Agentic coding in design systems: are your controls keeping up?

TL;DR: Well-specified workflows can produce workable PRs only after explicit skills, MCP-backed context, and human ticket qualification are added, while cold-start agents guessed conventions and created downstream rework, according to 1Password. The real issue is that agent identity control depends on scoped context and short-lived access, not just better code generation.

NHIMG editorial — based on content published by 1Password: agentic coding in design systems and what the team learned

Questions worth separating out

Q: How should teams govern agentic coding in structured engineering workflows?

A: Start by constraining the workflow, not by trusting the model.

Q: Why do design systems expose identity control gaps for agents?

A: Design systems expose control gaps because they depend on tacit conventions that experienced humans usually carry in their heads.

Q: What breaks when agent credentials are left standing too long?

A: Standing agent credentials turn a bounded workflow into a persistent access path.

Practitioner guidance

• Encode repeated workflows as executable agent skills Write narrow skills for each atomic contributor workflow, such as scaffolding a component, defining tokens, or opening a merge request.
• Bind agent access to short-lived, scoped credentials Issue credentials that expire with the task window and are limited to the exact repository, token registry, or component context the agent needs.
• Require human ticket qualification before execution Keep the approval step with a developer or designer who can decide whether the ticket is specific enough for an agent to act on.

What's in the full article

1Password's full analysis covers the operational detail this post intentionally leaves for the source:

• The exact workflow skills used for scaffolding components, writing stories, and opening merge requests
• The MCP-backed context model for letting agents query component and token guidance at runtime
• The ticket-label trigger and reviewer qualification flow used before agent execution starts
• The prototype playground approach for designer-led interactive builds using real design system components

👉 Read 1Password's analysis of agentic coding in design systems →

Agentic coding in design systems: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →