The Agent Harness: Why Prompt Engineering Alone Can't Build Reliable AI Agents
Most agent projects stall because teams treat the model as the whole system. A Harness is what makes the difference between a demo that works once and an agent that runs unattended across dozens of steps without burning tokens, corrupting state, or executing dangerous commands.
Single tool calls and clever prompts can't sustain complex agent tasks like cross-file refactoring or long-running research. The missing piece is a Harness—a state-machine-driven runtime that sits between the model and the execution environment. It decomposes agent behavior into standard states (think, call tool, wait, finish, abort) and drives a closed-loop execution cycle.
The Harness consists of five core modules: dynamic prompt assembly with layered caching, an execution loop engine with hard step/timeout limits, a tool scheduler that parses and validates calls before sandboxed execution, a context state manager that compresses and prioritizes information to prevent window overflow, and a security guardrail layer enforcing pre-validation, isolation, and audit logging. Claude Code and OpenAI Codex both implement these patterns, though Claude Code has recently stripped 80% of its system prompt to rely more on model-native reasoning.
Common failures—infinite loops, ignored errors, context amnesia—trace back to missing Harness components, not weak prompts. The engineering advice is to start with a minimal closed loop (prompt + one tool + simple cycle), then layer in state management, sandboxing, and caching based on real failure cases, while instrumenting every step for token cost and success-rate data.
Prompt engineering is less than 20% of the Harness engineering surface, yet it receives disproportionate attention because it's the most visible part.
Claude Code's 80% prompt reduction contradicts the common instinct to add more rules; stronger models need clearer boundaries, not denser instructions.
Tool-call parsing failures are often blamed on the model when the real culprit is a Harness that doesn't enforce a strict output schema with XML or JSON tags.
Codex's multi-end shared Harness via JSON-RPC is an architectural bet that agent logic should be a service, not a per-client implementation—this changes how teams should think about shipping agent features.
The compact API that replaces raw context with encrypted hidden state is an under-discussed privacy and cost lever: it keeps semantic continuity without shipping full conversation text to the model provider on every turn.