Coding Agents in Software Engineering

• Coding agents are autonomous systems that leverage LLMs with explicit tool invocation to plan, execute, and iteratively resolve complex software tasks.
• They integrate sophisticated control architectures and scaffold taxonomies, enabling the orchestration of file I/O, testing, and code refactoring across development cycles.
• Empirical studies reveal that while coding agents enhance automation and modularity in software maintenance, they also present challenges in security, action bias, and code vulnerability.

A coding agent is an autonomous software system that leverages a LLM scaffolded by explicit tool access, structured control logic, and a feedback-driven workflow to perform nontrivial software engineering tasks such as bug fixing, refactoring, code generation, or scientific programming. Unlike passive code-completion tools, coding agents operate over extended, multi-step interactions, invoke tools (e.g., file system, terminal, test runners, AST analyzers), and produce or validate concrete code artifacts—commits, patches, or simulation outputs—typically with minimal human intervention beyond the initial task specification (Matricon et al., 26 Jan 2026, Rombaut, 3 Apr 2026, Gloaguen et al., 8 May 2026). The agent’s autonomy derives from its capacity to plan, execute, and adapt full development cycles, not just suggest localized completions.

1. Definition and Distinction

Coding agents are characterized by several core properties: (i) persistent autonomy (they accept high-level descriptions and loop until resolution), (ii) explicit tool invocation (file I/O, shell commands, testing, code editing), and (iii) interaction traces that leave durable repository artifacts (commits, configuration files, PRs). This differentiates them from code completions, which operate strictly within editor windows, suggest short fragments, and do not orchestrate external tool usage or produce cross-file changes (Matricon et al., 26 Jan 2026).

The agent’s minimal interaction loop is as follows:

1. Accept user goal or issue.
2. Issue LLM prompt(s) to plan or suggest actions.
3. Execute structured tool calls (e.g., edit, test, git) based on LLM response.
4. Observe tool outputs and update state; repeat as needed.
5. Output a patch, commit, or solution and terminate (Rombaut, 3 Apr 2026).

This autonomy necessitates dedicated scaffolding code—i.e., a control architecture, tool interface, and context/resource management logic—that surrounds the LLM and mediates agentic behavior (Rombaut, 3 Apr 2026).

2. Control Architectures and Scaffold Taxonomy

Coding agent scaffolds define the agent’s decision-making, tool usage, and resource control. "Inside the Scaffold" offers a 12-dimensional taxonomy, grouped into three architectural layers (Rombaut, 3 Apr 2026):

Control Architecture:

• Control-loop topology: pipeline, ReAct, phased, tree-search (MCTS), multi-attempt retry.
• Loop driver: user, scaffold policy, LLM-driven.
• Control-flow implementation: while-loops, state machines, recursion.

Tool and Environment Interface:

• Tool set: read, search, edit, execute, validate.
• Edit/patch format: string-replace, unified-diff, XML, function call.
• Tool discovery: static, config-based, dynamic per turn.
• Context-retrieval: grep, AST, embedding search.
• Execution isolation: none, subprocess, sandbox, Docker.

Resource Management:

• State management: flat lists, graph or tree nodes, event logs.
• Context compaction: sliding windows, structural resets, LLM summarization.
• Multi-model routing: single, role-based, safety-critic, classifier chains.
• Persistent memory: session DB, LLM-writable rules, pipeline resume.

Empirically, most real agent scaffolds combine multiple loop primitives (e.g., ReAct∪plan-execute∪multi-attempt retry), and architectural choices diverge most around context compaction and state management (Rombaut, 3 Apr 2026).

3. Empirical Performance and Real-World Usage

Large-scale empirical studies show that coding agents have transitioned from experimental systems to actively used tools in open-source and enterprise workflows:

• Repository Traces: By late 2025, ~15–19% of active GitHub projects showed agent traces (co-authored commits, config/guidance files). Top agents (Copilot, Claude Code, Codex, Cursor) accounted for ~80% of detected activity (Matricon et al., 26 Jan 2026).
• Session Structure and Authorship: In SWE-chat (6,000 sessions; 355,000 agent tool calls), coding sessions were bimodal—either "vibe coding" (agent authors virtually all code) or fully human-led. Only ~44% of agent-authored lines survived into final commits, and agent code introduced vulnerabilities at ~9× the rate of human code (Baumann et al., 22 Apr 2026).
• Contribution Patterns: Agents were most effective at low-level, consistency-oriented automation (e.g., variable renaming), yielding small but statistically significant reductions in class size and complexity for medium-level refactorings (Horikawa et al., 6 Nov 2025).

