LLMOps Database
Media & Entertainment
Spotify
Company
Spotify
Title
Background Coding Agents with Strong Feedback Loops for Large-Scale Code Transformations
Industry
Media & Entertainment
Link
https://engineering.atspotify.com/2025/12/feedback-loops-background-coding-agents-part-3
Year
2025
Summary (short)
Spotify deployed background coding agents across thousands of software components to automate large-scale code transformations and maintenance tasks, addressing the challenge of ensuring correctness and reliability when agents operate without direct human supervision. The solution centered on implementing strong verification loops consisting of deterministic verifiers (for syntax, building, and testing) and an LLM-as-a-judge component to prevent scope creep. The system successfully generated over 1,500 merged pull requests, with the judge component catching roughly a quarter of problematic changes and enabling course correction in half of those cases, demonstrating that verification loops are essential for predictable agent behavior at scale.
Tags
code_generation
poc
prompt_engineering
agent_based
human_in_the_loop
error_handling
system_prompts
evals
kubernetes
docker
cicd
continuous_integration
continuous_deployment
devops
orchestration
security
guardrails
reliability
anthropic
## Overview and Context Spotify's case study represents a sophisticated exploration of autonomous LLM-powered coding agents operating at significant scale in a production engineering environment. This is the third installment in their series documenting their journey with background coding agents for large-scale software maintenance, building on their Fleet Management system. The use case centers on a specific operational challenge: performing automated code transformations across thousands of distinct software components without direct human supervision while maintaining high reliability and correctness standards. The motivation stems from a practical need in large organizations—executing repetitive code migrations and maintenance tasks across vast codebases becomes increasingly expensive when performed manually. Spotify's approach demonstrates mature thinking about production LLM systems, recognizing that agent autonomy creates unique failure modes that require architectural solutions rather than simply better prompts. ## Problem Definition and Failure Modes Spotify identifies three distinct failure modes when running agentic code changes across thousands of software components, each with different severity levels. The first failure mode involves the agent failing to produce a pull request entirely, which they classify as a minor annoyance with acceptable failure rates since manual fallback remains viable. The second failure mode proves more problematic: agents producing PRs that fail continuous integration checks, creating friction for engineers who must decide whether to fix partially-broken code or abandon the change. The third and most serious failure mode involves PRs that pass CI but contain functional incorrectness—this directly erodes trust in automation and becomes particularly dangerous at scale where thorough review of thousands of changes becomes impractical. These failure modes can occur for several reasons: insufficient test coverage in target components, agents making creative decisions that extend beyond prompt scope, or agents struggling to properly execute builds and tests. Spotify recognizes that the second and third failure modes represent significant time sinks, as reviewing nonsensical PRs consumes expensive engineering resources. This analysis demonstrates a mature understanding of the operational realities of autonomous agents in production environments, moving beyond simple success/failure metrics to understand the cost and trust implications of different error types. ## Core Solution: Verification Loops The architectural centerpiece of Spotify's solution involves implementing strong verification loops that provide incremental feedback to guide agents toward correct results. A key design principle establishes that agents don't understand what verification does or how it works—they only know they can (and sometimes must) call verification functions. This abstraction proves crucial for managing complexity and context window constraints. The verification infrastructure consists of multiple independent verifiers that activate automatically based on software component characteristics. For example, a Maven verifier activates upon detecting a pom.xml file in the codebase root. These verifiers remain hidden from the agent interface level; instead, they're exposed through the Model Context Protocol (MCP) as abstract tool definitions. This architectural decision provides two significant benefits: it enables incremental feedback that guides agents toward correct solutions, and it abstracts away noise and decision-making that would otherwise consume precious context window space. The verifiers handle tedious but impactful tasks like parsing complex test output and extracting relevant error messages. Spotify notes that many verifiers employ regular expressions to extract only the most relevant error information on failure while returning concise success messages otherwise. This output filtering proves essential for maintaining manageable context sizes while still providing actionable feedback to the LLM. The verification loop can be triggered as a tool call during agent operation, but critically, the system also runs all relevant verifiers automatically before attempting to open a PR. In their implementation with Claude Code, this uses a "stop hook" mechanism—if any verifier fails, the PR isn't opened and users receive an error message instead. This design ensures that only code that formats correctly, builds successfully, and passes tests can progress to the PR stage. ## LLM-as-a-Judge Component Beyond deterministic verifiers for syntax, building, and testing, Spotify implemented an additional protection layer: an LLM acting as a judge to evaluate proposed changes. This proved necessary because some agents exhibited overly "ambitious" behavior, attempting to solve problems outside their prompt scope—refactoring code unnecessarily or disabling flaky tests without authorization. The judge implementation follows a straightforward design: it receives the diff of the proposed change along with the original prompt and sends both to an LLM for evaluation. The judge integrates into the standard verification loop and executes after all other verifiers complete successfully. Spotify provides their judge system prompt in the article, demonstrating transparency about their approach. Regarding effectiveness, Spotify candidly admits they haven't yet invested in formal evaluations (evals) for their judge component. However, internal metrics from thousands of agent sessions reveal that the judge vetoes approximately 25% of proposed changes. When vetoes occur, agents successfully course-correct about half the time. Empirical observations indicate the most common trigger