Is the performance overhead of the Harness layer high?

There is some latency because of additional model calls for validation and error correction. However, compared to the business loss caused by AI errors, this overhead is entirely worth it. In practice, we often use lightweight models (like GPT-4o-mini or Claude Haiku) as real-time validators in the Harness layer to reduce latency.

How do I design effective 'Human-in-the-Loop' (HITL) mechanisms?

Use dynamic triggers based on 'risk levels.' For read-only operations (reading files, querying databases), the Harness can allow them directly. For write operations or system command execution, the Harness must suspend the task and request confirmation from the developer.

What if the Agent gets stuck in an infinite loop?

This is a situation the Harness must handle. By setting `max_iterations` and `token_limit` for a single task within the workflow, the Harness must forcibly terminate the task and log the event once the threshold is exceeded.

Should the Harness for multiple Agents be independent or shared?

We recommend a **layered architecture**. The underlying 'Safety Sandbox' and 'Environmental Access' should be shared, but each Agent should have its own independent 'Self-Evaluation logic' and 'Task Memory' to maintain single responsibility.

Harness Engineering Practical Guide: Building Autonomous Agent Runtimes with MCP and LangGraph

TL;DR: The core of Harness Engineering is creating a "digital DMZ" (Demilitarized Zone) for AI. By providing tools via the MCP protocol, orchestrating logic with LangGraph, and isolating risks with Docker sandboxes, you can build an autonomous Agent that is safe enough to directly modify code and run tests. This post shares a complete implementation plan for a Harness architecture.

Introduction

In the Harness Engineering concepts guide, we defined the "Agent = Model + Harness" formula. Now, let's dive into the engineering: How do we build this constraint system from scratch?

The 2026 Harness Tech Stack

To build an industrial-grade Harness, you need these three core technologies:

MCP (Model Context Protocol): Acts as the "peripheral interface" for the Agent, connecting it to files, databases, and APIs.
LangGraph / PydanticAI: Used to orchestrate the Agent's "chain of thought," supporting loops, state persistence, and conditional branching.
Docker / WASM Sandbox: Acts as the "physical isolation" for the Agent, ensuring that code execution doesn't pollute the host machine.

Practical Steps: Building a "Self-Healing Coding Agent"

We'll build an Agent capable of automatically fixing linting errors.

Step 1: Defining Nodes and States (LangGraph)

First, we define the Agent's workflow logic at the Harness layer:

python

# Define the state machine with LangGraph
from langgraph.graph import StateGraph, END

def generate_code(state):
    # Call the LLM to generate code
    return {"code": ai_output}

def run_linter(state):
    # Harness runs 'npm run lint' in the sandbox
    result = sandbox.run("npm run lint")
    return {"errors": result.stderr if result.returncode != 0 else None}

def fix_errors(state):
    # Feed the error message back to the model for a fix
    return {"code": ai_fixed_output}

# Build the graph: generate -> lint -> (if error) fix -> lint
workflow = StateGraph(AgentState)
workflow.add_node("generate", generate_code)
workflow.add_node("lint", run_linter)
workflow.add_node("fix", fix_errors)

workflow.add_conditional_edges("lint", lambda s: "fix" if s["errors"] else END)

Step 2: Configuring the MCP Toolset

Through MCP, we give the Agent the "read/write file" capability, which the Harness will strictly audit:

json

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path/to/safe/dir"]
    }
  }
}

Step 3: Designing Human-in-the-Loop (HITL)

Include an approval node in the Harness. When the Agent wants to execute git push, it must trigger:

python

def human_approval(state):
    print("Agent is requesting a code commit; please confirm (y/n):")
    if input() == "y":
        return {"approved": True}
    return {"approved": False}

Three Secrets to Harness Optimization

1. Model Tiering Strategy

Don't use the most expensive model for everything.

Task Execution: Use Claude 3.7 (The Brain).
Output Validation: Use GPT-4o-mini (Fast, Cheap).
Simple Lint Checks: Use native regex or CLI tools directly without calling a model.

2. Context Pruning

In the "Generate-Error-Fix" loop, context accumulates quickly. The Harness should only keep the most recent error message and the current attempt path, pruning outdated logs to prevent model confusion.

3. Environment Snapshots

Before an Agent starts making large-scale modifications, the Harness must automatically create a Git branch or directory snapshot. If the Agent goes off track, you can roll back with a single click.

Typical Architecture Diagram

graph TD User["User Requirement"] --> Harness["Harness Controller"] Harness --> LLM["LLM Inference (Brain)"] LLM --> Tools["MCP Toolset (Hands)"] Tools --> Sandbox["Docker Sandbox (Safety)"] Sandbox --> Feedback["Result Feedback (Logs/Errors)"] Feedback --> Harness Harness -- "Valid Result" --> User

Summary

The essence of Harness Engineering is Distrust the model, but leverage it. Through LangGraph's flow control, MCP's capability extension, and sandbox isolation, you're not just writing prompts—you're building a "digital exoskeleton" for the AI's brain.

Next, you can explore how to combine multiple constrained Agents into a Multi-Agent System.

Related Reading: