Fitra Kacamarga
← Blog

Agentic Engineering: The New Era of Engineers Building Software Factories

Agentic engineering is building the system that builds — safely, repeatedly, and cache-stably.

aiagentsengineeringsoftware

One engineer spends $2,000/month on AI tokens. The result is useful, but inconsistent. Sometimes the code works. Sometimes it does not. Sometimes bugs are caught. Sometimes new ones appear. The engineer feels productive, but cannot prove it.

Another engineer spends the same amount. The result is different: pipelines that run by themselves, code that is automatically tested, and more time to think about the next architecture, the next product, or the next problem that has not been touched yet.

What separates them? Not the model — both use Claude. Not the token budget — both spend the same. Not raw talent — both are experienced engineers.

The difference is whether they are building a system around AI, or merely chatting with it.

The Problem: Everyone Has AI, But Not Everyone Has Leverage

In 2026, every engineer can access powerful models. Claude, GPT, Gemini, DeepSeek — the frontier keeps moving, context windows keep growing, tool integrations keep improving, and coding agents keep getting better.

But something interesting happens when capability becomes widely available: the gap between engineers who “use AI” and engineers who truly leverage AI gets wider, not smaller.

Access to the same model does not create the same outcome. Two engineers can sit in front of the same coding agent with the same token budget and walk away with completely different results.

It is not about who prompts more. More prompting without a system creates more noise.

It is not about who spends more. Tokens burned without a harness just become a larger API bill.

The real difference is this:

Who is building the system around AI, and who is treating AI as a smarter chatbot?

IndyDevDan calls this agentic engineering. I think the term is useful because it names a real shift: engineering is moving from “use an AI tool” to “design the environment where AI agents can produce reliable work.”

Agentic engineering is building the system that builds — safely, repeatedly, and cache-stably.

It is not about using AI more. It is about building the infrastructure that lets AI work consistently in production.

The Five Pillars of Agentic Engineering

1. Own the Harness — Whoever Controls the System Controls the Result

Claude Code, Codex, Cursor, OpenCode, and similar tools are powerful. But they are the floor, not the ceiling. They provide a strong baseline, but the real advantage appears when engineers begin to own the harness.

The model is the engine. The harness is the production system.

A harness is the infrastructure around the model that defines how the model works, when it may act, what must be checked before it acts, and how its results are audited and verified.

Concretely, a harness includes:

  • Tool access and permission boundaries — which tools are available, and what are their limits?
  • Verification gates before high-impact actions — before an agent performs something difficult to undo, what checker validates that the action is safe and aligned with the spec?
  • Loop detection — if an agent repeats the same action without progress, what stops it?
  • Event traces for audit and debugging — every action, decision, and output should be reviewable.
  • Reasoning budgets — how much thinking, cost, and latency should a task be allowed to consume?
  • Compaction strategy — when context gets long, how do we summarize without losing tool history, errors, and safe next actions?
  • Subagent handoff — if one task needs a large model for planning and a smaller model for execution, how does the handoff happen without breaking context or cache?

Without a harness, AI is a chatbot with coding ability. Helpful, but not production-trustworthy. There is no reliable guarantee that the output is consistent, safe, or correct.

With a harness, AI becomes part of a production system. Its outputs are verified. Its actions are controlled. Its cost is measurable. And when something goes wrong, we can trace it, debug it, and improve the system.

A good harness does not make agents weaker. It gives agents a safer, clearer, and more powerful workspace. Agents move faster when boundaries are explicit.

This is why “plan mode” in coding agents is such an important design pattern. Instead of changing the tool set when an agent enters planning mode — which can break prompt caching — the mode can be represented as a tool or event, such as EnterPlanMode and ExitPlanMode. The available tool schema stays stable, while the policy changes through messages or events.

This leads to a key design rule:

Policy changes belong in messages and events, not in tool schema changes.

2. Build Software Factories, Not One-Off Features

The old workflow is simple: ask AI to build a feature, review the result, deploy it, then repeat. Every feature starts from scratch. Every time, the engineer explains the context, gives the requirements, and checks whether the output is acceptable.

That helps, but it does not scale.

The agentic workflow is different: build a factory that produces features consistently.

A software factory is a repeatable production system made of agents, prompts, workflows, scripts, tests, reviewers, and automation. A feature no longer starts from zero. It moves through a known pipeline with known quality gates.

The core of a software factory is reproducibility.

If a workflow produces a good feature once, the workflow should be repeatable, auditable, improvable, and reusable. Prompts stop being disposable instructions. They become part of the production system.

A useful factory can:

  1. read the requirement,
  2. extract business context and technical constraints,
  3. produce a technical plan,
  4. critique the plan,
  5. split the work into tasks,
  6. implement changes,
  7. run tests,
  8. perform self-review,
  9. generate a changelog,
  10. prepare a pull request with evidence.

