Harness Engineering in Practice — How to Apply It to Your Project Right Now

-

Harness Engineering in Practice — How to Apply It to Your Project Right Now

You understand the concept (Part 3). You've seen how Anthropic implements it (Part 4). That leaves one question. How do you apply it to your own project?

This post covers concrete methods for putting harness engineering to work in production, and the shifts in the developer's role that this paradigm will bring.

Principle 1: Start from Failure

This is Mitchell Hashimoto's principle — and one the HumanLayer team arrived at independently.

Don't try to design the ideal harness upfront. Every time the agent fails, add a structural safeguard that prevents that failure from recurring.

In HumanLayer's words: "Have a shipping bias. Only touch the harness when the agent actually fails."

The mindset resembles TDD (Test-Driven Development). Just as you write a failing test first and then write the code to make it pass — you observe the agent's failure patterns and add harness elements that prevent them.

Research from ETH Zurich backs this up. After testing 138 agent configuration files:

  • LLM-generated config files: degraded performance + over 20% cost increase
  • Human-written config files: only a 4% improvement
  • Codebase overviews, directory listings: no measurable help at all

Agents are perfectly capable of exploring repository structure on their own. The key is to provide only the minimal, universally applicable guidance.

Principle 2: Less Is More

This is the most counterintuitive principle in harness engineering. More rules, more tools, and more agents don't always produce better results.

The Vercel case: initially they provided every available tool, but when they cut the tool set down, performance actually improved.

Connecting too many MCP servers? The tool definitions themselves consume system prompt tokens. A 200K context window can shrink to effectively 70K when overloaded with MCP tools.

HumanLayer's solution: instead of the Linear MCP server, they built a lightweight CLI wrapper around just the essential features. It saved thousands of tokens.

Recommendation: If the CLI is already well-represented in training data (GitHub, Docker, databases, etc.), prompting the agent to use the CLI directly is more efficient than wrapping it in an MCP server.

Step 1: Write a Context File

The first thing to do is create a context file at the project root. For Claude Code it's CLAUDE.md; for OpenAI Codex it's AGENTS.md.

## Build

- `npm run dev` to start the dev server
- `npm test` to run tests
- `npm run build` for production builds

## Coding Conventions

- TypeScript strict mode
- React components as functional components
- State management with Zustand
- API calls cached via React Query

## Architecture

- Package dependency direction: types -> utils -> hooks -> components -> pages
- No reverse dependencies
- Shared components go in src/components/shared/

## Commits

- Follow Conventional Commits
- Commit messages in Korean, no trailing period

The key: start short. When the agent repeatedly gets something wrong, add a rule for it. This is the same approach Mitchell Hashimoto describes — "every time the agent makes a mistake, stack up instructions that prevent the same mistake."

Directory-Level Distribution

As a project grows, a single monolithic file becomes inefficient. Claude Code supports per-directory CLAUDE.md files. When the agent works in a specific directory, only that directory's rules are loaded.

project/
├── CLAUDE.md              # Global rules (build, commits, coding style)
├── src/
│   ├── CLAUDE.md          # src-specific rules
│   ├── components/
│   │   └── CLAUDE.md      # Component authoring rules
│   └── api/
│       └── CLAUDE.md      # API layer rules
└── tests/
    └── CLAUDE.md          # Test writing rules

As the OpenAI team discovered, treating AGENTS.md as a table of contents (map) and structuring it so the agent reads only nearby instruction files is highly effective.

Step 2: Connect MCP (Selectively)

Connect external systems the agent frequently references via MCP (Model Context Protocol).

# GitHub
claude mcp add --transport stdio github -- npx -y @modelcontextprotocol/server-github

# Database
claude mcp add --transport stdio postgres -- npx -y @modelcontextprotocol/server-postgres

# Browser automation (Playwright)
claude mcp add --transport stdio playwright -- npx -y @anthropic/mcp-playwright

But connect only what you actually need. Always remember that tool definitions themselves consume tokens.

Recommended limits:
- Total MCP servers: 20-30 or fewer
- Simultaneously active: fewer than 10
- Active tools: fewer than 80

GitHub, Docker, and basic database CLIs are already well-covered in model training data. Prompting the agent to use the CLI directly saves tokens compared to wrapping them in MCP servers.

