Last reviewed: 2026-07-13

Direct answer

Choose the coding agent execution surface by matching the task to the environment where the agent can see the right repository context, use the right permissions, and produce the handoff artifact you actually need. Use a local terminal when the work depends on command output, local files, fast iteration, or careful inspection of a working tree. Use an IDE surface when the agent needs selected code context, inline diffs, and navigation around related files. Use a cloud surface when the task is bounded enough to run asynchronously against a connected repository and return a branch, diff, or summary. Use a pull request surface when the main deliverable is a reviewable change with discussion and merge controls. Use CI or workflow automation when the work has a repeatable trigger, narrow permissions, and an explicit secret-handling plan.

A practical rule is to start with the most supervised surface that can complete the work, then move repeatable pieces into a more automated surface after the workflow is understood. Exploratory debugging belongs close to the developer, usually in a terminal or IDE. Reviewable implementation belongs in a branch and pull request. Repeated verification belongs in CI after the command, trigger, and permissions are stable. Long-running repository work can move to a hosted agent surface when the task can tolerate asynchronous feedback and the expected output is clear before the run begins.

For related preparation, read Repository Context and Parallel Agent Workflows and Set Safe Permission and Secret Boundaries for Coding Agents .

Who this is for

This guide is for engineering leads, staff engineers, platform operators, and developers who assign coding tasks to agents across terminal tools, IDE assistants, hosted runners, pull requests, and CI workflows. It is most useful when a task touches repository state, credentials, generated diffs, operational logs, or reviewer handoff. The goal is not to rank tools. The goal is to choose the surface that makes the work inspectable, bounded, and reversible.

Use it before starting a task such as repairing a failing test, updating dependency code, writing missing tests, preparing a pull request, triaging CI output, or delegating a longer repository change. The selection step should happen before the first prompt because the surface determines what the agent can inspect, what it can change, how the result is reviewed, and where secrets or permissions might appear.

Key takeaways

  • Pick the surface from the task’s risk profile, context needs, and handoff path, not from convenience alone.
  • Use terminal or IDE sessions for exploratory work that needs live command feedback, local repository state, or selected code context.
  • Use hosted cloud execution for bounded repository tasks that can run without a local machine and return a branch, diff, or summary.
  • Use pull requests when review, discussion, change requests, and merge controls are part of the work.
  • Use CI workflows for repeatable checks after triggers, permissions, and secret access have been narrowed.
  • Keep credentials out of prompts, logs, examples, and generated files. Use platform-scoped secret mechanisms when automation genuinely needs secret access.
  • Record what changed, what ran, what failed, and what remains uncertain so the next reviewer does not have to reconstruct the run.

Surface selection workflow

Setup assumptions:

  • The repository has a clean branch, disposable worktree, or other reversible working area for the task.
  • The operator has identified whether the task is exploratory, implementation-focused, review-focused, or repeatable automation.
  • Secrets are not needed, or they are available only through an approved platform mechanism rather than pasted into a prompt.
  • The success definition is small enough to verify, such as a changed file list, a passing command, a pull request ready for review, or a clear stopped state.
  • The agent can report the commands it ran, files it changed, assumptions it made, and checks it skipped.

Happy-path request plan:

  1. Write a short task brief with the desired change, files or modules in scope, commands to run, and expected handoff artifact.
  2. Choose the surface before starting: terminal, IDE, cloud runner, pull request, or CI workflow.
  3. Start the task on that surface and keep the request tied to the original scope.
  4. Ask the agent to report changed files, commands run, failed checks, skipped checks, and unresolved assumptions.
  5. Review the output in the surface where the final decision will happen. For code changes, that usually means a diff or pull request.

Error-path check:

If the agent asks for broader permissions, unavailable credentials, unexplained network access, a larger file scope, or a tool behavior that the sources do not support, stop the run and move the work to a safer surface. For example, a cloud run that needs live local state should move back to a terminal or IDE. A terminal change that needs team review should move into a pull request. A CI automation idea that still needs exploratory debugging should remain supervised until the command and permissions are clear.

Minimum assertions:

  • The selected surface had access to the repository context required for the task.
  • The agent produced the expected artifact: diff, branch, pull request, command transcript, run summary, or stopped-state note.
  • Secrets were not pasted into prompts, logs, examples, generated files, or review comments.
  • Any failed command or skipped check is recorded with the reason.
  • The final handoff names the changed files and the next review step.

Pass/fail logging fields:

surface: "local-terminal | ide | cloud | pull-request | ci-workflow"
task_id: "TASK-PLACEHOLDER"
branch_or_run_id: "BRANCH-OR-RUN-PLACEHOLDER"
changed_files: ["path/to/file.ext"]
commands_run: ["command placeholder"]
secret_handling: "not-needed | platform-scoped | blocked"
result: "pass | fail | stopped"
follow_up: "next review step placeholder"

What not to assert:

  • Do not claim model availability, pricing, quota behavior, latency, uptime, or billing impact from this workflow.
  • Do not treat a passing local command as proof that a hosted workflow has the same permissions.
  • Do not treat a generated pull request as reviewed until the required review process has accepted it.
  • Do not infer that one coding agent surface behaves exactly like another unless the current product documentation says so.

