By Sam Partee, Co-founder & Head of AI Research, Arcade.dev, based on his joint talk with Harrison Chase (LangChain) at the Coding Agents: AI Driven Dev Conference — March 3, 2026
Coding agents are the foundation for every agent you’ll ever build. The patterns for doing real work in the real world — persistent state, tool access, iteration — coding agents already figured this out. As we make them better, everything else gets better too.
What a Coding Agent Actually Is
A coding agent has a file system, a persistent workspace, tools it can invoke, and the ability to iterate. Those aren’t just features for writing code. They’re the primitives for any agent doing complex work. Swap out the compiler for a CRM and you’ve got a sales agent. The architecture is the same.
The Workspace Pattern
Most people building agents try to keep everything in the context window. Coding agents figured out early that this doesn’t scale. Instead, they write things to files, read them back when needed, and maintain a persistent workspace.
It lets agents handle tasks that take hours or days, not just seconds. Everything the agent does is persisted and reviewable. That’s your auditability layer, and it is a hard requirement for production. It’s also just economical. You’re trading cheap storage for expensive inference. Why keep everything in context when you can write it to a file?
The Auth Problem
Coding agents work inside a sandbox — that’s their trust boundary. But when an agent needs to send an email, modify a CRM record, or query a production database, you need a different kind of trust boundary entirely. This is the agent authorization problem — and it’s the first thing that breaks when you move from demo to production.
Auth for agents is fundamentally different from auth for humans. Human auth is interactive. Agent auth needs to handle OAuth flows, token management, scoped permissions, and auditability. Programmatically, at scale. Static API keys don’t cut it.They’re over-privileged, not user-specific, and not auditable. What you actually need are dynamic, scoped, user-specific tokens that represent a given user’s authorization in a given context. At a thousand users each running their own agent, this isn’t optional infrastructure. It’s the infrastructure.
Two Patterns Are Emerging
Two patterns are showing up everywhere in production.
The agent-as-employee: an agent with its own identity, its own permissions, its own role. It shows up in your systems as a first-class participant — a sales rep, a support agent, a data analyst.
The agent-as-assistant: the agent works on behalf of a specific user, using that user’s permissions. It’s an extension of a person, not its own entity.
Both will coexist. Your auth infrastructure needs to handle both or it handles neither.
Deep Work Agents
The pattern I’m most excited about is the deep work agent — one that grinds on complex, multi-step tasks over hours or days. You hand it requirements, it works, it checks in when it needs input, and it returns results.
This is where coding agent patterns generalize most clearly. Deep work agents need a workspace, persistence, tool access, and the ability to iterate — just with different tools. Instead of a compiler and a file system, they might have a CRM and a messaging platform. Context management works the same way too: save earlier messages to the workspace, continue with a fresh context window.
The Production Stack
Running agents in production requires a real stack. You need an agent runtime that manages execution, state, interrupts, authorized access to external systems, and governance. You need a discovery protocol, and MCP has emerged as the standard here, though production use still requires a runtime layer for auth and governance. You need full observability — every step traced. And if you’re selling to enterprises, you need on-prem, VPC, and compliance-ready deployment.
Building an impressive demo is easy. Getting to production requires all of this. That delta is where most teams stall out.
Safety Is Layered Defense
How do you keep an agent from going off the rails? The same way you make coding agents trustworthy — layers. Scoped permissions limit what the agent can touch. Authorization makes sure those tools only do what the user is allowed to do. Human-in-the-loop gates the high-consequence stuff. Observability lets you see everything. And the workspace? That’s your audit trail. No magic. Just layers.
Agentic Going Mainstream for Everything
The hard architectural problems have largely been solved by coding agents. The workspace pattern, context management, tool orchestration, iterative execution — these generalize. What remains is building the production-ready runtime infrastructure on top: authorization, identity management, auditability, observability, deployment.
Agents doing the work of entire teams — sales, ops, data analysis — built on the same architecture as today’s coding agents. That’s not a distant future. The patterns are already here. What remains is the enterprise layer: authorization, identity, auditability, deployment. That’s exactly what we’re building at Arcade.dev.