Verdict: Conditional pilot · Last editorial review: not reviewed
Evidence: Whenever aider edits a file, it commits those changes with a descriptive commit message. This makes it easy to undo or review aider’s changes.
Limitations: Organization supplies most controls, not the product.
Required controls: least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, command allowlist, audit logs, separate test credentials
Verdict: Conditional pilot · Last editorial review: not reviewed
Evidence: Claude Code is an agentic coding tool that reads your codebase, edits files, runs commands, and integrates with your development tools. Available in your terminal, IDE, desktop app, and browser.
Limitations: Terminal use means local environment configuration materially changes risk.
Required controls: least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, command allowlist, audit logs, separate test credentials
Verdict: Security review · Last editorial review: not reviewed
Evidence: AI coding assistant in your editor. Create files, run commands, browse the web, and use tools with human-in-the-loop approval.
Limitations: Extensions and MCP/tool configuration can expand power.
Required controls: least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, audit logs, command allowlist, separate test credentials
Verdict: Conditional pilot · Last editorial review: not reviewed
Evidence: Inspect diffs, run checks, and catch problems before you merge
Limitations: IDE/team configuration changes risk.
Required controls: least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, audit logs
Verdict: Security review · Last editorial review: not reviewed
Evidence: Devin's terminal, where you can watch commands being executed and view output logs. You can also copy the shell output for debugging purposes. To run commands directly, use the IDE's shell.
Limitations: High autonomy creates reviewer-load and blast-radius risk.
Required controls: least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, command allowlist, audit logs, separate test credentials
Verdict: Conditional pilot · Last editorial review: not reviewed
Evidence: Gemini CLI uses tools to interact with your local environment, access information, and perform actions on your behalf. These tools extend the model's capabilities beyond text generation, letting it read files, execute commands, and search the web.
Limitations: CLI plugins and local environment change risk.
Required controls: least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, command allowlist, audit logs, separate test credentials
Verdict: Conditional pilot · Last editorial review: not reviewed
Evidence: Hooks allow you to execute custom shell commands at key points during agent execution, enabling you to add validation, logging, security scanning, or workflow automation.
Limitations: GitHub permissions determine actual blast radius.
Required controls: least-privilege permissions, protected branches, mandatory human review, audit logs
Verdict: Conditional pilot · Last editorial review: not reviewed
Evidence: Jules runs in a virtual machine where it clones your code, installs dependencies, and modifies files.
Limitations: Async execution obscures local command review unless logs are available.
Required controls: least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, command allowlist, audit logs, separate test credentials