Step 3: Set Up Hooks

Add automated validation and feedback to the agent's actions.

Essential Hook: Automatic Code Quality Checks

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "command": "npx biome check --write $FILE_PATH",
        "description": "Auto-format after file modification"
      },
      {
        "matcher": "Edit|Write",
        "command": "npx tsc --noEmit",
        "description": "TypeScript type check"
      }
    ],
    "PreToolUse": [
      {
        "matcher": "Bash",
        "command": "echo $COMMAND | grep -q '\\-\\-no-verify' && exit 1 || exit 0",
        "description": "Block git commit --no-verify"
      }
    ]
  }
}

Recommended Hook: Session Learning

{
  "hooks": {
    "Stop": [
      {
        "command": "node scripts/evaluate-session.js",
        "description": "Extract learnable patterns at session end"
      }
    ],
    "SessionStart": [
      {
        "command": "node scripts/load-context.js",
        "description": "Load previous session context"
      }
    ]
  }
}

The core value of hooks: they run automatically during agent actions and are invisible to Claude. They carry enforcement power that cannot be bypassed.

Step 4: Enforce Incremental Work

This is the single biggest improvement Anthropic discovered. Force the agent to work on one feature at a time.

How to implement it:

  1. Require a Git commit after each task
  2. Instruct the agent to leave progress notes
  3. Design sessions so the next one starts from a clean state

You can express this in your CLAUDE.md like so:

## Work Style

- Work on one feature at a time
- Always Git commit after completing a feature
- Run related tests and confirm they pass before committing
- Never modify multiple features simultaneously
- Check current state before starting work (git status, run tests)

The OpenAI team reached the same conclusion: "When an agent struggles, treat it as a signal. Figure out what's missing (tools, guardrails, docs) and let the agent fix it itself."

Step 5: Use Sub-Agents

For complex tasks, spin them off to sub-agents. The goal isn't division of labor — it's context isolation.

Writing Effective Sub-Agent Prompts

Bad: "Investigate this bug"
Good: "A race condition is suspected in the refreshToken function
in src/auth/session.ts during expired token renewal. Analyze the
concurrent request scenario, and if confirmed, propose a fix
using a mutex or debounce pattern."

The key is to pass not just the query, but the objective context. Sub-agents have no visibility into the parent agent's conversation. Brief them like a sharp colleague who just walked into the room.

Model Selection Strategy

Assign different models to sub-agents based on task type:

Task Type Recommended Model Rationale
Code exploration/search Haiku Fast and cheap
General coding (90%) Sonnet Best cost-to-performance ratio
Architecture/security review Opus Requires deep reasoning
Documentation Haiku Simple generation task
Complex debugging Opus Requires multi-step reasoning

Iterative Search Pattern

When a sub-agent's results are insufficient:

  1. The orchestrator evaluates the sub-agent's return value
  2. Passes a follow-up question
  3. The sub-agent investigates further and returns
  4. Repeat until satisfactory (up to 3 rounds)

Step 6: Integrate Linters and CI

Automatically verify that generated code follows existing architecture rules. Wire up your existing linters and CI so the agent can read them, and a feedback loop forms where the agent reads CI failure logs and fixes the code itself.

## CI Integration (add to CLAUDE.md)

- Run `npm run lint && npm test && npm run build` before creating a PR
- On CI failure, read logs and attempt automatic fixes
- Never ignore lint errors
- Never commit with type errors

The mechanical enforcement the OpenAI team emphasized: telling an agent "do this" via a prompt is far less effective than blocking violations with linters and tests. An agent can ignore instructions, but it can't ignore a linter error.

Step 7: Provide Observability Tools

Give the agent the ability to debug its own work.

  • Log access: Let the agent read runtime logs from the code it generates
  • Browser automation: Use the Playwright MCP to let it see the actual screen
  • Metrics access: Let it check performance data, error rates, etc.

When Anthropic provided the Puppeteer MCP, something remarkable happened: the agent found and fixed a browser-native alert modal bug that was invisible from code alone. The key is making the agent test like a real user before declaring "feature complete."

Security: Non-Negotiables

As the harness grows more powerful, so do the security risks.

