The Static Structure Becomes the Agent Anchor
Zhihao Lin, Mingyi Zhou, Yizhuo Yang, and Li Li's June 2026 arXiv paper on CodeAnchor studies a practical defect in code agents: a repository may have stable structure while the agent's path through it remains stochastic. The governance lesson is that a final patch is not enough evidence. The navigation trace needs anchors.
Repository as Map
The paper, arXiv:2606.26979 [cs.SE], was submitted on June 25, 2026. arXiv lists the exact title as How Much Static Structure Do Code Agents Need? A Study of Deterministic Anchoring, by Zhihao Lin, Mingyi Zhou, Yizhuo Yang, and Li Li. The arXiv record says the 21-page paper was accepted to ISSTA 2026.
The paper's starting point is familiar to anyone who has watched an agent work in a repository. The agent searches, opens files, reads snippets, revises its hypothesis, and searches again. That loop is useful because text search is cheap, robust, and already fitted to how many code agents operate. But source code is not only text. It is also call graphs, inheritance, imports, configuration paths, data dependencies, and cross-file conventions.
When an agent treats the repository as a bag of lines, it can find the right words while missing the structural route from a symptom to the actual fix. Two runs on the same issue can take different paths, inspect different files, and fail differently. In governance terms, that means the agent's final answer is under-documented. The institution cannot easily tell whether a miss was a reproducible weakness, a bad first search, or a lucky branch that failed to recur.
The Paper
Lin and coauthors call the intervention CodeAnchor. The system runs lightweight static analysis offline, extracts structural relationships, and injects them back into the repository as compact plain-text comments. The paper's HTML version describes tags generated from PyCG call graphs plus AST extractors, with relationships such as callers, callees, inheritance, imports, data flow, and configuration usage.
The important design choice is passive injection. The agent does not need a new graph controller or a special query API. It keeps using a grep-first loop, but search results now include nearby structural breadcrumbs. The paper even discusses an optional Model Context Protocol-style call-graph tool tested in a small pilot, and reports low use: the agent usually stayed with ordinary grep. CodeAnchor's answer is to put the structure where the agent already looks.
Deterministic Anchoring
The phrase deterministic anchoring is doing real work. The agent remains probabilistic. The model can still choose a query, summarize a file, or decide what to inspect next in variable ways. But the repository's structural facts do not change across repeated runs on the same snapshot. Surfacing those facts turns hidden topology into stable context.
This matters because software-agent reliability is often measured at the end: did the patch pass, did the benchmark mark it correct, did the issue close. CodeAnchor asks for another layer of evidence: did the agent travel through the repository in a path that makes structural sense, and is that path reproducible enough to debug when it fails?
What CodeAnchor Adds
CodeAnchor is deliberately modest. It does not ask developers to replace their repository with a graph database. It does not require the model to learn a new action space. It inserts structured comments near functions, classes, and configuration entries so ordinary text retrieval can pull program topology into the agent's view.
The paper evaluates CodeAnchor on SWE-bench Lite and SWE-bench Verified using a Codex-style programmable code agent. It treats localization, trajectory behavior, and run-to-run stability as first-class metrics. That choice is the governance move. A code agent is not only a patch generator. It is a process that searches an evidence space, makes commitments, and leaves a trace.
What the Results Show
The reported results are concrete but bounded. Lightweight call and inheritance topology improves function-level localization by 2.2 percentage points on Func@5 and shortens trajectories by 1.6 interaction rounds. Tags raise link-following rates from 0.15-0.18 to 0.21-0.24, roughly halve run-to-run variance, and improve Pass@1 by 3.4 percentage points on medium-scale repositories. The cost is roughly 10 percent more input tokens; the paper's introduction reports 9.9 percent more input tokens on SWE-bench Lite.
The study also reports scale sensitivity. Dense tags can saturate or add too much noise. Hub-heavy projects can benefit from inverse-only links, the "who-calls-me" direction, without flooding the agent with forward edges. The practical recommendation is not "add every graph edge." It is: choose the amount and direction of static structure according to repository shape.
Governance Reading
This belongs beside Codex workflow reorganization, agent configuration supply chains, agent benchmark attack surfaces, agent traces, and runtime skill contracts. The shared problem is that agent work needs evidence from the middle of the run, not only the end state.
Static anchors also shift responsibility. If a team lets agents modify production repositories, the question is not only which model is allowed to write. It is what repository map the agent sees, how that map was generated, whether the map is stale, whether generated tags can be poisoned, and whether reviewers can reconstruct why the agent followed one structural path rather than another.
Limits
The paper is not a general proof that tagged repositories make all code agents safer. Its limitations section says the empirical validation uses one grep-first agent, Codex, and Python repositories. SWE-bench Lite and Verified mostly cover one- or two-hop faults, so deeper refactoring and multilingual codebase behavior remain future work. The authors also call their static analysis conservative and unsound: it can miss dynamic features such as reflection and monkey patching.
Those caveats are important for governance. An incomplete map can still be useful, but only if it is treated as a cue rather than a constitution. A stale or poisoned anchor can mislead an agent with more authority than an ordinary comment deserves.
Anchor Receipt
An anchor receipt for code-agent work should record the repository snapshot, tag generator version, static-analysis tools, languages covered, included edge types, omitted dynamic constructs, token overhead, agent version, search tools, prompt, task ID, benchmark or issue source, files opened, structural links followed, patch diff, tests run, failed paths, and reviewer decision.
The audit-grade sentence is not "the agent fixed the issue." It is: on this repository snapshot, with this structural map and this agent configuration, the run followed these anchors, ignored these alternatives, produced this patch, passed or failed these checks, and left enough trace for a maintainer to reproduce the route.
Sources
- Zhihao Lin, Mingyi Zhou, Yizhuo Yang, and Li Li, How Much Static Structure Do Code Agents Need? A Study of Deterministic Anchoring, arXiv:2606.26979 [cs.SE], submitted June 25, 2026.
- Primary arXiv versions checked: metadata API record, PDF, and experimental HTML, reviewed for title, authorship, submission date, ISSTA 2026 acceptance note, CodeAnchor method, static-analysis tag design, SWE-bench setup, reported metrics, MCP pilot note, repository link, and limitations.
- Project artifact linked from the paper: Code-Anchor repository, checked for reachability.
- Related pages: The Codex Agent Becomes the Workflow Reorganization, The Agent Config Becomes the Supply Chain, The Agent Benchmark Becomes the Attack Surface, The Agent Trace Becomes the Process Map, The Agent Skill Becomes the Runtime Contract, AI Evaluations, and AI Audit Trails.