75% of AI coding models introduce regressions when maintaining codebases over time (SWE-CI, arxiv 2603.03823). Not on one-shot fixes — those work. On sustained maintenance across 71 consecutive commits per task.
And it gets worse: developers using AI coding assistants score 17% lower on conceptual understanding, code reading, and debugging assessments (Anthropic, arxiv 2601.20245).
Meanwhile, giving agents more freedom with tools outperforms pre-programmed pipelines by 10.7% (Tsinghua, arxiv 2603.01853). The solution is not less autonomy. It is better enforcement around autonomous agents.
The Root Cause: Prose Enforcement Fails Under Pressure
Every AI team writes rules in markdown files. "Never modify production config." "Always run tests before committing."
These are suggestions, not enforcement. When the context window fills up — and it always does — the model drops these rules first. The agent does not intentionally violate them; it simply forgets they exist.
The Enforcement Ladder: L1 Through L5
The fix is a hierarchy. Each level compounds on the one below:
L1 — Conversation. "Hey, don't do that." Works once. Forgotten by the next session.
L2 — Prose documentation. CLAUDE.md rules, README instructions. Better than conversation. Still dropped under context pressure.
L3 — Templates. Code templates, CI/CD configs, project scaffolds. The right pattern is the easy path.
L4 — Tests. Automated test suites that catch violations at commit time. The agent cannot merge if the test fails.
L5 — Hooks. Pre-commit hooks, pre-tool-use hooks, runtime guards. The action is physically prevented before it happens. Zero awareness required.
The principle: every lesson must be encoded where enforcement requires zero awareness.
How It Works in Practice
A rule like "never write to the production database" starts at L2 (documented). The first violation gets caught in code review. The second time, it gets promoted to L4 (a test). The third time — there is no third time, because it is now an L5 hook that blocks the commit.
We shipped 240+ specs autonomously with this approach. 960+ commits across multiple repos. 3,700+ violations tracked, diagnosed, and encoded. The enforcement ladder does not slow agents down — it makes their autonomy safe.
What This Means for Your Team
If you are using AI coding agents today, ask yourself:
- How many of your rules are L2 prose? (Most are.)
- How many violations have you tracked? (Probably zero.)
- What happens when your agent fills its context window? (Your rules disappear.)
The fix is not more prompts. It is structural enforcement at L4-L5 for your most critical rules.
Free codebase governance audit: walseth.ai — scan any public GitHub repo in 30 seconds.
Citations:
- SWE-CI: arxiv.org/abs/2603.03823
- Anthropic skill erosion: arxiv.org/abs/2601.20245
- Tsinghua autonomous search: arxiv.org/abs/2603.01853
Top comments (0)