惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Hacker News
The Hacker News
C
Cisco Blogs
P
Privacy & Cybersecurity Law Blog
Cloudbric
Cloudbric
S
Security Affairs
PCI Perspectives
PCI Perspectives
The Last Watchdog
The Last Watchdog
AWS News Blog
AWS News Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
N
News and Events Feed by Topic
W
WeLiveSecurity
T
Tenable Blog
L
LINUX DO - 最新话题
T
Tor Project blog
Help Net Security
Help Net Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
爱范儿
爱范儿
O
OpenAI News
Hacker News - Newest:
Hacker News - Newest: "LLM"
Y
Y Combinator Blog
I
Intezer
C
Check Point Blog
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
S
Securelist
P
Privacy International News Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
Vulnerabilities – Threatpost
Schneier on Security
Schneier on Security
量子位
SecWiki News
SecWiki News
L
Lohrmann on Cybersecurity
T
Threat Research - Cisco Blogs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
M
MIT News - Artificial intelligence
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Scott Helme
Scott Helme
H
Help Net Security
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
Spread Privacy
Spread Privacy
Know Your Adversary
Know Your Adversary
I
InfoQ
TaoSecurity Blog
TaoSecurity Blog
Blog — PlanetScale
Blog — PlanetScale
N
News | PayPal Newsroom
小众软件
小众软件
C
CERT Recently Published Vulnerability Notes

Microsoft for Developers

How to test agent skills without hitting real APIs - Microsoft for Developers Building AX evals that actually work - Microsoft for Developers Let’s Learn GitHub Copilot App - Free Virtual Training Event - Microsoft for Developers The hidden variables in your agent eval - Microsoft for Developers Don't rewrite your CLI for agents - Microsoft for Developers Not all model upgrades are upgrades - Microsoft for Developers What AI benchmarks are not telling you - Microsoft for Developers Your agent already has a plan - Microsoft for Developers Learn from Microsoft: Transform software development through an agentic platform - Microsoft for Developers When the model has never seen your code - Microsoft for Developers Models don't have preferences, they have context - Microsoft for Developers Stop overloading your skills - Microsoft for Developers Competing against yourself - Microsoft for Developers Your agent just scaffolded a project from 2020 Is your agent extension actually working? Stop skillmaxxing, save your tokens - Microsoft for Developers Spec-Driven Development: A Spec-First Approach to AI-Native Engineering Microsoft Build 2026 recap: vision, launches, and top sessions Improve your agentic developer tools by grounding in Microsoft Learn How AI coding agents actually use your technology The AX stack: what’s fixed, where you can win Agentic-Agile: Why Agent Development Needs Agile (Not Just Prompts) Azure Cosmos DB Conf 2026 Recap: Lessons from Production LangChain.js for Beginners: A Free Course to Build Agentic AI Apps with JavaScript - Microsoft for Developers Securing MCP: A Control Plane for Agent Tool Execution - Microsoft for Developers Take your PostgreSQL-backed apps to the next level Awesome GitHub Copilot just got a website, and a learning hub, and plugins! Build a real-world example with Microsoft Agent Framework, Microsoft Foundry, MCP and Aspire
When your agent extensions fight each other - Microsoft for Developers
Waldek Mastykarz · 2026-06-17 · via Microsoft for Developers

June 17th, 2026

0 reactions

Principal Developer Advocate

This is the fourth article in a series about Agent Experience (AX): the practice of making AI coding agents work correctly with your technology. The series covers what you can and can’t control in the agent stack, how to measure whether your extensions are helping or hurting, and how to iterate toward better outcomes.

You shipped your extension, measured it, confirmed it creates lift. Then a developer installs it alongside 14 other extensions, and outcomes get worse. Not because your extension is broken, but because extensions don’t exist in isolation: they compete.

In the previous article, we covered how to measure whether a single extension creates lift or drag. That measurement assumed a clean environment: your extension, and nothing else. Real developer workspaces don’t look like that. Real workspaces have MCP servers for their cloud provider, instruction files from their team, skills from their framework, and whatever’s trending on social this week. The question really isn’t whether your extension works, it’s whether it works well with others.

More extensions, worse outcomes

It seems like extensions should be additive: extension A improves authentication code, extension B improves database queries. Install both, get better auth and better queries. Right? Not quite.

