Mike McQuaid has been maintaining Homebrew since 2009. He was testing GitHub Copilot's internal alpha back in early 2021. Now, in April 2026, he's hitting a milestone that Dario Amodei predicted for late 2025: AI writes approximately 90% of his code. That's not hyperbole—it's the reality McQuaid describes in a detailed breakdown of his current development workflow, and it's honestly kind of staggering to see laid out so plainly.

The Agentic AI Leap

McQuaid's journey from code completion tools like GitHub Copilot to full-blown autonomous agents happened somewhere between mid-2024 and late 2025. He describes Claude Code (Opus 4.6 max) as "fairly stupid by default" but notes it can be nudged into usefulness with aggressive hooks, tools, and prompts. OpenAI Codex (5.4 xhigh), meanwhile, takes longer but generally does things right the first time without requiring much steering. His daily driver is Codex—until he runs out of tokens, then he's perfectly comfortable switching to Claude. The real shift McQuaid emphasizes isn't about which model you pick; it's about moving from code completion mode (where you're still doing most of the typing) to agentic mode (where you're prompting instead of editing). When prompting becomes faster than manual editing—even for someone who's anal about his code quality—you've crossed a threshold. That's where McQuaid says he lives now.

Sandboxing: Letting Agents Run Wild Without Losing Your Mind

Here's where things get interesting from a security perspective—and where many developers hesitate. Agentic tools have various "bypass permission checks," "run without sandbox," and "YOLO" modes. The naive approach is just disabling permissions entirely and hoping nothing goes wrong. That's playing with fire, especially if you maintain critical infrastructure like Homebrew. McQuaid's solution: Sandvault, a tool that leverages macOS sandboxes by creating and maintaining a separate non-admin user account for agent work. Once installed via brew install sandvault, you can run agents with commands like sv codex or sv claude. The sandbox prevents catastrophic mistakes—accidental rm -rf on files outside version control, misuse of your GITHUB_TOKEN on sensitive repositories, or exfiltration of private data. McQuaid recommends setting up a different-colored prompt for the Sandvault user so you always know when you're operating inside it.

Git Worktrees: Parallelize Everything

Sandboxing solved the security problem, but running one agent at a time still felt like a bottleneck when you're paying for more tokens than you're currently using. McQuaid's solution was Git worktrees—checking out multiple branches of the same repository simultaneously in separate directories—and Superset as a worktree management layer. He configured Superset to use his Sandvault commands for each agent (Claude, Codex, Gemini, OpenCode), set his worktree location to /Users/Shared/sv-mike/worktrees, and created projects based on repositories cloned there. The beauty: he can spin up multiple agents working on the same repository but different branches at once, then discard whichever approach produces worse results. His workflow shifted from "read problem, add to TODO list" to "copy-paste problem plus brain dump into a prompt, let the agent work."

Review Practices and Homebrew's AI Policies

McQuaid always reviews AI-generated work locally before sharing it—reading output in Fork (his Git GUI of choice), manually editing in Zed for startup speed, prompting for fixes based on review comments, running verification tests, or using another AI to review the first AI's work. The intensity depends on his familiarity with the code and its criticality. Homebrew has implemented explicit policies around AI contributions: mandatory disclosure on PRs, non-maintainers limited to one AI-generated PR at a time, automatic closure without comment when AIs create PRs discarding their template, size limits requiring split submissions, and blocking for persistent low-quality contributors. "We will sometimes just close out PRs where it feels like we're speaking to their agent and not the human," McQuaid notes—frankly, that's a sentiment many maintainers are feeling right now.

Beyond Coding: The CTPO Assistant

In a twist that might surprise anyone who thinks executive roles mean, McQuaid uses Superset as an AI assistant for his CTO responsibilities. He has a project called "ctpo" containing meeting notes, goals, company objectives, and personal TODOs. By training the system on internal engineering culture documents, talks, podcasts, and blog posts, he now has a personal assistant that already knows his high-level values—essentially an extended memory system that doesn't require constant manual curation.

Key Takeaways

  • Agentic tools (Claude Code, OpenAI Codex) crossed into genuinely useful territory in late 2025; if you're still in completion mode, you're missing out
  • Sandboxing via Sandvault lets agents run productively without babysitting permission prompts or risking your main system
  • Git worktrees + Superset enable parallel agent workflows where multiple approaches compete and you keep the best result
  • Keep CLAUDE.md/AGENTS.md minimal—model performance varies too much between versions to rely on complex instructions
  • Review practices should scale with code criticality; for familiar, low-risk changes, lighter review is fine

The Bottom Line

McQuaid's setup isn't about replacing developers—it's about removing the tedious parts that prevent engineers from focusing on genuinely hard problems. GitHub apparently reached out to note Homebrew is among a smaller number of projects seeing merge increases post-AI agents, and this kind of thoughtful, secure workflow is probably why. If you've been hesitant to let agents run unsupervised because of security fears or quality concerns, Sandvault plus worktrees might be the middle ground you needed.