Design the runtime environment around AI agents — constraints, guardrails, verification, sandboxing, feedback loops, and recovery mechanisms that make agents reliable at scale.
define agent boundaries → design guardrails → configure sandboxing → build verification pipeline → implement feedback loops → add recovery mechanisms → set up session continuity → validate end-to-end
context management → what the agent sees (repo-local, versioned artifacts only)
permission boundary → what the agent can access (files, tools, commands)
execution sandbox → where the agent runs (isolated, rollback-capable)
validation pipeline → how outputs are verified (deterministic + semantic)
architectural guard → structural rules the agent must not violate
feedback loop → how failures inform next attempts
recovery mechanism → how the system handles and corrects errors
session continuity → how state bridges across context resets
deps flow: types → config → repository → service → runtime → presentation
structural tests validate layer compliance automatically
agent cannot bypass constraints — enforcement is mechanical, not instructional
repository-centered → all agent-accessible knowledge lives in versioned artifacts
map over manual → concise pointers, not exhaustive instructions
scoped context → load only what the current task requires
knowledge promotion → external knowledge → repo artifact before agent use
adaptive compaction → progressively reduce older observations to preserve recent context
deterministic → static analysis, structural tests, schema validation
semantic → model-based correctness, intent alignment, output quality
composite → deterministic first (fast, cheap), semantic second (nuanced)
generator-evaluator → separate generation from evaluation in adversarial loop
low risk → automated validation only, no human gate
medium risk → automated validation + async human review
high risk → halt until explicit human approval before execution
progress artifact → structured file tracking completed work and next steps
initializer session → first run sets up environment and initial state
incremental session → subsequent runs read progress, advance, update artifact
context reset → clear context between sessions to prevent drift
automatic compaction → compress history when context limit approaches
single agent → one agent handles full task (prefer when sufficient)
plan-execute split → one agent plans, another executes (reduce reasoning load)
generator-evaluator → one agent produces, another critiques in adversarial loop
specialist routing → classify input, dispatch to domain-specific agent
capture → log every tool call, decision, and intermediate output
analyze → cluster failure patterns across runs
detect → identify doom loops (repeated edits to same target without progress)
convert → turn recurring failure patterns into new constraints or middleware
each harness component encodes an assumption about model limitations
when models improve → re-test assumptions → strip what is no longer needed
prefer removing complexity over adding it — simplification beats sophistication
harness must remain model-agnostic — swappable without structural changes
prompt-only safety → relying on instructions instead of mechanical enforcement
unbounded context → dumping all docs into context instead of targeted selection
trust-by-default → granting full access instead of least-privilege boundaries
manual-only review → human review as sole quality gate instead of automated verification
fix-and-forget → patching individual failures instead of creating reusable constraints
optimistic self-eval → agent evaluating own work without adversarial challenge
model-coupled harness → harness assumptions hardcoded to specific model behavior
session amnesia → no structured handoff between context windows
complexity accumulation → adding harness components without re-testing necessity