Security, reliability, and quality remain under close observation due to the high rate of user pushback (44% of turns in SWE-chat involve user correction/rejection) and the elevated incidence of code vulnerabilities in agent-generated code (Baumann et al., 22 Apr 2026).

4. Benchmarks and Limitations

Systematic evaluation is provided by tailored benchmarks such as FixedBench, which tests abstention: agents must recognize resolved issues and abstain from making unnecessary edits. Results indicate severe action bias: state-of-the-art coding agents propose nontrivial code changes on 35–65% of Resolved tasks, even when no changes are needed (Gloaguen et al., 8 May 2026). The undesirable-change rate is formalized as: $$R_{\mathrm{und}} = \frac{\left|\left\{i\,:\,|\hat X_i|_{\text{code}} > 0\right\}\right|}{N}$$ where $N$ is the number of abstention tasks, filtering non-production code changes.

Prompt-based mitigations (e.g., "Abstain or Fix") can reduce spurious edits (~80–90% correct abstention), but induce conservativeness: agents often over-abstain and fail to patch genuinely unresolved issues, specifically when partial fixes are present (Gloaguen et al., 8 May 2026).

Training regimes and reward models typically overemphasize action ("suggest a patch") rather than inaction ("no change as success"), reinforcing this bias.

5. Self-Improvement, Adaptation, and Scientific Coding

Recent work demonstrates self-improving coding agents capable of iterative performance gains. SICA (Self-Improving Coding Agent) achieves 17–53% accuracy gain on SWE Bench by leveraging LLM-powered reflection and self-editing, without any gradient-based parameter updates (Robeyns et al., 21 Apr 2025). Such approaches formalize the meta-improvement loop, archive snapshots, and tool-augmented reasoning.

Domain-specific adaptation is accomplished by lightweight harnessing (e.g., SIGA): adding retrieval, procedural memory, inline validation, and validation-enforced termination wraps to baseline agents yields robust scientific simulation setup, often matching or exceeding domain-expert quality within minutes (Ho et al., 8 Jun 2026). Multi-agent orchestration in scientific coding (as in MOSAIC or SciNav) enables decomposition, reflection, debugging, and rigorous evaluation workflows inaccessible to monolithic LLM completions (Raghavan et al., 9 Oct 2025, Zhang et al., 11 Mar 2026).

6. Applications, Risks, and Open Problems

Applications range from autonomous software maintenance and refactoring (Horikawa et al., 6 Nov 2025), personalized education (Zhao et al., 18 Jul 2025), and world-model construction via executable code (Wang et al., 14 May 2026), to scientific workflow automation (Raghavan et al., 9 Oct 2025, Zhang et al., 11 Mar 2026, Ho et al., 8 Jun 2026). Coding agents also function as long-context processors, using external tools and file systems to scale reasoning to trillion-token corpora—a capability unattainable via LLM attention mechanisms alone (Cao et al., 20 Mar 2026).

Risks are substantial: agent-introduced security vulnerabilities are an order of magnitude higher than for humans (Baumann et al., 22 Apr 2026), agent outputs necessitate rigorous human oversight, and “action bias” can contribute to technical debt or missed repairs (Gloaguen et al., 8 May 2026).

Best practices identified include layered safety guardrails, approval/planning modes, session-scoped state management, tool manifest rigor, and explicit human trust calibration (Pinto et al., 10 Apr 2026). Open research questions center on optimal tool design, state management, context-compaction strategies, and the boundary between LLM-driven reasoning and external control logic (Rombaut, 3 Apr 2026, Pinto et al., 10 Apr 2026).

7. Future Directions and Research Frontiers

Research is focused on:

• Plug-and-play tool protocols for scaffold extensibility.
• Training signals and reward modeling that balance action and inaction.
• Modular specialization and unified distillation for generalist agents across languages/domains (Li et al., 29 Mar 2026).
• Automated meta-loop adaptation for domain-specific workflows (Robeyns et al., 21 Apr 2025, Ho et al., 8 Jun 2026).
• Empirical mining of agent traces to assess code quality, workflow effects, and human–agent interaction dynamics at scale (Matricon et al., 26 Jan 2026, Baumann et al., 22 Apr 2026).
• Robust benchmarking for architectural refactorings, safety-critical automation, and scaled-up long-context tasks (Horikawa et al., 6 Nov 2025, Cao et al., 20 Mar 2026).

Coding agents thus represent a paradigm shift in software engineering, scientific programming, and data-driven research on AI-assisted development, with rapid advances but also critical open questions regarding reliability, safety, and alignment to human objectives.