An AI Pair-Programming Workflow That Works
A workflow that turns AI coding tools into a net gain: plan first, ship small diffs, verify for real. Backed by METR, GitClear, and DORA data.
An AI pair-programming workflow that works keeps the human as the planner and reviewer, not a button that accepts suggestions. The pattern that produces net gains is the same one good engineers already use: make the model draft a plan you approve, ship small diffs one unit at a time, and verify with tests, diff review, and a real run before accepting anything. The evidence is blunt: raw model capability is at an all-time high, yet naive AI coding measurably slows experienced developers down and inflates code debt. The workflow, not the model, decides whether you come out ahead.
What AI Pair Programming Actually Is (and the Trap)
AI pair programming is using a coding model as the “driver” while you stay the “navigator”: you set direction, it types, you review every line before it lands. Done this way it is a force multiplier. The trap is the opposite arrangement, where the model navigates and you become a rubber stamp that accepts diffs you never read.
The trap is seductive because it feels fast. You see code appear, you accept it, the loop is tight. But “feels fast” and “is fast” are not the same thing, and the gap between them is exactly where the data lives.
If you are new to how these models reason about your codebase, the context window glossary entry explains why a model that aces benchmarks can still be blind to the parts of your repo it never sees.
The Evidence: Why Naive AI Coding Generates Debt
The headline numbers are uncomfortable, and they come from controlled studies and large code-change datasets, not vibes.
| Source | What it measured | Finding | What it means for you |
|---|---|---|---|
| METR RCT (July 2025) | 16 experienced OSS devs, 246 real tasks on their own mature repos | AI made them 19% slower, though they felt 20% faster and forecast a 24% speedup | On code you know well, naive AI use can be a net loss |
| GitClear 2025 (211M+ lines) | Copy/pasted code as a share of changed lines | Rose from 8.3% (2020) to 12.3% (2024), now exceeds refactored code | Models insert new blocks instead of reusing functions |
| GitClear 2025 | Refactored (“moved”) code share | Fell from ~25% (2021) to under 10% (2024) | Reuse is dying; duplication compounds |
| GitClear 2025 | Code churn (reverted/rewritten within ~2 weeks) | Rose from 3.1% (2020) toward 7.1% (2024) | More throwaway code, correlated with AI adoption |
| Ox Security 2025 (300+ repos) | Recurring anti-patterns in AI output | 10 patterns present in 80-100% of AI code | Incomplete error handling and weak concurrency are the norm |
The METR result is the one to sit with. These were experienced developers, mostly on Cursor Pro with Claude 3.5/3.7 Sonnet, working on large mature codebases they knew intimately. They lost time to prompting, waiting, and reviewing output that often had to be reworked. They believed the opposite the entire time. Perceived speed is not a reliable signal, so you have to measure throughput and rework instead of trusting the feeling.
GitClear explains the debt mechanism. A model with limited context cannot see that a helper already exists, so it writes a fresh block. Duplicated blocks rose roughly eightfold. Refactoring, the act of reusing and consolidating, collapsed. You ship more lines and own more copies of the same logic.
Capability is not the bottleneck
By June 2026 the top frontier models cluster around 87-89% on SWE-bench Verified (GPT-5.5 ~88.7%, Claude Opus 4.8 ~88.6%, Opus 4.7 ~87.6%). The models are extraordinary. The METR and GitClear data show that this capability does not convert into net productivity on its own. The conversion happens in the workflow.
The 2025 DORA Report gives the framing that ties it together. AI adoption hit 90% of software professionals, with a median of about 2 hours a day spent working with AI. DORA found AI now links to higher delivery throughput but still has a negative relationship with delivery stability unless a team has strong testing, version control, and fast feedback loops. DORA calls AI an amplifier: it does not fix a team, it magnifies what is already there. Strong teams get faster. Weak teams get more unstable, faster.
The Loop That Works: Plan First, Small Diffs, Verify
The whole workflow is three moves repeated. Plan before code. Ship small diffs. Verify for real. Everything below is detail on those three.
| Step | What you do | When to lean on it hardest |
|---|---|---|
| Plan first | Make the model draft an approach you approve before it writes code | New features, anything touching multiple files, unfamiliar areas |
| Small diffs | One logical unit per request, commit, run, repeat | Always; non-negotiable on production code |
| Verify for real | Tests, full diff review, run the app before accepting | Always; especially for error handling, auth, concurrency |
Step 1: Plan Before Code (Make the Model Draft a Plan You Approve)
Ask for the plan first, not the code. A good prompt: “Before writing anything, list the files you will change, the approach for each, the edge cases, and the tests you will add. Wait for my approval.”
This costs you two minutes and saves the most expensive failure mode, which is a confident wrong approach expressed as 300 lines you now have to read, understand, and reject. Catching it as three sentences is cheap. Catching it as a finished diff is not.
It also front-loads context. The model that knows your constraints before it types produces code that fits. Solid plan prompting is a skill in itself; the prompt engineering glossary entry covers the fundamentals if you want to sharpen how you brief the model.
Step 2: Small Diffs, One Unit at a Time
Scope every request to a single logical unit: one function, one endpoint, one bug. Commit it, run it, then move on. This is the direct countermeasure to the GitClear churn and duplication numbers.
