The main agent writes the code. The reviewer agent reads it. The reviewer can't edit anything.
That constraint — no edit permission — is the whole point. It's not a safety measure. It's what makes the reviewer trustworthy.
What "waving through" looks like
I noticed a pattern in my own agentic work. The main agent finishes a feature, the tests pass, I mark it done. Later I find something wrong — a null case not handled, an error message that doesn't match the spec, a behavior that passes the test but fails in a slightly different context. Things that were visible in the code. Things I should have caught.
The main agent wrote the code and verified the code. By the time it's reading its own output, it has already mentally modeled the feature as complete. It reads with the assumption that things are correct and looks for confirmation. It finds confirmation, because it wrote the code to pass the test it also wrote.







