Course 1 — The Master Course

Harness
Engineering

The model is 1.6% of an agent. The harness — the loop, tools, and safety wrapped around it — is the other 98.4%. This course teaches you to build, audit, and reason about that 98.4%. Fifteen modules. twenty-one deep-dives into real production harnesses. One mental model that makes every agent system legible.

26.5
hours
15
modules
21
deep-dives
260
artifacts
98.4%

Four independent teams — Anthropic, OpenAI, Google, and the open-source community — built production agent harnesses in 2025–2026 without coordinating. They produced architecturally identical systems: a loop, a tool layer, a safety layer. The model sits in the center, doing 1.6% of the work. Everything you can engineer, test, and improve is in the other 98.4%. That's what this course covers.

Module 0 — The Landscape
3 sections · 45 min
Modules 1–12 — The Deep Structure
12 modules · 24 hrs
01
The Execution Loop
Five architectures. Five stop conditions. Four subagent patterns. The heartbeat — everything else plugs into it.
90 MIN
02
Tool Design & the Tool Contract
The harness's primary interface to the world. What makes a tool good, bad, or dangerous. Schema design, error contracts, and the tool registry.
90 MIN
03
Context Management
The hardest engineering problem in production harnesses. What goes in, what gets evicted, and how to keep the model oriented across long sessions.
90 MIN
04
Memory Architecture
Continuity across sessions. The engineering challenge of durable, retrievable, trustworthy memory — without letting it become an attack surface.
60 MIN
05
Sandboxing & Execution Isolation
The blast radius problem. Where security engineering meets the harness. Seven isolation strategies from OS primitives to cloud VMs.
90 MIN
06
Permission, Approval & Safety
The harness's safety model. Who decides what the agent can do, and when to ask. Permission flags, approval gates, trust boundaries.
60 MIN
07
Error Handling & Recovery
Error compounding math: 99% per-step over 50 steps is 60% total failure. Retry strategies, circuit breakers, and graceful degradation.
45 MIN
08
State, Checkpointing & Multi-Session
Stateless agents are prototypes. Checkpointing, session resume, and the architecture for agents that survive crashes and handoffs.
45 MIN
09
Verification & Feedback Loops
Adding verification improves output quality 2–3×. Self-checks, test gates, and the verify-then-act pattern that separates toys from production.
45 MIN
10
Observability & Debugging
A harness you can't observe is a harness you can't trust. The 8-field per-turn payload. Tracing, metrics, and the debug loop.
45 MIN
11
Security Engineering
OWASP Agentic AI Top 10. Offensive techniques. Defensive architecture. The threat model that makes governance-beneath-the-agent mandatory.
90 MIN
12
Capstone — Build a Production Harness
Build the whole thing from scratch. Every module converges. You leave with a working, scored, defensible harness of your own.
90 MIN
Deep-Dives — 21 Production Harnesses
21 studies · 20 hrs
DD-01
Pi — The Minimal Baseline
4 tools, <1k prompt, ~1,200 LOC. The reference thin harness.
DD-02
Aider — The Benchmark Creator
3 years of iteration. Git-first. The thin-medium reference.
DD-03
OpenCode — Client/Server Architecture
156k stars. Client/server split enables Docker sandboxing.
DD-04
Codex CLI — The Production Rust Harness
The only production Rust harness. Single binary, zero deps.
DD-05
Gemini CLI — The Model-Lock Tradeoff
Gemini-only. Deep integration vs zero portability.
DD-06
oh-my-opencode — Meta-Harness
The canonical meta-harness. Mixed subagent patterns.
DD-07
OpenClaw — Platform & Trust
368k stars. 40+ channels. The breadth play. Trust architecture.
DD-08
Hermes — Layered Persistent Memory
Self-evolving skills. The depth play. The memory architecture.
DD-09
NemoClaw — Governance Beneath the Agent
NVIDIA's hardened OpenClaw fork. Governance outside the agent's reach.
DD-10
LangGraph — Graph-Based State Machines
Explicit graph = the loop. interrupt() + super-steps.
DD-11
OpenAI Agents SDK — 2-Layer Harness
2-layer split. 7 sandbox providers. Handoffs + approvals.
DD-12
CrewAI — Role-Based Multi-Agent
Most accessible multi-agent framework. Role-based design.
DD-13
OpenHarness — Academic Baseline
Most inspectable harness studied. Auto-compaction visibility.
DD-14
Mastra — Observability Primitives
Built-in observability. Explicit read/write memory boundary.
DD-15
Command Code — The Taste-Learning Harness
Diff-driven preferences that compound. Closed-source. $5M seed. Learns your coding taste.
DD-16
ZeroClaw — The Rust Microkernel
Trait-driven kernel. 6-layer safety. 25+ providers. Thin by philosophy, medium by reality.
DD-17
PicoClaw — The Edge-Hardware Harness
Go. Cross-compiles to RISC-V. Real I2C/SPI/Serial tools. The only harness that reads sensors.
DD-18
MetaClaw — The Self-Evolving Proxy
Proxy-layer skill injection + idle-time GRPO/LoRA training. Makes any agent self-improving.
DD-19
CrabTrap — The LLM-as-Judge Egress Proxy
Brex engineering. Two-tier static + LLM-as-judge HTTP proxy. Probabilistic governance bet.
DD-20
IronCurtain — The Deterministic Governance Runtime
Niels Provos. Agent never holds real credentials. Deterministic policy. Zero LLM at runtime.
DD-21
Tau — The Educational Reference Harness
Python. HuggingFace. Readable in an afternoon. ~300-line loop, typed events, non-destructive sessions.

Each module ships eight artifacts: a teaching document, diagrams (n8n workflows as the primary visual), a slide deck, a teaching script, flashcards, an exam, a lab specification, and a web page. The deep-dives ship four: the deep-dive document, diagrams, flashcards, and a web page. Every web page and diagram page is live on here.now for mobile review. Slide decks and exams are included in each module's published directory.

Continue
Course 2A — Building AI Harnesses for Cybersecurity
Bug bounty, AppSec, cloud posture, and smart contract automation. The security-domain application course that builds on this foundation.