A Deterministic Control Plane for LLM Coding Agents

πŸ“… 2026-06-25
πŸ“ˆ Citations: 0
✨ Influential: 0
πŸ“„ PDF
πŸ€– AI Summary
This work addresses critical challenges in configuration management for large language model (LLM)-based coding agents, including configuration reuse ambiguities, unclear permission boundaries, and inadequate versioning. To tackle these issues, the authors propose Rel(AI)Buildβ€”the first deterministic, tool-agnostic configuration governance framework specifically designed for LLM coding agents. Treating agent definitions as managed supply chains, Rel(AI)Build enforces configuration integrity through SHA-256 content addressing, HMAC-signed lockfiles, hash-chain audit logs, hierarchical access controls, and a state-machine-driven development workflow. The framework also supports multi-IDE target compilation. Empirical evaluation demonstrates that Rel(AI)Build effectively preserves configuration immutability under adversarial compliance tests, thereby validating its reliability and security guarantees.
πŸ“ Abstract
LLM coding harnesses grant agents broad file and shell access, yet the configuration layer that steers them -- rules files, agent definitions, IDE-specific markdown -- is largely unmanaged. A prevalence study of 10,008 public GitHub repositories (n=6,145 agent config files) finds that agent configurations propagate as undeclared shared components: 10.1% of tracked paths are SHA-256 exact duplicates across independent repositories (fork-adjusted, threshold-independent), with 75.5% of clone pairs crossing organisational boundaries. Two further patterns are indicative: configurations are rarely revised (58% single-commit; 0.4 vs 0.6 commits/month age-normalised against CI/CD workflows), and rarely declare permission boundaries (<1% of agent configs vs 33% of Actions workflows, n=31 true positives). We propose a deterministic control plane above the harness that maps one-to-one to these gaps. Rel(AI)Build treats agent definitions as a managed supply chain (SHA-256 content addressing, HMAC-stamped lockfiles, hash-chained audit logs); enforces tiered permissions and attack-derived blocklists before LLM invocation; gates feature work through a phase state machine with requirement-to-file-to-test traceability; compiles a single canonical definition to seven IDE targets; and detects prompt drift via Jaccard similarity. Conformance tests on injected violations confirm each mechanism enforces its stated invariant; developer outcomes remain future work. Governance of this layer must be deterministic and tool-agnostic -- not delegated to further LLM orchestration.
Problem

Research questions and friction points this paper is trying to address.

LLM coding agents
agent configuration
configuration management
permission boundaries
software supply chain
Innovation

Methods, ideas, or system contributions that make the work stand out.

deterministic control plane
LLM coding agents
content-addressed configuration
permission enforcement
prompt drift detection
πŸ”Ž Similar Papers
No similar papers found.