CONCEPT Cited by 3 sources

Coding-agent sprawl¶

Coding-agent sprawl is the named problem class of an engineering organisation simultaneously running multiple parallel coding-agent tools (Cursor, Claude Code, Codex CLI, Gemini CLI, Windsurf, OpenCode, …) — each with its own model choices, API keys, cost centre, audit log, SSO surface, and MCP integrations.

Definition (from the 2026-04-17 Databricks post)¶

Databricks names the shape directly: "within Databricks, our software developers flexibly mix usage between Cursor, Codex, Claude Code, and others — often using multiple tools at the same time" and declares it a "business necessity", not a temporary anomaly. The architectural implication is that coding-agent polyglotism is permanent and infrastructure must be designed assuming N coding tools per developer for unbounded N.

Three sub-problems the post enumerates¶

Security risk — MCP tool surfaces, "most useful when they have access to critical data within your organization", accidentally make each new agent "the most privileged developer in your organization". Without centralised governance, each new tool is a separate security-review load and a separate data-access policy surface.
Cost explosion — "agent costs are becoming a top R&D cost driver". New frontier models ship weekly ("Opus 4.6, Composer 2, GPT-5.4, Kimi-2.5, Gemini 3 Pro" — notional future models listed in the post); budget guardrails per tool is an admin-tab-switching nightmare.
Visibility gap — "executives lack visibility into tool adoption". With every team on a different tool, central adoption / velocity measurement is impossible without cross- tool telemetry aggregation.

Why each tool on its own can't fix it¶

By construction: each coding tool is a competitor — Cursor won't ingest Anthropic's telemetry, Claude Code won't defer to Cursor's quota system, Codex won't use Gemini's identity plane. Governance has to live above the tools, not inside them. That's the structural case for the AI-gateway pattern being specialised for coding-agent clients (systems/unity-ai-gateway).

Parallel instance in other ingested posts¶

Cloudflare internal AI engineering stack (sources/2026-04-20-cloudflare-internal-ai-engineering-stack) — same problem class, different substrates. Cloudflare solved it by building a single proxy Worker in front of AI Gateway that all tools (OpenCode, Windsurf, Claude Code, internal agents, Code Reviewer) authenticate to via .well-known discovery. Key-per-client replaced by Zero-Trust Access JWT; per-user UUID tagging for anonymous cost attribution; opencode auth login bootstrap.

Both instances converge on the same three-pillar governance shape: centralised auth + single bill + unified observability. See concepts/centralized-ai-governance.

Why the problem is architecturally substantive¶

On the surface it looks like a procurement / vendor-management issue. Two properties make it structural:

Write access: coding tools don't just suggest; they edit source, open PRs, run CI, call MCP servers that read tickets
design docs + customer issues. The governance surface is non-trivially end-to-end.
Rate of change: coding tools + underlying models evolve in weeks, not years. Any governance architecture that bolts onto specific tools is obsolete at tool-adoption speed. The gateway pattern is durable because it abstracts over the tool axis.

Generalisation to org-wide agent sprawl (2026-05-20)¶

The 2026-05-20 Databricks four-pillars post (sources/2026-05-20-databricks-governing-ai-agents-at-scale-with-unity-catalog) generalises the failure mode beyond developers:

"A year ago, your organization had a dozen AI agents. Today, there are thousands. Every developer has a coding agent that writes, reviews, and ships code alongside them. Your analytics team built forecasting agents. Sales operations deployed lead scoring. The Support organization automated ticket routing. Marketing launched personalization. Finance built reconciliation workflows."

Coding-agent sprawl is now one instance of a broader agent sprawl that spans every department. The structural sub-problems (multiple identity stores, multiple credential surfaces, no single audit log, no portable telemetry) replicate one-for-one across departments, and the architectural answer (central-proxy choke point + four-pillar governance) generalises the same way. The 2026-05-20 framing adds a third risk dimension to the binary "ungoverned vs locked-down" framing: talent flight from over-locked-down environments — "developers and users are frustrated. Some have left for companies where they can actually use AI tools."

Seen in¶

sources/2026-05-20-databricks-governing-ai-agents-at-scale-with-unity-catalog — generalises coding-agent sprawl to org-wide agent sprawl across dev / analytics / sales-ops / support / marketing / finance, while keeping the structural shape and the same architectural answer (UC + Unity AI Gateway).
sources/2026-04-17-databricks-governing-coding-agent-sprawl-with-unity-ai-gateway — coined the term, names the three sub-problems, proposes Unity AI Gateway as the answer.
sources/2026-04-20-cloudflare-internal-ai-engineering-stack — doesn't use the term but documents the same shape with different substrates (OpenCode / Windsurf / Claude Code / many internal agents fronted by one Hono Worker + AI Gateway).

concepts/centralized-ai-governance — the three-pillar governance answer.
concepts/four-pillars-of-agent-governance — the four-pillar generalised-scope answer.
concepts/governed-agent-data-access — the access + audit framing.
patterns/ai-gateway-provider-abstraction — the underlying pattern being specialised.
patterns/central-proxy-choke-point — architectural posture.
patterns/three-layer-agent-control — runtime control composition.
systems/unity-ai-gateway — Databricks instance.
concepts/byok-bring-your-own-key — secrets posture that pairs with gateway-as-choke-point.