I've spent the last six months building, breaking, and rebuilding an autonomous coding agent from scratch. Not using someone else's framework. Not wrapping GPT-4 in a loop. Building the actual execution engine, test runner, repair logic, and LLM cascade — all of it.
Here's what I learned that nobody talks about in the benchmark papers.
The Hype vs. The Reality
Every week there's a new demo: an AI agent that "wrote a full app in 30 seconds." The clip goes viral. The comments go wild. And then developers who actually try it find out that:
It works on the demo input
It fails on everything slightly different
When it fails, it fails silently
There's no way to reproduce what it did
This isn't a model problem. The models are genuinely capable. It's an architecture problem.
What Actually Breaks Agents
After running thousands of benchmark cases across Python, Go, TypeScript, and Rust, I found the failures cluster into five categories — none of them about raw LLM intelligence.
- No Repair Loop Most agent demos show a single pass: prompt → code → done. Real code almost never works on the first try. Syntax errors, missing imports, type mismatches, logic bugs — these are normal. An agent without a structured repair loop is a demo, not a tool. What actually works: Plan → Execute → Test → Fail? ↓ Classify the failure type ↓ Build a targeted repair prompt ↓ Re-execute → Re-test ↓ (max 3 attempts) Rollback if still failing The key word is classify. Not "here's the error, fix it." But "this is a SyntaxError in file X at line Y, caused by Z pattern — here's the relevant code." Agents that pass error output verbatim to the LLM waste tokens and get worse results than agents that extract structured failure context.
- Flaky Test Execution Here's something surprising: agents often fail not because the generated code is wrong, but because the tests they write are weak. A test that passes with wrong implementation isn't a test — it's a false signal. This is the mutation testing problem. Consider: pythondef is_even(n): return n % 2 == 0 Test that passes: pythondef test_is_even(): assert is_even(4) == True Mutate the code: pythondef is_even(n): return n % 2 != 0 # wrong! The test still passes if it only checks is_even(4). Because 4 % 2 != 0 is False, and False == True is... wait, that fails. But is_even(3) with the mutated code returns True, so if your test only checks even numbers, you'll miss it. Agents that don't enforce mutation testing produce code that passes tests but fails in production. The fix: after every successful test run, mutate key operators (== → !=, + → -, if x: → if not x:) and verify the tests catch it. If they don't — the tests are weak, not the code.
- No Workspace Awareness Ask an agent to "fix the bug in my Go service." The agent doesn't know:
Is there a go.mod? What's the module name?
Is go test ./... the right command or go test -run=TestXxx ./...?
Are there external dependencies that need go mod tidy?
Is this a single package or a multi-module workspace?
Without this context, the agent either guesses (wrong) or asks (annoying). Neither is acceptable.
What works: a Workspace Oracle that scans the project structure before any planning happens:
Detected: Go module at /src/go.mod (module: myapp)
Detected: Test files in /src/cmd/, /src/internal/
Test command: go test ./... -v
Dependencies: standard library only
This sounds obvious. Almost no agent does it properly.
- No Rollback Agents that modify files and fail leave your workspace in a broken state. This is not theoretical — it happens constantly during multi-step repairs. The solution is embarrassingly simple: git stash before every execution attempt, git stash pop on rollback, git stash drop on success. Before execution: git stash create ← snapshot During execution: agent modifies files On test failure: git stash pop ← restore clean state On test success: git stash drop ← accept changes Every agent should do this. Most don't.
- LLM Provider Flakiness Building on a single LLM provider is a reliability liability. Rate limits, daily quotas, API errors — any of these kill your agent mid-task. A cascade works better: Provider 1 → rate limited → Provider 2 → daily limit → Provider 3 → ... But here's the detail that matters: distinguish between temporary rate limits (wait 30s, retry) and daily exhausted quotas (skip this provider entirely for the rest of the session). Treating them the same wastes time.
The Benchmark Problem
Current benchmarks for coding agents measure "did the final output work?" This misses everything important:
How many attempts did it take?
How much context was consumed?
Is the solution deterministic? Run it again — do you get the same code?
