Large language model (LLM)-based code agents suffer from safety unreliability and lack of controllability. Method: This paper proposes the Reflection-Driven Control (RDC) module, which embeds self-reflection *before* code generation to establish an endogenous, auditable, real-time safety control mechanism. RDC employs an internal reflection loop, an evolving reflection memory bank, and dynamic retrieval of safety policies and repair examples to enable constraint-injected reasoning enhancement. Contribution/Results: RDC pioneers the elevation of self-reflection from a posteriori remediation to an explicit, evidence-driven, endogenous control mechanism operating *during* generation. It supports low-overhead, plug-and-play integration. Evaluated on eight safety-critical programming tasks, RDC significantly improves code safety and policy compliance while preserving functional correctness; runtime and token overhead remain negligible.

Contemporary large language model (LLM) agents are remarkably capable, but they still lack reliable safety controls and can produce unconstrained, unpredictable, and even actively harmful outputs. To address this, we introduce Reflection-Driven Control, a standardized and pluggable control module that can be seamlessly integrated into general agent architectures. Reflection-Driven Control elevates "self-reflection" from a post hoc patch into an explicit step in the agent's own reasoning process: during generation, the agent continuously runs an internal reflection loop that monitors and evaluates its own decision path. When potential risks are detected, the system retrieves relevant repair examples and secure coding guidelines from an evolving reflective memory, injecting these evidence-based constraints directly into subsequent reasoning steps. We instantiate Reflection-Driven Control in the setting of secure code generation and systematically evaluate it across eight classes of security-critical programming tasks. Empirical results show that Reflection-Driven Control substantially improves the security and policy compliance of generated code while largely preserving functional correctness, with minimal runtime and token overhead. Taken together, these findings indicate that Reflection-Driven Control is a practical path toward trustworthy AI coding agents: it enables designs that are simultaneously autonomous, safer by construction, and auditable.