Coding Agent
Give your agents full-stack software development capabilities -- reading, writing, editing files, searching code, and executing commands -- all within a sandboxed project directory.
Overview
The coding agent feature provides 10 coding tools and 23 git tools (33 total) that let agents work with code the way a developer would. Agents follow a structured methodology: gather context, take action, verify results.
Gather Context: List files to understand project structure, search for relevant code, read existing files.
Take Action: Edit existing files, create new files, run commands (with approval).
Verify Results: Run tests, check the build, review changes.
Available Tools
| Tool | Description |
|---|---|
| coding_file_read | Read file contents with line numbers. Supports reading specific line ranges. |
| coding_file_write | Create a new file or overwrite an existing one. Parent directories are created automatically. |
| coding_file_edit | Edit a file by replacing an exact string match. The old string must match exactly, including whitespace. |
| coding_search | Search file contents (grep-like) or find files by name (glob-like). Supports filtering by file extension. |
| coding_bash | Execute a shell command in the project directory. Requires human approval for every execution. |
| coding_list_files | List directory contents to understand project structure. Supports recursive listing. |
Every bash execution requires human-in-the-loop approval. The agent proposes a command, and you approve or reject it before it runs.
Security and Sandboxing
All coding operations run inside a sandbox that enforces safety boundaries.
Project Directory Isolation
Every file operation is confined to the project directory. Path traversal attempts are blocked. The agent cannot read or write files outside its workspace.
Blocked Paths
Sensitive paths are blocked by default: system directories, environment files (.env), and dependency folders (node_modules).
Bash Safety
Destructive commands are blocked:
| Blocked Pattern | Reason |
|---|---|
| Recursive forced deletion of root | Filesystem destruction |
| Insecure permission changes | Security risk |
| Piping curl to shell | Remote code execution |
| Fork bombs | Resource exhaustion |
| System shutdown/reboot | System control |
Network access from bash is disabled by default. When enabled, only whitelisted hosts are accessible.
File Size Limits
File read and write operations are limited to 1MB by default to prevent resource exhaustion.
Audit Trail
Every operation is logged with timestamp, tool name, action, path or command, and whether it was allowed or blocked. The full audit log is available for compliance review.
Works with Any Model
The coding tools work with every LLM provider supported by MeetLoyd:
- Anthropic -- Claude Opus, Sonnet, Haiku
- OpenAI -- GPT-4.1, o1, o3
- Google -- Gemini 2.5
- Self-hosted -- vLLM (DeepSeek, Qwen, GLM)
The tools plug into the existing agent execution loop -- no special model or SDK required.
Best Practices
Always read a file before modifying it. This ensures the agent understands context and gets the exact string to replace.
Make one logical change at a time. Large, multi-file changes are harder to verify and more likely to introduce errors.
Run tests and check the build after each modification. Catching issues early prevents cascading problems.
The agent follows the codebase's existing conventions for naming, structure, and style. Do not fight the codebase.
Leverage git for safety. git diff shows what changed, git stash provides a safety net, and git status gives a clear picture of the current state.
Next: Learn about Human-in-the-Loop controls for governing agent actions.