Stepping into agentic coding

Source: Dev.to

Experience with Copilot Agent

I have mainly used GitHub Copilot for inline edits and PR reviews, letting my brain do most of the thinking. Recently I decided to give full control to an AI agent. I refactored my colorful, cheeky portfolio website into a modern design using the Copilot agent, and was very impressed with the results. Check it out: . Let me know which design appeals to you more 🙂.

Using Claude Haiku 4.5

The agent closely followed the framework’s syntax and my coding style, ensuring that the core component structure and overall design remained intact. It only introduced a few minor syntax errors—such as poorly closed tags—that were easy to fix. I found that the generated code performed better when the agent had full context of the codebase rather than working on isolated inline edits or PR comments.

Guardrails and Security

• I limited the agent’s ability to execute terminal commands.
• I instructed it to check for security vulnerabilities in the codebase. The agent detected and fixed a couple of issues, which was a nice safety net.
• After each iteration, the agent provided neatly structured documentation of what it had done.

Next time, I plan to use a sandboxed environment for local development to add an extra layer of safety and prevent an agent from running code directly on my machine.

Recommendations for Non‑Technical Users

• Never grant an agent “Auto‑Merge” rights to your production system. Always require manual review and approval before deploying changes.
• Be cautious with the information you share in prompts. Avoid including customer lists, passwords, or private API keys.

Future Plans

As the AI coding “Pandora’s box” spreads across the development world, I intend to study agent security more deeply and share my learnings along the way.