From Copy-Paste to Composition: Building Agents Like Real Software

We're building AI agents like it's 1978. Our "programs" are monolithic prompts. Our "shared libraries" are MCP tools that get copy-pasted into context windows. Our "architecture" is hoping the LLM figures it out.

This works when agents are demos. It breaks when you have 50 teams shipping agents that share tools, enforce compliance policies, and can't afford to let prompt injection trigger a wire transfer or expose HIPAA data.

This talk traces the path from today's fragile agent architectures to something that looks like actual software engineering, *without* inventing a new programming language. We'll cover:

• Why MCP's current design creates deep coupling between tool authors and agent builders, and introduce how "Encapsulated MCP" enables real abstraction and reuse
• Defeating the Lethal Trifecta through deterministic policies and dynamic taint-tracking that catch dangerous patterns before they execute
• Middleware enforcement at scale: an MCP proxy sidecar architecture that implements governance without changing how you build agents today

• Registries that tie it together: centralized policy storage, virtual tool definitions, and typed schemas for agent-to-agent communication

  You'll leave with patterns you can apply now, and a roadmap for what enterprise agent infrastructure needs to look like - before we learn these lessons the hard way.