[siddboots]

Openclaw has 20k commits, almost 700k lines of code, and it is only four months old. I feel confident that that sort of code base would have a no coherent architecture at all, and also that no human has a good mental model of how the various subsystems interact.

I’m sure we’ll all learn a lot from these early days of agentic coding.

[girvo]

> I’m sure we’ll all learn a lot from these early days of agentic coding.

So far what I am learning (from watching all of this) is that our constant claims that quality and security matter seem to not be true on average. Depressingly.

[nunchiai]

I think what we're seeing is a phase transition. In the early days of any paradigm shift, velocity trumps stability because the market rewards first movers.

But as agents move from prototypes to production, the calculus changes. Production systems need: - Memory continuity across sessions - Predictable behavior across updates - Security boundaries that don't leak

The tools that prioritize these will win the enterprise market. The ones that don't will stay in the prototype/hobbyist space.

We're still in the "move fast" phase, but the "break things" part is starting to hurt real users. The pendulum will swing back.

[imtringued]

This makes sense. Development velocity is bought by having a short product life with few users. As you gain users that depend on your product, velocity must drop by definition.

The reason for this is that product development involves making decisions which can later be classified as good or bad decisions.

The good decisions must remain stable, while the bad decisions must remain open to change and therefore remain unstable.

The AI doesn't know anything about the user experience, which means it will inevitably change the good decisions as well.

[lelanthran]

> So far what I am learning (from watching all of this) is that our constant claims that quality and security matter seem to not be true on average.

Only for the non-pro users. After all, those users were happy to use excel to write the programs.

What we're seeing now is that more and more developers find they are happy with even less determinism than the Excel process.

Maybe they're right; maybe software doesn't need any coherence, stability, security or even correctness. Maybe the class of software they produce doesn't need those things.

I, unfortunately, am unable to adopt this view.

[_n66o]

I still use excel to write programs. I use officescript and power query. I shy away from via but have also used it.. I’m not sure what your point is. The people stopping citizens’ development could ease off the job security lines and the deferral to lockdown

[staticassertion]

> our constant claims that quality and security matter

I'm 13 years into this industry, this is the first I'm hearing of this.

[usagisushi]

I’ve heard the "S" in IoT stands for Security.

[baq]

same with openclaw

[girvo]

20 for me, and let's not exaggerate. We've given lip service to it this entire time. Hell look at any of the corps we're talking about (including where I work) and they're demanding "velocity without lowering the quality bar", but it's a lie: they don't care about the quality bar in the slightest.

[raesene9]

One of my main lessons after a decent long while in security, is that most orgs care about security, *as long as it doesn't get in the way of other priorities* like shipping new features. So when we get something like Agentic LLM tooling where everything moves super fast, security is inevitably going to suffer.

[blks]

I’m learning that projects, developed with the help of agents, even when developers claim that they review and steer everything, ultimately are not fully understood or owned by the developers, and very soon turns into a thousand reinvented wheels strapped together by tape.

[KronisLV]

> very soon turns into a thousand reinvented wheels strapped together by tape.

Also most of the long running enterprise projects I’ve seen - there was one that had been around for like 10 years and like about 75% of the devs I hadn’t even heard of and none of the original ones were in the project at all.

The thing had no less than three auditing mechanisms, three ways of interacting with the database, mixed naming conventions, like two validation mechanisms none of which were what Spring recommended and also configurations versioned for app servers that weren’t even in use.

This was all before AI, it’s not like you need it for projects to turn into slop and AI slop isn’t that much different from human slop (none of them gave a shit about ADRs or proper docs on why things are done a certain way, though Wiki had some fossilized meeting notes with nothing actually useful) except that AI can produce this stuff more quickly.

When encountered, I just relied on writing tests and reworking the older slop with something newer (with better AI models and tooling) and the overall quality improved.