Would the generated tests catch a regression?
A benchmark score of "85% pass rate" can mean very different things:
Good: 85% on first attempt, structured repair for the rest, all tests have mutation coverage
Bad: 85% after 5 attempts, tests are trivial, different code on every run
The metric that matters most isn't pass rate. It's repair rate. Agents that pass 95% of tasks with 0.1 average repairs are more useful than agents that pass 95% with 2.3 average repairs — even though the headline number looks identical.
Determinism: The Missing Property
Here's what I'd argue is the most underrated property in coding agents: determinism.
Can you run the agent on the same task twice and get the same result?
For most agents: no. The LLM is non-deterministic by design (temperature > 0), the context might differ, the tool calls might vary.
Why does this matter?
Debugging: If the agent fails, you can't reproduce it. You can't understand why.
CI/CD: You can't put a non-deterministic agent in your pipeline. One run passes, next run fails.
Trust: Developers don't trust tools they can't predict.
One approach that works: record/replay. When an agent succeeds at a task, record the entire LLM interaction — inputs, outputs, reasoning. On subsequent runs, replay the recorded interaction instead of calling the LLM.
This gives you:
Zero LLM cost on repeated tasks
100% deterministic output
Auditable history ("what exactly did the agent do on March 3rd?")
The recorded trajectories also become training data — but that's a topic for another post.
What Good Architecture Looks Like
After all the failures and iterations, here's the architecture that actually produces reliable results:
┌─────────────────────────────────────────────────┐
│ Goal Parser │
│ Detect language, dependencies, workspace type │
└─────────────────────────┬───────────────────────┘
│
┌─────────────────────────▼───────────────────────┐
│ Workspace Oracle │
│ Scan project structure, find test commands │
└─────────────────────────┬───────────────────────┘
│
┌─────────────────────────▼───────────────────────┐
│ Scaffold Engine │
│ Prepare environment (venv, node_modules, etc.) │
└─────────────────────────┬───────────────────────┘
│
┌─────────────────────────▼───────────────────────┐
│ LLM Planning (Cascade) │
│ Generate structured command plan │
└─────────────────────────┬───────────────────────┘
│
┌─────────────────────────▼───────────────────────┐
│ Executor + Snapshot │
│ Run commands with git stash rollback protection │
└─────────────────────────┬───────────────────────┘
│
┌───────────┴───────────┐
│ │
✅ Tests pass ❌ Tests fail
│ │
Accept changes Classify failure
Drop snapshot │
Build repair prompt
│
Repair (max 3x)
│
Still failing?
│
Rollback + report
Each box is a separate concern. Each can fail independently. Each can be tested independently.
The Practical Takeaways
If you're building an agent or evaluating one:
Build:
Structured failure classification, not raw error forwarding
Mutation testing enforcement — not optional
Workspace-aware test discovery
Git snapshot rollback — always
Multi-provider LLM cascade with quota tracking
Measure:
Average repairs per successful task (target: < 0.3)
Rollback rate (target: < 10%)
Mutation score of generated tests (target: 100%)
Determinism: run same task 3 times, compare output
Avoid:
Single-provider LLM dependency
Agents that modify files without rollback protection
Benchmarks that only measure final pass/fail
Trust in demo videos
Where This Is Going
The agents that will win are not the ones with the most powerful underlying model. They're the ones with the most reliable execution layer. The model is a commodity — GPT-4, Claude, Llama, Qwen — they're all capable enough. The differentiator is everything around the model.
Reliability, determinism, auditability, rollback — these aren't glamorous engineering problems. They don't make for exciting demos. But they're what makes a tool that developers actually trust and use every day.
The benchmark will eventually catch up. Until then, run your agents on tasks that actually matter, measure actual repair rates, and throw out anything that can't recover from its own failures.
I've been writing about the details of building this kind of system as I go. If you're working on something similar or have thoughts on agent architecture, I'm genuinely interested — drop a comment.
Tags: ai rust programming devtools machinelearning
Cover image suggestion: A terminal showing test results — green passes, one red failure, then a repair, then green again.
