning context re-reading everything on every turn.&lt;/p&gt;

&lt;p&gt;So I built a third thing: a control layer that sits around the coding agent. It keeps my intent written down where the AI has to follow it, checkpoints work so I can pick up cleanly instead of dragging a giant conversation around, and cuts my token usage dramatically in the process. &lt;em&gt;(It's got a name and a home coming; I'm just not announcing it until the domain's mine. Bear with me.)&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;And building that is where the whole thing clicked into one idea.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where I think this is all going
&lt;/h2&gt;

&lt;p&gt;As AI writes more and more of the code that runs the world, the scarce thing won't be &lt;em&gt;generating&lt;/em&gt; software. It'll be &lt;em&gt;trusting&lt;/em&gt; it. Who verified this? Against what rules? Was the data handled properly? Did the agent actually do what it was told, or just something that looked close enough to pass review?&lt;/p&gt;

&lt;p&gt;Right now almost nobody can answer those questions with a straight face. That's the gap I'm building toward: &lt;strong&gt;verification, attestation, and trust as first-class parts of how software gets delivered.&lt;/strong&gt; Ghostables is the data side of it. The control layer is the process side. Snagger is where the work and the client meet in the open, on the record. Different products, one thesis: &lt;em&gt;trust has to become something you can show, not just claim.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Why I'm telling you all this
&lt;/h2&gt;

&lt;p&gt;I don't want passive users. I've built these tools out of real problems, but the surest way to build the &lt;em&gt;wrong&lt;/em&gt; thing is to build it alone in a room. I want developers, designers, and agencies who'll put Snagger on actual client work and tell me, bluntly, where it falls short. The people who do this every day know things I can only guess at.&lt;/p&gt;

&lt;p&gt;So I'm opening up early access, and the people who come in now to genuinely help shape it get the &lt;strong&gt;highest tier, free&lt;/strong&gt;, and a direct line to me. Not a focus group. Collaborators. If the feedback gap, the client-sign-off chaos, or the AI-trust problem is something you live with, I'd love your hands on this.&lt;/p&gt;

&lt;p&gt;Take a look at &lt;strong&gt;&lt;a href="https://snagger.io" rel="noopener noreferrer"&gt;snagger.io&lt;/a&gt;&lt;/strong&gt;, or just reach out and tell me what you'd want it to do. I'm a developer who fell behind, clawed his way back, and built the tools he wished existed along the way.&lt;/p&gt;

&lt;p&gt;If any of that sounds like your week, come build it with me.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>career</category>
      <category>devjournal</category>
      <category>programming</category>
    </item>
  </channel>
</rss>