Sources checked

Contract details to verify

AreaWhat to verifySource URLAccessedSafe candidate wording
Local and IDE surfacesWhether the tool supports terminal, IDE, file editing, command execution, and repository-aware workflowshttps://docs.anthropic.com/en/docs/claude-code2026-07-13“Use terminal or IDE surfaces when the task needs tight feedback from files, diffs, commands, and selected code context.”
Hosted executionWhether the work can run asynchronously against repository context and return a reviewable artifacthttps://developers.openai.com/codex/cloud2026-07-13“Use a cloud surface for bounded repository work that can run without your local machine.”
Pull request handoffWhether the change needs review, discussion, change requests, and merge controlshttps://docs.github.com/en/pull-requests2026-07-13“Use a pull request when the output needs a durable review and merge path.”
Workflow secretsWhether automation needs platform-managed secrets rather than pasted credentialshttps://docs.github.com/actions/reference/encrypted-secrets2026-07-13“Use platform-scoped secret mechanisms for workflow automation, and do not paste credentials into prompts or examples.”
Repository contextWhether project instructions or remembered context should be prepared before a longer runhttps://code.claude.com/docs/en/memory2026-07-13“Prepare repository instructions and task context before assigning long-running agent work.”

Failure modes

Evidence gap: the agent cannot inspect the failing log, source page, pull request, local command output, or repository file needed to justify the next step. The safe action is to stop and record the missing evidence instead of guessing.

Scope drift: the agent edits files that are not connected to the observed failure or requested change. Keep the work tied to the original signal and leave unrelated cleanup for a separate task. For pull-request work, Write Change Scope Notes Before an Agent Pull Request gives a useful companion pattern.

Environment mismatch: a local check uses different versions, credentials, feature flags, operating system behavior, or runtime settings than the hosted path. Record the mismatch before treating the result as proof.

Permission creep: the agent requests broader repository, workflow, shell, network, or secret access because the selected surface is inconvenient. Change the surface or narrow the task instead of expanding access by default.

Weak handoff: the final note says the issue is fixed but omits the command, result, changed files, and remaining uncertainty. That forces the next reviewer to repeat the investigation. For handoff shape, see How to Hand Off Coding Agent Pull Requests for Review .

Premature automation: a team moves exploratory repair work into CI before the trigger, command, permissions, and secret path are stable. Keep exploratory repair supervised, then automate only the repeatable verification step.

Reader next step

Before starting the next coding-agent task, write one sentence for each of these fields: selected surface, why that surface fits, files or modules in scope, commands to run, expected artifact, secret-handling rule, and stop condition. If any field is unclear, choose a more supervised surface and narrow the request before the agent begins.

Use Write Change Scope Notes Before an Agent Pull Request as the next comparison point. Keep Agent Memory Review Before Long-Running Tasks nearby for setup and permission checks.

FAQ

What is a coding agent execution surface?

It is the environment where the agent performs the work: a terminal, IDE, hosted cloud runner, pull request workflow, or CI automation surface. The surface controls what the agent can inspect, what it can change, how it reports results, and how reviewers decide whether to accept the work.

When should I choose a local terminal?

Choose a local terminal when the task needs frequent command output, interactive debugging, direct inspection of local repository state, or fast correction. Terminal work is also a good starting point when the task is still ambiguous and you need to learn from command output before assigning a larger change.

When is an IDE surface better than a terminal?

Choose an IDE surface when selected code context, navigation, inline diffs, and nearby files matter more than raw command execution. IDE surfaces are useful for targeted edits, refactors with visual review, and tasks where the developer wants to steer the agent around specific files.

When is a cloud surface a better fit?

Choose a cloud surface when the task is bounded, can run asynchronously, and can return a branch, diff, or summary without needing your local machine. Define the expected artifact and stop condition before starting so the run does not expand into open-ended repair.

Why use a pull request instead of accepting an agent diff directly?

A pull request gives reviewers a durable place to inspect the diff, ask questions, request changes, compare updates, and decide whether the work should merge. It is the better surface when the code change needs team review rather than private local acceptance.

Should CI workflows run coding agents automatically?

Only after the workflow trigger, permissions, command, and secret handling are constrained. CI is a strong surface for repeatable checks and narrow automation, but it is a poor first surface for open-ended debugging that still needs human judgment.

How should credentials appear in task examples?

Use placeholders such as <API_KEY_PLACEHOLDER> and keep real credentials out of prompts, logs, generated files, and examples. If a workflow needs secret access, use the platform’s scoped secret mechanism and record that the secret path was platform-scoped rather than pasted into the task.