← All posts

Who signs off on AI written code?

4/7/2026 · 4 min · OpenFactoryAI · Read as Markdown

Share
sign offaccountabilityauditagentscertification

TL;DR

Today a person reads every agent written change and vouches for it. That does not scale and it does not travel. The sign off has to become something you can issue and check, issued outside the factory that produced the code.

You turned on a coding agent. Output went up. Now someone re-reads every change before it ships, and that someone never gets to go home.

That person is the sign off. They are also the bottleneck, the single point of failure, and the reason your throughput did not actually improve.

The accountability does not disappear

When an auditor, a regulator, or an incident review asks who approved a change, "the agent wrote it" is not an answer. Accountability does not evaporate because the author was a machine. It lands on a human, and in most organisations today that human is whoever happened to hit approve.

So the honest question is not whether AI written code needs a sign off. It is what the sign off consists of, and whether it means anything.

What a sign off has to contain

Strip away the ceremony and an auditor wants three things:

  • Provenance. Where did this artifact come from, and what produced it.
  • The bar. Which checks did it clear, and who decided that bar was sufficient.
  • A name. Who stands behind it, and are they qualified to.

Reading a diff and clicking approve supplies exactly one of those, weakly. The reviewer's judgment is real, but it is unrecorded, unverifiable, and gone the moment they leave.

Why the reviewer does not scale

Three failures, in order of how badly they hurt.

It does not scale. Agent output grows faster than any human's reading speed. The reviewer becomes a queue. Teams respond by reviewing less carefully, which is worse than not reviewing at all, because now the approval is on record and it is hollow.

It does not travel. The bar lives in the reviewer's head. It cannot be handed to a new hire, shown to an auditor, or compared across two teams. Two engineers in the same company will accept different things from the same agent and neither knows.

It leaves. When the best architect goes, the standard goes with them. New engineers learn what is safe to ship by guessing and getting corrected, which is a slow and expensive way to transmit a standard.

The sign off has to come from outside

A factory cannot vouch for itself. If the same system that generated the code also declares it fit to ship, the declaration carries no information.

So the credential has to be issued and checked outside the pipeline, and it has to be portable. That is what makes it a credential rather than a log line. The engineer keeps it. The company keeps the recorded judgment that produced it.

That second half matters more than it sounds. Every time a skilled person decides what to accept from an agent and what to reject, they are expressing the bar. Capture enough of those decisions and the standard stops being tribal knowledge and starts being written down. It becomes something you can measure a new hire against, show an auditor, and eventually hold an agent to.

What this looks like in practice

Start with the only rung that can exist first: the people running the agents.

A developer takes a real, timed exam. They direct agent work, correct it, and decide what is safe to ship. Passing produces a public credential anyone can verify. Failing is informative too, because the pattern of what they accepted and rejected is the data.

Once the standard is written down, it becomes the bar an agent has to clear. Then you stop reading every result, and start spot checking a worker you already trust, exactly as you do with a senior developer whose pull requests you skim rather than audit.

Only then does the third rung make sense: code that ships by default rather than by exception, with the check in the system and a name attached to every change.

Nobody has finished that ladder. Anyone who tells you they have is selling. But the first rung runs today, and the answer to "who signed off on this" stops being a shrug.

Share

FAQ

Can an AI agent sign off on its own code?
No. A sign off issued by the system that produced the work carries no information, for the same reason a factory does not certify its own safety. The verdict has to come from outside the pipeline and be checkable by someone who was not involved. An agent can be certified, and a certified agent can be spot checked, but it cannot be its own auditor.
Does a human still have to review every AI written change?
Today, in most organisations, yes, and that is the problem. Review by one person does not scale with agent output, does not transfer to a new hire, and vanishes when the reviewer leaves. The goal is to move from re-reading every change to spot checking work that has already cleared a recorded bar.
What does an auditor actually want to see for AI written code?
Three things: provenance, meaning what produced the artifact; the bar it cleared, meaning which checks ran and who decided they were sufficient; and a name, meaning an accountable and qualified human. A signed, portable credential for the engineer directing the agents supplies the third, and makes the first two worth recording.
Is certifying engineers not just another exam?
It is an exam, but the output is two things rather than one. The engineer gets a credential that travels with them. The company gets a written record of how a skilled person decides what to trust, which is the raw material for holding an agent to the same standard later.