Fast mode is not the default: when fast models earn it

A fast model should be a choice you make for one task, not a setting you forget you turned on. It trades depth for speed, so reach for it when the work is shallow and the deadline is real, and keep it off by default. A fast model is a model variant tuned to answer quicker by thinking less, and the time it saves you in the run can come straight back out of review.

That is the trap on deadline week. Someone flips the Codex CLI session, OpenAI's coding agent, to the fast model to clear the queue, and the same reflex lives in Codex and Claude Code. The model gets faster. The work of explaining the change to a reviewer does not. Speed without receipts is not velocity.

So the question is not "is fast mode good." It is "what do I have to put in the pull request so a fast run is still safe to merge." Below are four receipts that answer that, one per tool you probably already use.

Decide when fast mode is worth it

Use the fast model when the task is bounded and boring: a rename, a small refactor, a test you already know the shape of. Skip it when the change touches money, auth, data deletion, or anything a reviewer cannot trace by reading the diff.

The reason is plain. When "go faster" becomes the target, time-to-green stops measuring what you cared about, because the expensive part was never on the clock. The expensive part is the explanation. A fast run that ships without one just moves that cost to your merge queue, where it shows up as reviewer fatigue.

Tool vendors ship new model speeds constantly. Your job is steadier: keep the receipts your team reviews against, whatever the model of the week is.

Write a Codex scope ledger before the run

In Codex, Anysphere's AI code editor, .mdc rule files read as precise until two reviewers argue about what a rule meant. Rules also compete with chat memory, so the agent ends up coordinating two versions of the plan with no single source.

Fix it with five lines in the parent chat before you start: goal, allowed paths, forbidden paths, verification command, merge owner. Now review is checking a ledger against a diff instead of relitigating a prompt. The Codex agent docs cover the rule mechanics this sits on top of.

Make Claude Code and Codex carry their own proof

In Claude Code, Anthropic's coding agent, bash approvals turn into muscle memory fast. Hooks help, but only if the repo says which one wins. Put a supremacy clause at the top of CLAUDE.md: which hooks take precedence, which folders need human eyes, where temporary overrides live. Sessions stop inventing policy mid-run. The Claude Code docs are the place to start if you have not set hooks up yet.

Codex CLI has the opposite gap: a fast run merges green while nobody saw the transcript. Have AGENTS.md require a replay sandwich before the PR: an intent line, the command transcript, then a diff summary. Review becomes reproducible without anyone standing behind your terminal. The Codex quickstart shows where AGENTS.md plugs in.

Give every MCP connector a card

A connector ends up touching data nobody put on the diagram. That is the default failure mode: MCP servers ship as capability demos, and least privilege needs trust boundaries you write down. During rollback rehearsals we keep catching calls that look harmless until credentials land in the transcript.

Write one markdown card per server: allowed actions, forbidden actions, owner, rollback. Incidents shrink because the operator knows what "off" looks like. The MCP specification defines the capability model these cards constrain.

Here is the delegation snapshot we paste in, one block covering all three tools:

---
description: Delegation boundary snapshot (adapt globs to your repo)
globs:
  - "**/*"
alwaysApply: false
---

- Codex: keep scopes explicit in `.mdc`; forbid undeclared MCP domains.
- Claude Code: cite `CLAUDE.md` precedence before expanding bash scope.
- Codex: ensure `AGENTS.md` carries replay-friendly verification notes for CLI runs.

A fast run earns its speed when four answers are already in the PR.

None of this replaces architecture judgement. Agents speed up execution, not ownership, and OWASP's LLM Top 10 covers the connector risks that do not care which model speed you chose.

Common questions

• Should the Codex fast model be your default for agent runs?

  No. Make it a per-task choice you can defend with receipts, because speed without receipts just moves the cost to your merge queue. Whatever model runs, AGENTS.md should still require the replay sandwich: an intent line, the command transcript, and a diff summary before the PR opens. The default stays off.

• What goes in a Codex scope ledger?

  Five lines in the parent chat: goal, allowed paths, forbidden paths, verification command, and merge owner. It cures scope fog. An .mdc rule can sound precise until reviewers argue about what it meant, and the ledger gives them something concrete to check the diff against. Write it before the run, not after.

• How do I stop prompts from standing in for repo contracts?

  Put scopes in boring, explicit files before any fast run is allowed. The working set is .mdc scopes for Codex, a CLAUDE.md supremacy clause for Claude Code, and replay-friendly verification notes in AGENTS.md for Codex. A tighter prompt evaporates with the session. A file in the repo does not.

• What does a connector card buy me when MCP calls multiply?

  A connector card names allowed actions, forbidden actions, owner, and rollback for one MCP server. Rollback rehearsals keep catching calls that look harmless until credentials enter the transcript, and the card is what makes "off" unambiguous. Incidents shrink once operators can read it. Write the card before you add the next connector.

Where to take this next

If your repo cannot say "allowed" and "forbidden" out loud, neither can the agent, at any speed. Pick one tool, add its receipt this week, and read the wider AI coding governance cluster for the team-scale version.