With a factory like this, the engineer is no longer the bottleneck for every small step. The engineer’s role moves up one level: design the process, set quality standards, and make sure every output passes the right validation.

This is also where reusable assets matter. When a workflow repeatedly works, it should become a skill, a playbook, a subagent, or an automation. The loop is: find repeated work, evaluate whether it deserves to become an asset, then package it in the smallest useful form.

If every feature still starts from zero, we do not have a software factory. We only have an agent helping manual work. Manual work with AI assistance is still manual work.

3. Build Extensible Software — Open for Extension, Closed for Modification

Agentic engineering lives in a world that changes fast. Models change every month, sometimes every week. Tool ecosystems shift. Today’s best prompt may not be tomorrow’s best prompt. APIs move. Runtime patterns evolve.

In this environment, software that cannot be extended falls behind.

A codebase full of cascading conditionals, tight coupling, implicit behavior, and poor documentation makes agents slow and error-prone. Every change becomes risky because the agent cannot clearly see the boundaries. Every new feature becomes expensive because the system must be modified instead of extended.

The old principle “open for extension, closed for modification” becomes even more important in the age of agents. It is not only an architecture best practice. It is a survival strategy.

Agent-friendly software should be:

  • Composable — features can be assembled from existing components.
  • Pluggable — models, tools, and skills can be swapped without changing the core.
  • Observable — actions and decisions can be traced.
  • Testable — components can be validated independently.
  • Explicit about contracts — interfaces are documented and stable.
  • Clear about boundaries — each module has a responsibility.
  • Stable at the interface level — existing APIs do not change without a migration path.
  • Easy to roll back — failures do not become irreversible drama.

The clearer the boundaries, contracts, and tests, the less likely an agent is to make wild changes. Agents work best when the codebase gives them rails.

Extensible software is easier for humans to maintain. It is also easier for agents to understand, modify, and verify.

In the age of agents, extensibility is not just an architecture principle. Extensibility is a safety feature.

4. Always-On Agents — But With Token Economics

It is easy to imagine the future as always-on agents: agents coding while we sleep, monitoring production issues, reading logs, writing reports, fixing bugs, or running research workflows continuously.

That vision is real. But it has a trap.

An always-on agent without clear economics is just a money-burning machine.

Healthy token economics has three levels:

Level 1: Spend tokens. Start using agents more. Do not be afraid to spend — but only if the next two levels are also true.

Level 2: Make tokens useful. Tokens must produce real work: bugs fixed, PRs merged, reports used, insights discovered, tests passed.

Level 3: Capture value. Agent output must produce measurable value: time saved, revenue gained, risk reduced, quality improved, onboarding accelerated, or research progress made.

Tokens must become useful before they are allowed to scale.

A rising API bill is a productivity KPI only when outcomes rise with it. If token spend grows 3x but outcomes grow 1.5x, something is wrong. Usually the agent does not have a clear task, strong evaluator, adequate access, or proper stop condition.

Always-on agents need SLOs like production systems:

  • completed outcomes per day or week,
  • cost per accepted change,
  • cache hit rate,
  • high-risk actions blocked,
  • human time saved,
  • false positive rate from safety gates,
  • time-to-safe-completion.

Do not scale agents first. Prove the useful-token loop first. Before that, optimization means clarifying the task, improving access, strengthening evaluators, and defining stop conditions.

5. Give Agents Access — With Deterministic Safety Gates

An agent that cannot reach APIs, CLIs, dashboards, or databases will keep asking humans to do things that should be automatic. That is a token tax: we pay tokens for waiting instead of completion.

If an agent needs database status but has no database access, it asks a human. The human checks, replies, and the agent continues. One loop can take minutes. With safe direct access, it could take seconds.

But the answer is not “give agents everything.” Unlimited access to production databases, deployment pipelines, or customer data is dangerous.

The right principle is:

Least privilege for maximum useful autonomy.

Or even more practically:

Give agents reachable tools with deterministic safety gates.

Not everything. Not nothing.

Access should be routed by risk:

  • Read-only → allow — read files, query with SELECT, inspect logs, read documentation.
  • Write/reversible → verify — edit code, open PRs, update config, create drafts.
  • High-impact/ambiguous → escalate — merge to main, modify production data, change pricing, send external communication.
  • Destructive/irreversible → block — drop databases, delete production resources, revoke credentials, force-push to main.

With this routing, agents can move quickly on safe actions while risky actions require evidence, verification, or human approval. Audit trails record what happened. Verifier routes ensure mutations pass through the correct gate.

Agentic speed comes from access. Production trust comes from verification. We need both.

For systems like ClaimMind, this is critical. An LLM may propose a diagnosis, identify a likely coding error, or recommend a correction. But the final decision must come from deterministic verification.

