You watched a coding agent rewrite ten files in twelve seconds. It looked confident. It looked finished. And you had no idea whether it just shipped a fix or quietly set your repo on fire -- because confidence is not evidence, and you couldn't read the diff to tell the difference.
That fear is exactly why most people either never let an agent near real code, or let it run wild and pray. Both are mistakes. The mistake underneath both is the same: treating the coding agent as a magic coder or an autonomous employee instead of what it actually is -- a fast contractor who needs a scoped brief, an allowed-command list, forbidden zones, a test contract, and a rollback plan before it touches a single line.
What you build: a reusable Coding Agent Shipping SOP that stays yours when the tools change. By the capstone you'll have shipped one small, real, useful repo change end to end -- with a scoped brief, a command policy, a repo triage note, diff evidence a non-coder can inspect, test results, and a rollback fire drill you actually rehearsed.
The mechanism: Claude Code is your primary contractor because it works inside the repo. Codex is your second-opinion reviewer, not a second unchecked author. You stay the owner of the brief, the tests, the diff, and the ship/no-ship call. Across 4 modules and 16 lessons, every module ends at a gate where you prove the operating rule held. Module 1 installs the contractor mindset and repo triage -- because install is not the course. Module 2 builds the one-file first change with allowed commands, forbidden zones, and diff review for non-coders. Module 3 adds Codex as a second opinion, test commands as contracts, and a clean recovery from a bad agent run. Module 4 ships the smallest useful change and turns the whole thing into your SOP.
Time to value is fast: your first safe agent brief comes before local installs ever become the lesson. You predict blast radius from repo shape and command permissions before edits, then judge the result by diffs, tests, logs, and rollback proof -- never by how sure the model sounds.
Here's the ownership thesis. Closed vendor agents are powerful execution surfaces, but they are not the durable asset. The vendor can swap the model, change the price, or degrade the output. The asset that survives all of that is the owned workflow: your brief, your command policy, your tests, your diff evidence, your rollback path. That's what you keep.
You can't wreck anything irreversibly here -- you start in a clean git state, scope to one file, and rehearse rollback before stakes get real. Walk in nervous about letting an agent near your code. Walk out having shipped one safe change and holding the SOP to do it again on any agent, any model, any vendor.