Handbooks  /  Agentic Coding
AI Engineering~13 min readAll levels
Deep Dive

Agentic coding: the agent does the labor. You do the engineering.

Coding agents — Claude Code, Cursor, and their cousins — will happily read your repo, edit twelve files, run the tests and open the PR. The engineers getting 10× out of them and the engineers drowning in AI slop are using the same tools. The difference is technique. This is the technique.

01

From autocomplete to agents

Three eras in five years. Autocomplete (Copilot-classic): the model finishes your line — you were still the one driving every keystroke. Chat: you paste code into a box, the model suggests, you copy back. And now agents: the model works in your repo — reads files it decides to read, edits what needs editing, runs the build, reads the failure, fixes it, and reports back.

The unlock isn't a smarter model wearing a new UI. It's the loop: act → observe → correct, with real tools. An agent that can run your tests can check its own work — and that single capability changes what you can safely delegate.

→ The mental shift

Stop thinking "smart autocomplete." Start thinking "talented new teammate with zero context and infinite energy" — one who read the whole internet but has never seen your codebase, your conventions, or your production incidents. Everything in this handbook follows from that framing.

02

What a coding agent actually is

Strip the branding from any coding agent — CLI (Claude Code), IDE-native (Cursor), cloud-hosted — and you find the same three organs:

Every coding agent, anatomically
The loopPlan → tool call → observe result → next decision, until done or stopped. The agent loop, pointed at software.
The toolsRead/edit files, search the repo, run shell commands, execute tests — the hands. What's allowed here defines the blast radius.
The contextInstruction files, the files it chose to read, command output, your conversation — assembled fresh, every turn.

This anatomy explains the two universal failure modes. Agents fail when the context is wrong (didn't read the right files, missing conventions, stale assumptions) or when the loop runs unverified (no tests to check against, so errors compound silently). Nearly every technique below is a countermeasure to one or the other.

03

The instruction file: your highest-leverage artifact

Every serious agent reads a standing instruction file from your repo — CLAUDE.md, AGENTS.md, Cursor rules. This file is the project's memory across sessions, and writing it well is the single best investment in agentic coding.

What belongs in CLAUDE.md
CommandsExact build / test / lint / run invocations — including how to run one test, not just the suite.
ArchitectureThe 10-line map: where things live, what generates what, which files are auto-generated and must never be hand-edited.
ConventionsThe rules a senior reviewer would enforce: naming, error handling, "we use X not Y" — with the why when it's not obvious.
CorrectionsEvery time the agent gets something wrong twice, it becomes a line here. The file is a ratchet: mistakes get made once.

Two rules keep it working. Keep it lean — it's loaded into every session's context, so a bloated file taxes every turn (the attention budget again); push per-task detail into skills. And keep it true — a stale instruction file is worse than none, because the agent trusts it over the code.

04

The core workflow: plan, then verify small steps

The naive move is one giant prompt: "build the feature." The reliable move is the shape senior engineers already know:

The loop that ships
1 · Plan firstHave the agent explore and propose a plan before touching code. Reviewing a plan costs minutes; reviewing a wrong 15-file diff costs an afternoon.
2 · Small stepsOne coherent change at a time — a function, a route, a migration. Small diffs are reviewable diffs; reviewable is the whole game.
3 · Verify each stepTests, typecheck, actually running the thing. Give the agent the verification commands and make it use them — an agent that can self-check compounds correctness instead of errors.
4 · Course-correct earlyWrong direction at step 2 is a nudge; discovered at step 9 it's a restart. Interrupt freely — steering is cheap, unwinding isn't.
5 · Fresh context per taskLong sessions accumulate stale assumptions and dead ends (context rot). New task, new session, clean window.

Tests deserve special emphasis: they convert the agent's greatest weakness (confident wrongness) into a solved problem, because the loop can check itself against them. Test-first is agent-native development — write (or have it write) the failing test, then let it iterate until green.

05

Scaling up: skills, subagents, hooks

Past the basics, coding agents grow three extension points — all instances of patterns you've seen elsewhere on this site:

ExtensionWhat it doesThe underlying idea
SkillsPackaged procedures loaded on demand — deploy runbooks, review checklists, house workflows.Progressive disclosure: expertise outside the window, selected just-in-time.
SubagentsSpawn a worker with a clean context for a scoped job (research this bug, review this diff) that returns findings.The isolate operation — deep work in a lane, conclusions upward.
Hooks / gatesDeterministic scripts that fire on events: format on save, block commits without tests, require approval for deploys.Policy in code, not in hopes — the harness enforcing what prompts merely request.

The composition is the point: skills teach, subagents parallelize, hooks enforce. A well-tooled repo makes a mediocre prompt succeed; a bare repo makes a great prompt gamble.

06

The spectrum: vibe coding is a dial, not a sin

Vibe coding — accepting AI code without reading it — got a bad name from people doing it in production. But it's better understood as a review dial you set per artifact:

Set the dial by blast radius

Vibe freely

  • Prototypes, spikes, throwaway scripts
  • Internal tools with no users
  • Exploration: "show me three approaches"
  • Anything you'll delete by Friday

Review like it's radioactive

  • Auth, payments, permissions, crypto
  • Migrations and anything touching data
  • Public APIs and their contracts
  • Dependency and infra changes
→ The iron rule

You own what you merge. "The AI wrote it" has exactly the professional standing of "the intern wrote it" — none. The agent is a force multiplier on your labor, never a transfer of your accountability.

07

Sharp edges: security and team discipline

Agents that read the web and run commands have a threat model. Three edges cut most often. Prompt injection: a malicious webpage, package README or issue comment can steer an agent that reads it — treat all fetched content as untrusted, and gate what an agent can do after reading the internet. Secrets: agents read environments and echo what they read — keep credentials out of repos and logs, and out of the files agents routinely open. Dangerous commands: sandboxes, allowlists, and human approval on anything irreversible (deploys, migrations, force-pushes) — the same bounded-autonomy design as any production agent.

Team-level, two norms keep quality from silently eroding: PR review standards don't relax for AI-authored code (if anything, watch for plausible-but-wrong more, rubber-stamp less), and the instruction file is a maintained artifact — reviewed in PRs like code, because it programs every future session.

08

Where this sits in the stack

Agentic coding is the daily practice; the disciplines underneath it are the theory:

LayerQuestionGo deeper
Agentic codingHow do I work with a coding agent, day to day?You're here.
Agent skillsHow do I package expertise it loads on demand?The Skills handbook
Context engineeringWhat should it see each turn?The Context handbook
Loop engineeringHow do autonomous loops run and stop safely?The Loop handbook
Harness engineeringHow do I build these systems myself?The Harness roadmap
Frequently asked

Quick answers

What is agentic coding?

Developing with an AI agent that takes multi-step actions in your repo — reading, editing, running tests, iterating — while you direct, review and verify.

What is a CLAUDE.md / rules file?

Your repo's standing instructions, read at the start of every session: commands, architecture map, conventions, and accumulated corrections. The highest-leverage artifact in the practice.

Agentic vs vibe coding?

A review dial: vibe freely on throwaway code, review like a hawk on auth, payments, data and infra. You own what you merge, either way.

Biggest security risks?

Prompt injection via fetched content, secret exposure, and unreviewed dangerous commands — countered by sandboxes, allowlists, secret hygiene, and approval gates.

Agentic Coding · AI Engineering · Vibe Engines · 2026
Finished this one? 0 / 49 Handbooks done

Explore the topic

See this alongside everything else on the same subject — handbooks, system designs, challenges and tools, in one place.