You finally wire up an LLM to your codebase, give it a prompt like "add pagination to the users endpoint," and... it edits the wrong file, hallucinates an import that doesn't exist, and confidently tells you it's done. Sound familiar?
I spent the last few months building and debugging custom coding agents, and the pattern I kept hitting was the same: the LLM itself is capable enough, but the scaffolding around it is what makes or breaks the whole system. A coding agent isn't just "an LLM that writes code." It's an orchestrated system with distinct components, and when one of them is weak, everything crumbles.
Let me walk through the architecture that actually works, component by component, and show you how to fix the most common failure modes.
The Core Loop: Plan, Act, Observe, Repeat
Every functional coding agent runs some variation of an agentic loop. The LLM receives context, decides on an action (read a file, write code, run a test), observes the result, and decides what to do next. This is fundamentally different from single-shot code generation.
Here's the minimal skeleton:
def agent_loop(task: str, max_steps: int = 20):
messages = [{"role": "user", "content": task}]
for step in range(max_steps):
response = llm.chat(messages, tools=available_tools)
if response.is_done: # agent signals task complete
return response.final_answer
# Execute whatever tool the agent chose
tool_result = execute_tool(response.tool_call)
# Feed the result back so the agent can react
messages.append({"role": "assistant", "content": response.raw})
messages.append({"role": "tool", "content": tool_result})
return "Max steps reached — agent got stuck"The problem most people hit first: no iteration limit, so the agent spins forever. Or the opposite — the limit is too low and it bails before finishing multi-file changes. I've found 15-30 steps works for most coding tasks, but you should log step counts per task to calibrate.
Component 1: Tool Design (Where Most Agents Silently Fail)
The tools you give your agent are the single biggest leverage point. Get these wrong and no amount of prompt engineering saves you.
The minimum viable toolset for a coding agent:
- File reader — read file contents, ideally with line numbers
- File writer/editor — apply targeted edits (not full file rewrites)
- Directory listing / search — let the agent find files by name or content
- Shell executor — run tests, linters, build commands
Here's the mistake I kept making: giving the agent a write_file tool that overwrites the entire file. The agent would read a 500-line file, try to rewrite all 500 lines, and introduce subtle bugs in lines it wasn't even trying to change.
# BAD: full file rewrite tool
def write_file(path: str, content: str):
"""Overwrites the entire file with new content."""
with open(path, 'w') as f:
f.write(content)
# GOOD: targeted edit tool
def edit_file(path: str, old_string: str, new_string: str):
"""Replaces a specific string in the file.
Fails if old_string isn't found — forces the agent to
read the file first and match exactly."""
content = open(path).read()
if old_string not in content:
return "ERROR: old_string not found in file"
if content.count(old_string) > 1:
return "ERROR: old_string is ambiguous (multiple matches)"
with open(path, 'w') as f:
f.write(content.replace(old_string, new_string, 1))
return "Edit applied successfully"The targeted edit approach is what most production agents use now. It forces the agent to be precise and keeps it from accidentally mangling code it shouldn't touch.
Component 2: Context Management (The Real Bottleneck)
LLMs have finite context windows. A real codebase has thousands of files. This mismatch is the root cause of most "the agent edited the wrong thing" bugs.
The fix has three layers:
Layer 1: Let the agent explore. Don't dump your whole codebase into the prompt. Give the agent search tools — grep, glob, file tree — and let it navigate to the relevant code. This sounds slower but it's dramatically more reliable than pre-stuffing context. Layer 2: Summarize aggressively. When the agent reads a 400-line file but only needs to understand the class structure, you're wasting tokens. Some agents use a secondary LLM call to summarize file contents before adding them to context. Layer 3: Truncate tool outputs. Shell commands can produce enormous output. A failing test suite might dump 2000 lines of stack traces. Cap your tool output and tell the agent:def run_shell(command: str, max_output_chars: int = 8000):
result = subprocess.run(command, shell=True, capture_output=True, text=True)
output = result.stdout + result.stderr
if len(output) > max_output_chars:
# Keep the beginning and end — errors are usually at the bottom
half = max_output_chars // 2
output = output[:half] + "\n...TRUNCATED...\n" + output[-half:]
return outputWithout truncation, one verbose command fills your context window and the agent loses track of what it was doing.
Component 3: The System Prompt (More Than You Think)
The system prompt for a coding agent isn't just "you are a helpful assistant." It's the agent's operating manual. The things that made the biggest difference in my setups:
- Explicit workflow instructions: "Always read a file before editing it. Always run tests after making changes."
- Error recovery patterns: "If a test fails, read the error output carefully before making changes. Do not guess."
- Tool usage constraints: "Never use write_file on files longer than 50 lines. Use edit_file instead."
These sound obvious, but without them the agent takes shortcuts. It'll try to edit a file it hasn't read, guess at function signatures, and skip running tests because "the code looks correct."
Component 4: Sandboxing (Non-Negotiable)
Your agent runs shell commands. That means it can rm -rf / if it decides to. This isn't theoretical — I've watched agents try to install packages globally, modify system configs, and run git push without being asked.
At minimum:
- Run shell commands in a Docker container or isolated environment
- Whitelist allowed commands or at least blacklist dangerous ones
- Set timeouts on all shell executions (agents love infinite loops)
- Never give write access to files outside the project directory
The Failure Mode Nobody Talks About: Agent Loops
The most insidious bug is when the agent gets stuck in a loop — it makes a change, the test fails, it reverts the change, tries the same thing again, and burns through your API budget.
The fix is surprisingly simple: track what the agent has already tried.
def agent_loop_with_memory(task: str):
messages = [{"role": "user", "content": task}]
attempted_edits = [] # track what we've tried
for step in range(30):
# Inject memory of past attempts into context
if attempted_edits:
reminder = f"Previous attempts that didn't work: {attempted_edits}"
messages.append({"role": "system", "content": reminder})
response = llm.chat(messages, tools=available_tools)
if response.tool_call and response.tool_call.name == "edit_file":
attempted_edits.append(response.tool_call.args)
# ... rest of the loopThis alone cut my agent's wasted iterations by about 40%.
Putting It All Together
If your coding agent is unreliable, don't blame the LLM. Check these components in order:
The LLMs are good enough. The scaffolding is what separates an agent that demos well from one that actually ships code. Start with the minimal loop, add components incrementally, and log everything — you'll be surprised how quickly a disciplined architecture outperforms a clever prompt.