Constraining coding agents through simple, language-level restrictions is more effective and cheaper than complex oversight frameworks—the same techniques that manage human engineering teams work better for AI agents.
This paper shows that applying traditional software engineering practices—access control, network policies, and coding conventions—to AI coding agents makes them safer and easier to oversee than using complex scaffolding.