Small diffs work because:
- Review stays honest. A 40-line diff gets read. A 600-line diff gets skimmed, and skimmed diffs are how anti-patterns ship.
- Churn drops. When each unit is verified before the next starts, you are not stacking changes on top of code that turns out to be wrong.
- Blame stays clean. When something breaks, a tight commit history tells you which unit did it.
The honest con: this feels slower than firing off a mega-prompt and watching a whole feature appear. It is slower per keystroke and faster per shipped-and-working feature. That is the exact trade the METR study quantifies.
Step 3: Verify for Real (Tests, Diff Review, Run It)
Never accept code you have not read and run. Three gates, every time:
- Tests. The model writes them in the plan; you check they actually exercise the behavior, including the edge cases, not just the happy path.
- Diff review. Read every changed line. You are looking for the Ox Security top ten: missing error handling, swallowed exceptions, race conditions, inconsistent patterns versus the rest of the file.
- Run it. Execute the path the change touches. Benchmark scores do not run your code; you do.
Treat each AI change as a pull request from a tireless junior who is fast, confident, and occasionally very wrong. You would not merge that PR unread. Apply the same bar here. The documented hidden costs make the case: naive AI coding adds review overhead, roughly 1.7x the testing burden from extra defects, and about 2x code churn from constant rewrites. Verification is not friction on top of the gains; it is what protects the gains.
Writing Context the Model Can Use (CLAUDE.md, AGENTS.md, House Rules)
The METR slowdown was partly a context problem: large mature codebases hold context the model does not have. You can hand some of it over. A repo-level rules file (CLAUDE.md for Claude Code, AGENTS.md for several other tools) is read on every request and is where you encode the house rules a model would otherwise guess at.
Put in it the things you would tell a new hire on day one:
- Stack, versions, and hard constraints (“Astro 6, Tailwind 4, no light mode”)
- Conventions (“use the existing
Buttoncomponent, never inline styles”) - What not to touch (“never edit generated files in
dist/”) - How to run tests and what green looks like
- The plan-first, small-diff, verify-before-accept workflow itself
This is the cheapest, highest-leverage thing most teams skip. It directly attacks the duplication problem by pointing the model at the helpers and patterns it should reuse instead of reinventing.
Choosing and Driving the Tools: Claude Code, Cursor, Copilot in 2026
The workflow matters more than the tool, but the tool shapes how naturally the workflow fits. Pricing and positioning as of June 2026:
| Tool | Form factor | Pricing (June 2026) | When to choose |
|---|---|---|---|
| Claude Code | Terminal agent | Included in Claude Pro $20/mo, Max $100/mo (5x) and $200/mo (20x) | You live in the terminal and want plan-first agentic edits with a CLAUDE.md |
| Cursor | AI-native IDE | Hobby free, Pro $20/mo, Pro+ $60/mo, Ultra $200/mo | You want an editor built around AI with inline diff review |
| GitHub Copilot | IDE extension | Free (2,000 completions/mo), Pro $10/mo, Pro+ $39/mo, Max $100/mo | You want autocomplete inside your existing editor at the lowest entry price |
Whatever you pick, the driving rules are identical: ask for a plan, keep diffs small, read and run everything. A better model raises the ceiling. It does not change the discipline that gets you there.
Anti-Patterns to Kill (Vibe-Coding, Accept-All, Mega-Prompts)
These three habits are the engine behind the bad numbers above:
- Vibe-coding. Accepting output because it looks plausible and the demo works. This is how the Ox Security anti-patterns reach production: the happy path runs, the error handling does not exist, nobody read it.
- Accept-all. Bulk-accepting a multi-file change without line-by-line review. Every unread line is a line you now own and did not write. This is where churn and duplication compound.
- Mega-prompts. One giant request for a whole feature, then reviewing a giant diff. It feels efficient and produces the largest unreviewable blobs and the worst rework rates.
The fix for all three is the same loop: plan, small diff, verify.
A Checklist You Can Paste Into Your Workflow
Drop this into your CLAUDE.md, your PR template, or a sticky note:
- I asked for a plan and approved it before any code was written
- This change is one logical unit, small enough to review in one sitting
- I read every changed line, not skimmed it
- Error handling, edge cases, and concurrency are actually handled
- The model reused existing functions instead of duplicating logic
- Tests exist, exercise the real behavior, and pass
- I ran the app and saw the change work
- The commit is scoped and the message says what changed
If you cannot tick all eight, you have an untested diff, not a finished feature.
Where This Goes Next: From Pair Programming to Agents
The same discipline scales up. As tools move from pair programming toward agents that take a goal and work for minutes unattended, plan-approve-verify becomes the safety harness, not an optional nicety. The plan is the contract you approve before the agent runs. The small-diff principle becomes “check out the agent’s branch and review it as a PR.” Verification becomes the gate before merge. DORA’s amplifier finding holds at every scale: teams with tests, version control, and fast feedback get compounding leverage from agents, and teams without them get compounding instability.
If you are weighing whether to build that capability in-house or bring in help to set up the workflow, tests, and guardrails first, our AI agent development service exists for exactly that handoff. The tools are ready. The question is whether your workflow is.