DEV Community

Cover image for AI writes my code now. Here's how I stopped rubber-stamping it.
Sean Burn
Sean Burn

Posted on

AI writes my code now. Here's how I stopped rubber-stamping it.

Six months ago my job quietly changed.

My coding agents got fast — genuinely fast. Whole features in an afternoon. And somewhere in there I stopped reviewing their pull requests and started rubber-stamping them, because reading every diff properly would have erased the entire speed-up.

Then it bit me. A change did exactly what I asked — plus one thing I didn't. It shipped. It was fine that time. But I couldn't stop thinking: how many times has that happened that I didn't catch?

The problem isn't that agents write bad code. It's that they write it faster than any human can review — and "trust me" isn't a security model.

So I built Wardrail — an independent referee for AI-written code.

The idea in one line

You agree a set of rules for your project — a contract — and Wardrail enforces it on every change. Two things run on each diff:

  1. a deterministic security scan (AST-level, file:line), and
  2. an independent LLM verdict — did the agent do what was asked, and nothing it shouldn't?

You get a trust score and a precise, shareable proof — not a gut feeling.

$ wardrail check PR#482

CONTRACT ....... v3  (12 rules)
SECURITY ....... ✓ clean
DRIFT .......... ⚠ auth.ts:42 reaches billing/ — off-limits
TRUST SCORE .... 86 / 100
verdict ........ changes requested
Enter fullscreen mode Exit fullscreen mode

The part I care about most: it never sees your code

A tool that reviews your code shouldn't be the thing you have to worry about. So Wardrail is built to know as little as possible:

  • Bring your own key, zero-knowledge. Your model key is encrypted in your browser. We can't read it, and every inference runs on your key.
  • The PR verdict runs in your own CI. Our servers are never in the path of your code.
  • Read-only GitHub scope. It reads the diff; it never writes to your repo or runs it.
# .github/workflows/wardrail.yml
- uses: your-org/wardrail@v1
  with:
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
Enter fullscreen mode Exit fullscreen mode

The key is a repo secret your CI injects — it never reaches us. We see nothing and pay nothing.

Your agent can query the repo, not just read it

Wardrail builds a native code graph across TS/JS, Python, PHP and Go. Instead of burning tokens reading files, your agent asks structural questions — who calls this, what's the blast radius, what's the shape of this project.

There's an in-app companion (the Warden) that answers in plain English:

you › what's the blast radius of chargeCard()?
warden › 7 callers. A change here touches checkout,
         refunds and the webhook consumer — and 2 are
         off-limits in your contract. Proceed carefully.
Enter fullscreen mode Exit fullscreen mode

And an MCP server, so Claude Code / Cursor / Windsurf get your contract and graph while they write:

claude mcp add wardrail \
  -e WARDRAIL_URL=https://wardrail.ghostables.io \
  -- npx -y @wardrail/mcp
Enter fullscreen mode Exit fullscreen mode

Guardrails your agents actually follow

The contract compiles to a committed CLAUDE.md your agents read. There's also a library of 238 battle-tested skills and loops — across backend, security, testing, frontend, data and AI-agent work — that you can drop in. Skills teach an agent to do one thing your way; loops are recurring jobs (like a nightly security sweep) that run and report on their own.

It's early — and I'd love your feedback

I'm a solo founder, and this is a launch, not a victory lap. Wardrail has a free forever tier (no card): connect a repo, compile your contract, and get an independent verdict on the next change your agent makes.

If your team ships AI-generated code and you've ever felt that quiet unease about what actually went out, I'd genuinely love for you to try it and tell me where it falls short.

wardrail.ghostables.io

What do you use to keep your agents honest? I'd love to hear it in the comments.

Top comments (0)