involves agents straying beyond instruction scope outlined in prompts. This represents a pragmatic approach to LLMOps—deploying a component that provides measurable value even without rigorous evaluation infrastructure, while acknowledging the limitation and planning for future improvement. ## Agent Architecture and Security Spotify's background coding agent follows a deliberately constrained design philosophy: the agent executes one focused task—taking a prompt and performing a code change to the best of its ability. The agent operates with strictly limited access, seeing only the relevant codebase, using tools to edit files, and executing verifiers as tools. Complex tasks like pushing code, interacting with users on Slack, and authoring prompts are all managed by surrounding infrastructure external to the agent itself. This constraint represents an intentional architectural choice. Spotify believes that reduced agent flexibility makes behavior more predictable—a critical property for autonomous systems operating at scale. The architecture also yields secondary security benefits: agents run in containers with limited permissions, minimal binary access, and virtually no access to surrounding systems, creating highly sandboxed execution environments. This security-conscious approach demonstrates mature thinking about production LLM deployments, recognizing that powerful autonomous agents require strong isolation to mitigate risks. ## Production Scale and Results While Spotify doesn't provide exhaustive quantitative metrics, they reference generating over 1,500 merged pull requests through this system (mentioned in the series subtitle). The judge component's 25% veto rate across thousands of sessions, with 50% successful course correction, suggests the verification loop architecture provides substantial value in practice. However, it's important to note that Spotify positions this as ongoing work rather than a completely solved problem—they explicitly state their work with background coding agents is "far from over." ## Critical Assessment and Limitations The case study demonstrates several strengths in transparency and architectural thinking. Spotify openly acknowledges limitations, such as the lack of formal evaluations for their judge component, rather than claiming unqualified success. They provide concrete implementation details including example code and system prompts, enabling others to learn from and replicate their approach. The identification of specific failure modes with different cost implications shows sophisticated operational thinking beyond simple accuracy metrics. However, several aspects merit careful consideration. The absence of comprehensive quantitative metrics makes it difficult to assess true effectiveness—what percentage of PRs are functionally correct? How often do incorrect changes make it through all verification layers? What's the false positive rate of the judge? The 25% veto rate could indicate the judge is appropriately protective or that prompts need improvement; without baseline comparisons, interpretation remains ambiguous. The reliance on an LLM judge introduces interesting dependencies. Using one LLM to validate another LLM's output creates potential for correlated failures—if both models share similar blind spots or biases, the judge may fail to catch certain error categories. Spotify doesn't discuss what LLM powers their judge or whether they've experimented with using different models for the agent and judge to reduce correlation risk. The security and isolation discussion, while highlighting important architectural decisions, doesn't fully address all concerns. How does the system handle cases where necessary changes require access that conflicts with sandboxing constraints? What happens when agents need to interact with external services or APIs as part of legitimate code changes? ## Future Directions Spotify outlines three key areas for future investment. First, expanding verifier infrastructure to support broader hardware and operating systems—currently limited to Linux x86, they need macOS support for iOS applications and ARM64 for certain backend systems. Second, deeper integration with existing CI/CD pipelines by enabling agents to act on CI checks in GitHub pull requests, creating a complementary "outer loop" to the verifiers' "inner loop." Third, implementing more structured evaluations to systematically assess system prompt changes, experiment with agent architectures, and benchmark different LLM providers. These future directions reveal current system limitations while demonstrating commitment to systematic improvement. The emphasis on evaluation infrastructure particularly stands out as a mature LLMOps priority—recognizing that production LLM systems require rigorous measurement frameworks to evolve reliably. ## LLMOps Maturity and Lessons This case study represents relatively mature LLMOps practices in several dimensions. The architecture demonstrates clear separation of concerns with agents handling focused tasks while surrounding infrastructure manages complexity. The verification loop approach provides a reusable pattern for ensuring LLM output quality through incremental validation rather than relying solely on prompt engineering. The security-conscious design with sandboxing and limited permissions reflects awareness of risks associated with autonomous agents. However, gaps in evaluation infrastructure and quantitative metrics suggest room for maturity growth. The absence of A/B testing frameworks, systematic prompt optimization processes, or detailed performance monitoring indicates this remains an evolving system rather than a fully mature production platform. For organizations considering similar approaches, Spotify's experience suggests several key lessons. First, autonomous agents operating at scale require architectural solutions to reliability challenges—prompts alone prove insufficient. Second, abstraction layers that hide complexity from agents while providing clean interfaces help manage context window constraints. Third, multiple verification layers with different mechanisms (deterministic and LLM-based) provide defense in depth against various failure modes. Fourth, constraining agent capabilities and providing strong sandboxing reduces both unpredictability and security risks. Finally, being transparent about limitations and areas for improvement demonstrates the kind of honest assessment necessary for learning and improvement in this rapidly evolving field. The case study's value lies not in claiming perfect solutions but in documenting real architectural decisions, specific challenges, and ongoing limitations encountered when deploying LLM-powered agents at significant scale in production engineering environments. This transparency makes it particularly valuable for the broader community working on similar challenges.

Start deploying reproducible AI workflows today

Enterprise-grade MLOps platform trusted by thousands of companies in production.
Book a Demo
Use Open Source