AI Coding Agents Need Infrastructure — Not Just Better Models

The real bottleneck for AI coding agents in 2026 is not model quality. It is orchestrator infrastructure. Three independent signals this month converge on the same gap: a terminal multiplexer that crossed 8,100 GitHub stars in weeks, a nine-month-old security issue on OpenAI Codex that remains unresolved, and the growing production challenge of running multiple AI agents without losing visibility or control. Teams are deploying agents faster than the infrastructure to govern them exists. That gap is now a TPM problem, not just a developer inconvenience.
The number that matters
The number is 8,100. That is how many GitHub stars Herdr accumulated in weeks solving a problem no major AI lab has solved yet: running multiple AI coding agents side by side in terminal panes, tracking what each one is doing, and keeping the session alive when your laptop sleeps. Herdr is not a research project. It is a response to a market signal that the tooling does not exist in the products teams are already paying for.
Herdr lets users run Claude Code, Cursor Composer, OpenAI Codex, and Cline simultaneously, with visual state tracking and the ability to detach and reattach sessions. The creator, Oğulcan Elübüyük, shipped it in response to a pain he was living: three agents running at once, no way to track any of them. Eight thousand one hundred people have hit the same wall. That is the infrastructure gap made visible.
What the gap looks like in practice
The sensitive-file exclusion problem on Codex is the clearest example of the gap between agent capability and enterprise readiness. GitHub issue #2847 has been open since August 2025. Eighty-seven comments later, there is still no way to prevent Codex from reading sensitive files. Not a `.gitignore` problem, not an `AGENTS.md` problem. The model reads what it reads. `.env` files, `.pem` certificates, AWS credentials, SSH keys. One commenter confirmed through direct testing that there is no way to prevent Codex from uploading all files into OpenAI regardless of any configuration file.
The proposed fix, a `.agentignore` or `.codexignore` standard, has been echoed independently by Cline (`.clineignore`) and Cursor (`.cursorignore`). The demand is industry-wide. The fix has not shipped. That nine-month gap between a confirmed security risk and a product resolution is what infrastructure debt looks like when it accumulates inside a production tool.
The framework
The shift from single-agent to multi-agent workflows is happening in production, not just research labs. When every engineer on your team has two or three agents running simultaneously, the TPM becomes the implicit conflict-resolution layer. Three agents modify the same function. One agent has stale context and proposes a revert. Another is writing to a file the first agent already moved. Without a coordination layer, these are not developer problems. They become program-level incidents.
Three things you can do this week, scoped to the programs you already run:
1. Inventory which AI agents are running in your engineering org today. Most teams have agents running in monitoring or triage today without clear answers to the question. The answer is the visibility baseline. If you cannot enumerate the agents, you cannot govern them.
2. Audit the sensitive-file exclusion story for each agent. The Codex issue is the most-documented case, but it is not the only one. Cline and Cursor have analogous gaps. If your `.env` files can be read by the agent, that is a production program-level risk, not a developer inconvenience. Map the gap before you ship more agents, not after.
3. Treat agent coordination infrastructure as a first-class engineering workstream. The teams that build orchestrator infrastructure now will have a durable advantage over those that duct-tape agent outputs together. The work is not glamorous. It looks like a multiplexer, a coordination protocol, and a conflict resolution policy. The alternative is a steady accumulation of incident postmortems naming "agent coordination failure" as the root cause.
What this does not solve
I want to be specific about the limits, because the enthusiasm around multi-agent tooling is real and the gap between "a tool exists" and "your program is governed" is wide.
Orchestrator infrastructure does not solve the conflict-resolution problem at the code level. When two agents modify the same file, a multiplexer that tracks state helps with visibility, but it does not resolve the semantic conflict between two different changes to the same function. That still requires a human with context, or a much more sophisticated merge layer than anything available today.
Orchestrator infrastructure does not solve the security perimeter problem for enterprise data. Herdr and similar tools solve visibility and session management. They do not change what data the agents can reach. If your Codex instance can read your `.env` file, a multiplexer running on top of it does not close that access path. The security fix for sensitive file exclusion has to come from the agent itself, not from the layer above it.
Orchestrator infrastructure does not solve the evaluation problem. More agents generating more code means more code that has to be reviewed, tested, and validated. The velocity argument for multi-agent workflows only holds if your review and test pipeline can keep pace. For most teams, that pipeline is the actual bottleneck, and adding more agents to an already overloaded review process makes the problem worse before it makes it better.
The signal that matters most
The signal that matters most is not Herdr's GitHub stars. It is the fact that the sensitive-file exclusion issue on Codex has been open for nine months with no resolution, despite sustained community demand and an explicit security risk to enterprise customers. The gap between model shipped and infrastructure feature is a pattern, not an exception. OpenAI's rust-based Codex is iterating fast on the agent itself, releasing alpha versions through July 2026. The sensitive-file exclusion feature is not in any of them.
This is the infrastructure gap in its most concrete form. The model ships. The coordination tooling does not. For TPMs, that gap is a program planning constraint you have to name explicitly. Any AI-augmented engineering initiative that depends on a single agent today will depend on a coordination layer tomorrow. Build for that second phase now, or pay for it in incidents later.
The convergence with the Latent.Space autoresearch piece is the structural evidence: when agents can drive their own evaluation loops, the bottleneck moves from the model to the harness. The harness is the infrastructure. The same lesson applies to orchestrator coordination.
---
*Send me how your team handles agent coordination today — two sentences on what is working and what is still broken. DM me on LinkedIn (Doron Katz). I am collecting orchestrator patterns into a public playbook; five examples would let me ship the first version next month.*
Member discussion