Anthropic's Minimum Security Baseline

  1. Separate agent identity from personal accounts
  2. Use short-lived, scoped credentials
  3. Run untrusted work in containers/VMs
  4. Block outbound network access by default
  5. Restrict access to paths containing secrets
  6. Sanitize files, HTML, and screenshots before passing them
  7. Log tool calls, approvals, and network attempts
  8. Implement process-group kill and dead-man switches

Real-World Security Incidents

  • CVE-2025-59536 (CVSS 8.7): A startup trust dialog implementation bug allowed premature code execution. Fixed in v1.0.111
  • CVE-2026-21852: Exploitation of ANTHROPIC_BASE_URL enabled API requests before trust verification. Fixed in v2.0.65
  • Snyk ToxicSkills report: Prompt injection found in 36% of 3,984 publicly available skills

Anthropic's philosophy: "Assume malicious text will enter the context. Assume tool descriptions can lie. Build the system so that even if the model is persuaded by malicious input, the system still operates safely."

The Future: What Harness Engineering Will Change

Harness-as-a-Service Templates

Thoughtworks' Birgitta Böckeler raised an interesting question. Most organizations use only 2-3 major tech stacks. Not every application is a unique snowflake.

A plausible future: service template systems where pre-built harnesses for each application type serve as starting points, and teams customize incrementally.

Projects in this direction are already emerging:
- agent-skills (Addy Osmani, Google Cloud AI Director): 19 structured skills
- GBrain (Garry Tan, YC CEO): personal knowledge base with 20 built-in MCP tools
- Awesome Design.MD: 60+ service design systems packaged as markdown

Shifting Criteria for Tech Stack Selection

Today: you pick the framework with the "best developer experience."
Tomorrow: you may pick the framework with the "best harness."

"AI-friendliness" becomes a key criterion in framework selection. Individual developer preference and minor interface inefficiencies matter less.

Self-Improving Harnesses

Meta AI's HyperAgents research: a self-referential framework where agents design their own harnesses. It automatically builds persistent memory, performance tracking, and multi-stage verification pipelines.

Directions LangChain is exploring:
1. Parallel orchestration: hundreds of agents working in parallel on a shared codebase
2. Self-improvement loops: agents analyze their own execution traces to find and fix harness-level failure causes
3. Adaptive harnesses: dynamically assembling tools and context based on the task, with no pre-configuration

The Legacy Code Gap

A gap is forming between codebases built from scratch with AI agents and legacy codebases from the pre-harness era.

Retroactively applying a harness to legacy code is like running a static analysis tool for the first time. Expect a flood of warnings. But you have to start somewhere.

A Checklist to Start Right Now

Don't overthink it. Start with what you can do today.

Immediate:
- [ ] Write a CLAUDE.md at the project root (build commands, coding conventions, commit rules)
- [ ] Every time the agent makes a mistake, add the corresponding rule to CLAUDE.md
- [ ] Set up a hook to block git commit --no-verify

Within one week:
- [ ] Add auto-formatting/type-checking hooks after file modifications
- [ ] Selectively connect MCP servers you need (3-5)
- [ ] Try splitting tasks with sub-agents

Within one month:
- [ ] Distribute CLAUDE.md files across directories
- [ ] Connect CI/CD pipeline to the agent's feedback loop
- [ ] Introduce cross-session state management patterns (progress files, feature lists)
- [ ] Run through the security checklist

Closing: The Bottleneck Is the Environment, Not the Model

Over three posts, we've covered harness engineering. The concept (Part 3), the implementation (Part 4), and the practice (Part 5).

The core message is simple. The bottleneck in agent performance is often environment design, not model intelligence.

Model capability is rapidly converging. When GPT pulls ahead, Claude catches up. When Claude pulls ahead, Gemini catches up. But the harness is an asset your team has to build. Tool integrations, error recovery logic, architectural constraints, documentation structure — these don't ship all at once like a general-purpose model update.

A year ago, in Part 1 of this series, I wrote about the decline of prompt engineering. What I sensed back then has become reality. The cycle of change has compressed from six months to one week, and what matters is no longer what you ask AI, but how you build the environment for AI to work correctly.

"The rigor of writing code" is shifting to "the rigor of designing environments."

We're right in the middle of that transition. And harness engineering is the most practical starting point within it.

If your coding agent isn't performing as expected, check the harness before blaming the model. The answer is almost always there.

