Two in the morning, my phone rings. Production is on fire. I drag myself up, dig through logs, trace backward… to a change merged three days earlier — a tiny change that, at the time, kept the build green, tests green, even a skim review green.
That's when it sank in: a bug that turns the build red isn't scary. It detonates right in front of you, while you still remember what you touched. The scary one keeps everything green — and lies in wait.
And this is exactly the kind of bug a capable agent is best at producing.
01Why the agent is blind to this dimension
The agent sees the file in front of it. It does not see the call graph — the web of other places depending on the code it's about to change. Worse: it has amnesia about the rest of the system. You open one function for it; it edits that function cleanly — with no idea twelve other places rely on the old behavior.
One seemingly small change ripples out to everything that depends on it. The agent sees only the center — not the outer rings.
02What counts as "shared"
The rule: before changing anything on a boundary others depend on, stop. The usual boundaries: function signatures (parameters, return type), data shapes (adding/removing a field), a field or key name (especially one that flows through serialization, a DB, or an API), shared utilities, config, a public API contract.
Editing inside a function body, touching no outer boundary? Safe — let it go. Crossing a boundary others lean on? Map it first.
03Make it draw the map first
Before the edit, force the agent to answer one question: "What depends on this?" And make it list them — no hand-waving. If you have a dependency-analysis tool, use it — a list in seconds. If not, the minimum move: make it grep the name across the repo and lay every read/call site out for you before it touches a line.
04A very familiar example
Rename a field from userId to accountId. Sounds like a single rename.
In reality it touches: fourteen read sites, one function that serializes to JSON, one spot mapping to a database column, and two hand-built strings no automated rename will catch. An agent that doesn't map first changes the three obvious spots, reports "Done!", and leaves fifteen landmines — each waiting for a different code path to set it off.
The cost of making it list the dependencies is thirty seconds. The cost of skipping it is a phone call at two in the morning. I know which one I've paid.