Every extension consumes tokens in the context window just by being installed. Tool descriptions and skill definitions take up space before you even type a prompt. A single MCP server with 8 tools might add 2,000 tokens of tool descriptions. Five MCP servers? That’s 10,000 tokens of tool descriptions alone, and you haven’t asked anything yet. The context window is a fixed budget. Every token spent on tool descriptions is a token not spent on workspace context or conversation history. Install enough extensions and the harness starts making cuts: summarizing tool descriptions, dropping tools it deems irrelevant, and truncating whatever doesn’t fit. Your carefully written tool description might get compressed into something the model can barely interpret.

Two stacked bars representing the same fixed-size context window. The left bar, labeled "2 extensions," has a small tool-descriptions segment and a large workspace-context segment. The right bar, labeled "10 extensions," shows tool descriptions dominating the window while workspace context shrinks to a sliver.

But it’s not just about space. Every token in the context changes the path the model takes. The model doesn’t process your extension’s content in isolation and then process the next one separately. It attends to everything at once. Add a database extension next to your auth extension, and both extensions produce different output than either would alone, even if they have nothing to do with each other. The mere presence of unrelated tool descriptions shifts the model’s attention and changes the output.

We’ve measured this directly: the same extension that produces consistent lift in isolation can produce drag with even one other extension present. Not because the extension changed, but because the environment around it did.

Three ways extensions conflict

Not all composition problems are about token budgets, though. Extensions can actively interfere with each other in ways that are harder to spot.

Vocabulary collisions

Two extensions describe their tools using similar language. Your tool says “manage authentication settings”, another tool says “configure identity and access.” The developer asks “set up auth for my app.” Both tools match the intent, the model picks one, and it might not be yours.

A developer prompt reading "set up auth for my app" at the top, with two arrows branching down to two tool cards: "manage authentication settings" on the left and "configure identity and access" on the right. A dashed arrow from the prompt points to the right card, indicating the model picked the wrong tool.

How would you even debug that? The developer sees wrong output and blames the model. But it’s not a bug in either extension, it’s an emergent property of putting two tools with overlapping vocabulary into the same context. The model doesn’t know which one the developer means, and it can’t ask (most harnesses don’t support clarifying questions for tool selection). It makes a choice based on factors you can’t see such as context position and training data associations. What’s more, that choice might change between runs.

Guidance conflicts

Extensions inject guidance through tool descriptions and skill definitions. The agent also picks up instruction files (.github/copilot-instructions.md, AGENTS.md, .instructions.md) in the repo. Both end up in the same context window, and neither knows the other exists.

The collision happens when an extension’s guidance contradicts the repo’s instructions. Your extension’s tool description says “always use the v3 SDK.” The team’s copilot-instructions.md says “we use the v2 SDK for legacy compatibility.” Which one wins? The model sees both, and the outcome depends on context ordering and phrasing strength, filtered through whatever the model’s training data says about the technology. The result is unpredictable, and it can flip between runs.

And it happens between extensions too. Two extensions that both provide guidance on authentication patterns, each assuming it’s the only authority. The model gets contradictory instructions with no way to tell which one matters.

Resource competition

Two scenarios side by side. On the left, two MCP servers both point to a "project setup" task. On the right, three skills all point to a "deploy" task. Arrows show multiple tools competing to handle the same request.

Some extensions don’t conflict semantically but compete for the same agent behavior. For example, two MCP servers that both want to be called for “project setup,” or three skills that all trigger on “deploy.” The model might call all of them (burning tokens and turns), call the wrong one, or call one and assume it covered the others.

And then there’s the subtle version: two tools return complementary but overlapping information. The model gets a detailed API reference from one tool and a quickstart guide from another. Both are accurate and relevant, but together they consume 6,000 tokens and the model has to reconcile two different framings of the same concept. It might merge them correctly, pick one and ignore the other, or get confused and generate code that mixes patterns from both leaving you with broken code.

The composition tax

Even when extensions don’t conflict at all, each one has a cost. Every installed extension takes up space in the context window and adds potential tool calls the model has to evaluate. This is the composition tax: the overhead of having extensions present, whether they’re used or not.

Here’s what that looks like in practice. You install five extensions. You ask a question that’s relevant to only one of them. The model still has to read all five tool descriptions to decide which one to call, spending tokens and processing time on four irrelevant tools. Sometimes it calls one that isn’t even relevant because its description seems related, wasting a turn and injecting irrelevant content into the context for the rest of the session.

“Install everything, let the agent figure it out” is a losing strategy. Every extension you add has a marginal cost, and past a certain threshold, the cumulative cost exceeds the benefit.

Measuring net lift

In the third article, we measured lift by comparing a baseline (no extensions) against a single extension. Composition measurement extends this to the full stack.

