When to Delegate a Feature to an AI Agent—and When to Keep Your Hands on the Keyboard

A practical three-zone framework that shows engineers which coding tasks to delegate to an AI agent and which to keep under their own control.

Author:
Codapress Publishing
Date:

Agentic coding promises a future where engineers describe features and AI agents build them. That future is already here for many teams, but experienced adopters quickly learn one thing: not every feature is equally delegable. The skill is not in handing everything to an AI; it is in knowing what to hand over, what to supervise, and what to write yourself.

The three zones of delegation

Think of delegation as three bands on a risk-autonomy matrix. The same engineer might work in all three zones during a single sprint.

ZoneAutonomyDescriptionBest for
GreenFullDescribe, generate, commitUtilities, boilerplate, isolated logic
AmberAssistedHuman writes spec, AI drafts, human approvesBusiness logic, data access, API handlers
RedManualHuman writes with AI as autocompleteAuth, payments, compliance, architecture

The boundaries shift as your team’s confidence with the tools grows, but having explicit zones prevents the most common failure mode: treating a red-zone task like a green-zone one.

Green zone: hand it off and move on

Green-zone features share three properties: they are well-defined, isolated, and cheap to fail. A utility function that formats dates, a data-transfer object mapping between API responses and internal models, a one-off migration script — these are prime candidates for full delegation.

Generate a TypeScript utility that takes an ISO 8601 date string and returns a
relative time label ("2 hours ago", "yesterday", "3 weeks ago") for a React app.

Rules:
- Export a single function called formatRelativeTime
- Support thresholds for seconds, minutes, hours, days, weeks, months, years
- Use Intl.RelativeTimeFormat for the output
- Include the type signature as a comment
- No external dependencies

A prompt like this names the language, the module boundary, the signature, and the constraints. The agent produces a focused output you can review in seconds and drop straight into the codebase.

As your team validates more green-zone outputs, this zone naturally expands. A pattern that passes code review five times without issues becomes a candidate for higher-trust delegation — the agent may commit directly to a feature branch with a pull request automatically opened for a quick peer glance.

Amber zone: specify, generate, verify

Amber-zone features affect the core of your application. They are not dangerous in themselves, but a bad implementation ripples into surrounding modules. Business logic that encodes pricing rules, database queries with transactional guarantees, API handlers that enforce authorisation — these benefit from a human writing the spec and the AI generating the first pass.

The workflow is straightforward: write the test or a detailed spec comment first, then ask the agent to implement against it. The test becomes both the spec and the safety net.

// Human spec: "As an admin, I can apply a promotional discount to an order
// that does not stack with existing coupon discounts."

async function applyPromotionalDiscount(orderId, promoCode) {
  const order = await db.orders.findById(orderId);
  if (!order) throw new NotFoundError("Order not found");

  const hasCoupon = order.discounts.some(d => d.source === "coupon");
  if (hasCoupon) {
    // Review question: is non-stacking global or per-discount-type?
    throw new ConflictError(
      "Promotional discounts cannot stack with coupon discounts"
    );
  }

  const promo = await db.promotions.findByCode(promoCode);
  order.discounts.push({ source: "promotion", amount: promo.amount });
  return db.orders.update(order);
}

The engineer writes the test or the spec comment; the AI fills in the implementation. The review then focuses on edge cases the model may have missed — what happens when the promo has expired, or the order is already refunded? This human-in-the-loop pattern catches the gaps that statistical pattern matching cannot reason about.

Red zone: keep your hands on the keyboard

Red-zone tasks involve security boundaries, compliance obligations, or architecture decisions that constrain every future feature. Authentication flows, payment processing, encryption logic, database migration rollback plans, and system-wide architecture decisions belong here. An AI can assist with snippets, but the human must own the design and the review.

The OWASP Cheat Sheet Series is a solid reference for understanding the surface area of common web application risks — the kind of knowledge an AI model may compress inaccurately during generation. When the stakes involve user data or financial transactions, the cost of a hallucinated security control is too high to trust an unsupervised agent.

In this zone, treat the AI as a pair programmer who types fast but needs close guidance. You might ask it to draft a specific function within an authentication flow you have already designed, but you review every line for security implications before it reaches a pull request. The architecture document, the threat model, and the compliance checklist stay human-authored.

A decision framework for your daily stand-up

Use this checklist when you pick up a ticket:

QuestionAnswer pushes toward
Does this touch authentication, payments, or PII?Red zone
Does it have a single, well-known output format?Green zone
Is the spec clear enough to write as a prompt?Green or amber
Would a wrong implementation cause a production incident?Red zone
Is this module tightly coupled to three others?Amber zone
Can we verify correctness with an automated test?Green zone
Does the feature encode subjective business rules?Amber zone
Does it involve a legacy system with undocumented behaviour?Red zone

The pattern is clear: the more coupling, the more risk, and the more ambiguity, the closer to the keyboard you should stay. The checklist makes the call objective rather than a gut feeling.

When zones shift

Delegation zones are not permanent. A feature that sits comfortably in the green zone today may drift into amber as it accumulates dependencies. Conversely, a pattern you used to hand-code in the red zone — say, a standardised OAuth integration — may move to amber once your team has a battle-tested library and a template prompt.

Review your zone assignments every sprint. If you find yourself manually repeating a pattern the AI could generate reliably, move it. If you discover an amber-zone delegation introduced a subtle bug, pull it back. The goal is not to minimise human involvement; it is to maximise the value of where humans spend their attention.

Building the habit

Teams that succeed with agentic coding do not rely on intuition alone. They document their delegation criteria, review failed delegations in retrospectives, and gradually expand the green zone as they validate the AI’s output quality. A simple retrospective question works well: “Which feature took longer to fix than it saved — and what zone should it have been in?”

This is the core idea behind Agentic Coding Pro: treating AI delegation as a repeatable, measurable practice rather than a series of ad hoc experiments. The book provides structured decision trees, prompt patterns for each delegation zone, and retrospective templates for reviewing what the agent produced.

For teams building the workflows and review loops that make delegation safe at scale, Harness Engineering covers the control systems and feedback loops that keep AI-generated code aligned with human intent. The two books together form a practical curriculum for engineering leaders navigating this transition.

The question is no longer whether an AI can write a given feature. The question is whether it should write it without supervision — and that is a decision only a human engineer can make, feature by feature, commit by commit.

More insights

All Articles