From Copy-Paste to Composition: Building Agents Like Real Software

This presentation explores the transition from current AI agent architectures to more structured software engineering principles. The focus is on achieving abstraction, encapsulation, and composition without creating new programming languages.

• Current Architectures:
  • AI agents today utilize monolithic prompts and rely heavily on copy-pasting tool descriptions.
  • This leads to deep coupling between tool authors and agent developers.
• Challenges:
  • Managing compliance, especially to prevent data breaches through prompt injection and other vulnerabilities.
  • Lack of interfaces and encapsulation akin to programming practices from 1975.
• Proposed Solutions:
  • "Encapsulated MCP" for real abstraction and reuse of tools.
  • Using deterministic policies and dynamic taint-tracking to prevent execution of dangerous patterns.
  • MCP proxy sidecar architecture proposed for enforcing policies without changing current building practices.
  • Virtual tools and deterministic policy applications to enhance security without extensive rewrites.
• Abstract Concepts:
  • Encapsulation involves hiding complexity and exposing only required functions.
  • Composition allows combining functions to create new functionalities.
• Agent Infrastructure Goals:
  • Create central policy storage and registries for virtual tool definitions and communication schemas.
  • Develop middleware solutions that enable governance in large enterprises.

This presentation equates modern AI agent development to outdated software development practices and emphasizes the need for improved methodologies inspired by contemporary software engineering insights.

This is the end of the AI-generated content.

We're building AI agents like it's 1978. Our "programs" are monolithic prompts. Our "shared libraries" are MCP tools that get copy-pasted into context windows. Our "architecture" is hoping the LLM figures it out.

This works when agents are demos. It breaks when you have 50 teams shipping agents that share tools, enforce compliance policies, and can't afford to let prompt injection trigger a wire transfer or expose HIPAA data.

This talk traces the path from today's fragile agent architectures to something that looks like actual software engineering, *without* inventing a new programming language. We'll cover:

• Why MCP's current design creates deep coupling between tool authors and agent builders, and introduce how "Encapsulated MCP" enables real abstraction and reuse
• Defeating the Lethal Trifecta through deterministic policies and dynamic taint-tracking that catch dangerous patterns before they execute
• Middleware enforcement at scale: an MCP proxy sidecar architecture that implements governance without changing how you build agents today

• Registries that tie it together: centralized policy storage, virtual tool definitions, and typed schemas for agent-to-agent communication

  You'll leave with patterns you can apply now, and a roadmap for what enterprise agent infrastructure needs to look like - before we learn these lessons the hard way.