The additive approach

Start with your baseline (no extensions). Add one extension at a time and measure outcomes at each step:

A horizontal sequence of stacked bars, each one segment taller than the last: Baseline, then plus Extension A, plus B, plus C. The bar at plus C drops in height, with a callout reading "Composition problem here." Arrows between bars are labeled "delta outcome."

  1. Baseline: no extensions
  2. +Extension A: measure
  3. +Extension A +Extension B: measure
  4. +Extension A +Extension B +Extension C: measure

At each step, you’re asking: did outcomes improve, stay the same, or degrade, and at what cost? If adding Extension C to the stack causes outcomes to drop, you’ve found a composition problem, but you don’t yet know why.

Isolating the cause

When you see degradation, run the failing combination with one extension removed at a time:

  • Extension A + Extension C (without B): does the problem persist?
  • Extension B + Extension C (without A): does the problem persist?
  • Extension C alone: does it produce lift?

If Extension C produces lift alone but drag when combined with Extension A, you have a pairwise conflict. If Extension C produces drag whenever the total extension count exceeds a threshold, you have a token budget problem.

The distinction matters because the fix is different. A pairwise conflict means the two extensions are interfering semantically, whether through overlapping descriptions or conflicting instructions. A token budget problem means the context window is saturated and adding anything causes degradation. You fix a conflict by changing what extensions say. You fix saturation by reducing what extensions include.

Net lift

The metric that matters for composition is net lift: the difference between your full extension stack and the baseline.

Net lift = (outcome with all extensions) – (outcome with no extensions)

Individual extensions might each produce lift in isolation, but the stack as a whole might not. If Extension A adds +15% and Extension B adds +12% individually, but together they add only +10%, you’re losing value to composition effects. If together they add +20%, you’re getting positive composition: the extensions reinforce each other.

A grouped bar chart with four bars. Extension A alone at plus 15 percent, Extension B alone at plus 12 percent, a dashed outline bar showing their expected combined total of plus 27 percent, and a solid bar showing the actual combined result of plus 10 percent. The gap between expected and actual is labeled "composition tax."

Track net lift alongside individual lift to see whether your stack is greater than, equal to, or less than the sum of its parts.

What actually helps

You don’t control other people’s extensions. But you control yours, and you influence how your users configure their workspace.

Make your extensions lean

Every token in your tool descriptions and instruction files is a token that could be used for something else. Be concise. If your tool description can convey the same intent in 50 tokens instead of 200, use 50. If your MCP server has 15 tools but only 5 are commonly used, consider splitting it so the harness only loads what’s needed. Similarly, if you provide a set of skills, that are commonly used together, bundle them into a single skill with progressive disclosure and routing instead of separate skills that each take up context.

You’d think more detail means better tool selection. It doesn’t. In a crowded context window, brevity wins. A short, precise description that actually fits in the context is infinitely better than a detailed one that gets truncated.

Use distinct vocabulary

If your tool does something that other tools also do, find language that’s specific to your technology. Instead of “manage authentication settings” (which could match 10 different tools), use your product name and specific terminology: “configure Contoso Identity PKCE flow.” The model can still match it to the intent “set up auth,” but now it has a distinguishing signal when another auth tool is present.

Test in realistic environments

Don’t evaluate your extension in isolation only. Build profiles that include the extensions your audience actually uses. If your developers typically have an Azure extension, a Docker extension, and a testing framework extension installed, test with those present. Your extension needs to produce lift in that environment, not in a clean room.

Document known conflicts

If your extension conflicts with popular tools, say so. If it works best as the only extension for a particular domain, say that too. Developers can’t fix composition problems they don’t know about.

Keep measuring

Composition is a moving target. Other extensions update their descriptions. Harnesses change how they rank tools. New extensions appear. An extension stack that works today might develop composition problems next month. Include composition testing in your regular evaluation cycle, not as a one-time check.

Summary

Extensions don’t exist alone. They share a finite context window and compete for the model’s attention, often interfering in ways invisible from the outside. More extensions don’t mean better outcomes. Past a threshold, each one costs more than it contributes.

Measure net lift across your full stack, not just individual extension impact. Keep your extensions lean enough to compose well with whatever else is installed. In the next article, we’ll look at what happens when the model has never seen your code at all: bootstrapping agent knowledge for proprietary technology with zero pre-training data.

Category

Topics

Author

Waldek Mastykarz

Principal Developer Advocate

Waldek is a Principal Developer Advocate at Microsoft focusing on AI Coding Agents. He researches AI Coding Agents, and evaluates and improves Agent Experience for Microsoft's products and services.