댓글

댓글 쓰기

이 블로그의 인기 게시물

The Complete Scenario Architecture — Weaving It All Together

-
The Complete Scenario Architecture — Weaving It All Together Over 19 parts, we designed individual elements. Now it is time to weave them all together. Here is the complete picture of the design built with AI. System Architecture Summary This visual novel runs on three core systems. 1. Emotion System (3 Layers) Layer A - Fundamental Disposition: need_for_affection, fear_of_rejection, pride, insecurity Layer B - Momentary Emotion: affection, anger, sadness, jealousy, admiration, fear Layer C - Relationship State: trust, reliance, intimacy, tension, resentment, respect Love is not a variable. It emerges from the combination of Layer C variables. 2. Context System location: 5 locations time: 4 time periods weather: 4 weather types (not player-controllable) privacy: 3 levels mood: 5 atmospheres The same event creates different emotions depending on context. 3. Memory System Pattern tracking: did_not_ask, avoided_confession, missed_timing, etc. Event flags: shared_umbrella, saw...
자세한 내용 보기

사랑을 직접 올리지 않는 설계

-
사랑을 직접 올리지 않는 설계 이전 편에서 3계층 감정 모델을 설계했다. 그 중 가장 중요한 원칙이 하나 있다. 사랑이라는 변수는 시스템에 존재하지 않는다. love += 1은 없다. 대신 사랑은 다른 변수들의 조합에서 "발생"한다. 이게 이 시스템의 핵심이고, 기존 호감도 시스템과의 가장 큰 차이다. 왜 사랑을 직접 변수로 두면 안 되는가 AI와 이 주제로 대화했을 때, AI가 흥미로운 관점을 제시했다. "사랑은 다른 감정과 같은 급이 아니다." 슬픔, 분노, 질투, 두려움. 이것들은 단발적 감정이다. 특정 사건에 반응해서 올라가거나 내려간다. 하지만 사랑은 다르다. 사랑은 보통 단발 감정보다 누적된 관계 해석의 결과 에 가깝다. 신뢰가 높다. 의존이 있다. 친밀감이 쌓였다. 질투도 약간 있다. 상실 공포가 있다. 상대를 반복적으로 우선 선택한다. 이 조합을 플레이어가 "사랑"으로 읽는 거다. 시스템적으로 이걸 표현하면 이렇다. love_state = ( trust >= 70 and intimacy >= 60 and fear_of_loss >= 30 and chosen_priority >= 5 ) love를 직접 올리는 게 아니라, 사랑이 발생하는 조건을 설계하는 것이다. 이 차이가 크다. 왜 이 방식이 더 자연스러운가 현실을 생각해보자. 누군가를 사랑하게 되는 순간을 정확히 짚을 수 있는 사람이 있는가? 대부분은 없다. 어느 날 문득 "아, 내가 이 사람을 좋아하는구나"를 깨닫는 거다. 사랑은 시작 버튼을 누르는 게 아니라, 이미 쌓여 있던 것을 인식하는 거다. love += 1 시스템에서는 이 경험을 재현할 수 없다. 선택할 때마다 사랑이 올라가니까, 플레이어는 "지금 사랑이 몇 점쯤 되겠지"를 계산하게 된다. 감정이 아니라 점수 관리가 된다. 조건 조합형에서는 다르다....
자세한 내용 보기

Read This Before You Pay for a Vibe Coding Course

-
Read This Before You Pay for a Vibe Coding Course You've seen the YouTube video. Someone who knows zero coding talks to AI for a few minutes and an app pops out. A million views. The comments are full of "amazing" and "I'm trying this." You followed along and got 30 errors? The video didn't lie. It just edited out the important parts. And there's a course link sitting quietly in the description. Let's talk about what got cut. Fine, I'll Admit It — The Barrier Did Drop Credit where it's due. Vibe coding lowered the barrier to coding. That's a fact. "Vibe Coding" is a term coined by OpenAI co-founder Andrej Karpathy in early 2025. Instead of writing code, you describe what you want to AI and use the output. "Make me a login screen," "add a popup when the button is clicked" — it actually works. A simple page, a prototype, automating repetitive tasks. These genuinely work well. Knocking out a demo for...
자세한 내용 보기