Our team has been using agentic tools daily for more than half a year now. Here's something that worked for us. 

The agent handles tests and boilerplate well. However, without rigorous constraints, it breaks things that were just fine before. On longer files it degrades noticeably, loses context and duplicates fragments. AI-Refactoring without proper test coverage ends predictably badly.

The key idea that we came to: don't ask the agent to write good code, set the quality standards. There's nothing to negotiate, discuss or prompt here. 

Better prompts and CLAUDE.md may help a bit, but not so much.

Make it impossible to ship the code that's not passing the bar. It should be no different from how you treat PRs from the teammates. Somehow 7000-line PR from a human causes panic, while many are more indulgent if it was authored by AI. Rules are here to stay, equal for everyone, regardless of the author.

We love machines for predictable behavior, and when something can be done more reliably with a deterministic algorithm in place - it should. So fail the build when the code doesn't meet target metrics. That keeps the project readable, maintainable and correct. Have a set of more sophisticated and detailed checks in the CI pipeline as well.

What made a difference for us:

- Thorough test suite: we use a plugin to enforce 80% coverage so the build fails if coverage drops, plus Playwright e2e tests on core scenarios when applicable. Subtle regressions have gone away.

- Code complexity metrics enforced: we use CheckStyle (every stack has equivalents) with hard limits: files max 150 lines, methods max 30 lines, cyclomatic complexity max 15, fan-out complexity max 20, and the like. 

The agent performs poorly on long and complicated source files, so you force it to keep things small. Any violation gives immediate feedback to the agent.

- Disciplined workflow: decompose into small prompts, review every change manually, commit the stable revision before moving to the next chunk.

- Dependency security: the agent often pulls outdated libraries with known security holes. Dependabot, container image scanning, and dependency-check plugins in the build pipeline catch this automatically.

- Cross-project analysis: while contract tests are a good practice, the agent can go further. For example, it holds multiple services, or backend + frontend interaction in its context, catching inconsistencies and issues that humans rarely spot in multiple repos. That's why git monorepo (or submodules) are also advised. 

- Regular audit: along with deterministic SAST, we use agents to perform deep analysis regularly and produce a report containing duplication, security, performance issues. 

The agent prefers to take the path of least resistance. Your job is to build a suite of checks whose signals can be trusted to ensure that the artifact quality is both necessary and sufficient.