Narrative can explain. Evidence must authorize.

Two Invariants for Production-Grade Agents

Across the work on harness design, prompt caching, benchmark results, and verifier-gated execution, two invariants keep showing up.

Invariant 1: Verification-Aware Control Flow

High-impact actions must be routed by evidence, not by the agent’s intent text.

This is not about saying AI cannot be trusted. It is about engineering discipline. An agent may propose anything. A proposal becomes an action only after the system verifies that:

  • the context is sufficient and current,
  • the action matches policy,
  • supporting evidence exists,
  • the risk level is classified correctly,
  • the route is appropriate: allow, verify, escalate, or block.

The LLM proposes. Deterministic verifiers dispose.

In an agent runtime, completion text should not be enough. An agent saying “I’m done” is only a signal. Completion should be accepted only after tests, evidence, validators, and typed decisions say it is safe.

Ralph reads signals. The verifier authorizes exit.

Invariant 2: Cache-Aware Execution Architecture

Runtime adaptation must preserve stable prefixes, stable tool contracts, and cache-safe forks.

The biggest lesson from Claude Code’s prompt caching architecture is this: prompt caching is not a minor optimization. It is architecture.

Long-running agents become economically feasible because prompt caching reduces latency and cost. But prompt caching is fragile. It works through prefix matching. Changes near the beginning of the request — system prompt, tool schema, tool order, project context — can invalidate the cache.

That means:

  • do not add or remove tools mid-session,
  • do not update the system prompt for small dynamic changes,
  • inject changing context through messages or reminders,
  • avoid switching models mid-session unless using subagent handoff,
  • make compaction cache-safe,
  • use stubs and deferred loading for tool search.

The design rule is simple:

Tool policy may change at runtime; the tool prefix must not.

This changes how we design safety gates. A risk gate should not enforce policy by changing the tool set. It should keep the tool contract stable and route runtime decisions through messages, events, wrappers, or typed decisions.

A risk gate must work. It must also avoid breaking the prefix.

Safe and stable. Not one or the other.

From Vibe Coding to Harness Engineering

Vibe coding captured the first phase of AI-assisted development: fast, exploratory, chaotic, and often useful. It is great for prototypes and idea exploration.

But production software cannot stop at vibes.

Once agent output touches serious codebases, customer workflows, regulated data, financial systems, or production infrastructure, we need stronger discipline:

  • clear requirements,
  • stable context,
  • tool boundaries,
  • verification gates,
  • test harnesses,
  • audit trails,
  • rollback paths,
  • human approval for risky decisions.

That is the shift from vibe coding to harness engineering.

Harness engineering does not weaken agents. It gives them a safer, clearer, and more powerful workspace.

Vibe coding increases exploration speed. Harness engineering increases production speed.

Agentic Engineering as a New Discipline

When we combine the five pillars and two invariants, agentic engineering becomes much more than prompting.

It includes:

  • harness design,
  • workflow orchestration,
  • software factory design,
  • prompt and context architecture,
  • tool contract design,
  • verification and approval gates,
  • cache-aware execution architecture,
  • evaluation and testing strategy,
  • observability,
  • memory and compaction design,
  • subagent orchestration,
  • token-to-value economics,
  • security and access control.

Agentic engineering sits at the intersection of software architecture, platform engineering, security, DevOps, and AI systems.

The engineers who win here are not necessarily the ones with the fanciest prompts. They are the ones who understand systems, tradeoffs, reliability, testing, architecture, and production risk.

Anyone can move faster with AI coding tools. But engineers who understand agentic engineering can build systems that make many agents move fast, safely, and consistently.

That is the real leverage.

Conclusion: Engineers as Designers of Agent Systems

Agentic engineering will become a core engineering skill.

Not because every engineer must become a prompt engineer, but because software engineering is shifting from writing every line of code manually to designing systems where agents can produce code, tests, reviews, documentation, and operations safely.

The engineers who stand out will become designers of agent systems. They will design harnesses, define contracts, grant the right access, build factories, install verifiers, measure token-to-value, and keep the system reliable in production.

Models will change. Tools will change. The ability to build systems where agents work safely, repeatedly, and measurably will remain a moat.

The future of software engineering is not humans being replaced by agents. The future is engineers building work systems where many agents can operate like a small coordinated organization.

Agent is leverage.

Harness is control.

Factory is scale.

Extensibility is durability.

Access is speed.

Verification is trust.

Cache stability is economics.

Token-to-value is proof.

That is agentic engineering.

Inspired by IndyDevDan’s “Top #1 Opportunity for Senior Engineers: Agentic Engineering,” Thariq’s “Lessons from Building Claude Code: Prompt Caching Is Everything,” and Vaibhav Srivastav’s Codex skillify prompt.