Govern the Repository, Not the Agent: Measuring Ecosystem-Level Risk in AI-Native Software

📅 2026-06-26
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study addresses a critical gap in AI coding evaluation by shifting focus from individual agents to systemic risks emerging from multi-agent collaboration within shared codebases. Leveraging a dataset of over 930,000 AI-generated pull requests, the authors conduct the first large-scale empirical analysis—employing variance decomposition and multilevel control models—to demonstrate that risks in AI-native software predominantly stem from repository-level ecosystems rather than individual contributions. Their findings reveal that approximately 50% of integration friction is attributable to repository-specific factors. Moreover, the inter-repository concentration of AI-induced friction (ICC = 0.30) is nearly twice that of human contributions (ICC = 0.16), a disparity that remains statistically significant under multiple controls. These results underscore the necessity of reorienting governance and evaluation frameworks toward the repository level.
📝 Abstract
Autonomous coding agents now open and merge pull requests in shared repositories at scale, and the field evaluates them the way it has always evaluated components, one agent at a time, on isolated benchmark tasks. Yet agents that each pass their own tests still leave repositories that accumulate problems no single contribution accounts for. We ask whether this problem belongs to the individual agent or to the repository where it accumulates. We study integration friction, the cost of integrating a contribution into a codebase that other contributors are concurrently changing. Across more than 930,000 agent-authored pull requests, we measure how much of the variation in friction stays with the repository after the contribution, its author, its size, and its agent are accounted for. About half does, and it survives full controls. In the same repositories, agent-authored contributions concentrate this repository-level friction roughly twice as much as human ones (intraclass correlation 0.30 versus 0.16), a gap that holds after controlling for codebase size, age, task shape, process maturity, and merge path. The risk is a property of the ecosystem, not the agent. AI-native software is therefore better measured and governed at the ecosystem level than one agent at a time.
Problem

Research questions and friction points this paper is trying to address.

AI-native software
repository-level risk
integration friction
ecosystem governance
autonomous coding agents
Innovation

Methods, ideas, or system contributions that make the work stand out.

integration friction
AI-native software
ecosystem-level risk
autonomous coding agents
repository governance
🔎 Similar Papers
2024-08-14AGI - Artificial General Intelligence - Robotics - Safety & AlignmentCitations: 27