惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
酷 壳 – CoolShell
酷 壳 – CoolShell
G
Google Developers Blog
N
Netflix TechBlog - Medium
Recorded Future
Recorded Future
S
Securelist
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Scott Helme
Scott Helme
C
Check Point Blog
量子位
月光博客
月光博客
Last Week in AI
Last Week in AI
C
Cisco Blogs
G
GRAHAM CLULEY
B
Blog RSS Feed
K
Kaspersky official blog
爱范儿
爱范儿
J
Java Code Geeks
I
Intezer
aimingoo的专栏
aimingoo的专栏
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
C
CXSECURITY Database RSS Feed - CXSecurity.com
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - 三生石上(FineUI控件)
罗磊的独立博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
MongoDB | Blog
MongoDB | Blog
T
Threat Research - Cisco Blogs
N
News | PayPal Newsroom
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Security Latest
Security Latest
T
Tailwind CSS Blog
人人都是产品经理
人人都是产品经理
P
Privacy International News Feed
The Cloudflare Blog
H
Heimdal Security Blog
宝玉的分享
宝玉的分享
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
腾讯CDC
GbyAI
GbyAI
V
Visual Studio Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 聂微东
T
Tenable Blog
The Register - Security
The Register - Security
AI
AI
C
Cybersecurity and Infrastructure Security Agency CISA
S
Schneier on Security
L
LangChain Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Coding Agents Are Becoming Remote Workers. Enterprises Need an Agent Harness.
Bu Feng · 2026-05-21 · via DEV Community

Codex, Claude Code, managed agents, mobile handoff, sandboxes, approval prompts, and rising token costs all point in the same direction: AI agents are no longer just coding assistants. They are becoming long-running actors inside real software environments. MateClaw is built for the layer that comes next: the enterprise agent harness.

Project Links

The Conversation Has Moved Past “Can AI Write Code?”

For a while, the developer conversation around AI was simple:

Can this model write code?
Can it explain a file?
Can it fix a test?
Can it generate a pull request?

Enter fullscreen mode Exit fullscreen mode

That phase is over.

The more interesting question now is operational:

What happens when the agent keeps working after you close the laptop?
What happens when it needs to run a shell command?
What happens when it wants to edit files?
What happens when it gets blocked and needs human approval?
What happens when the task moves from desktop to mobile?
What happens when your company wants audit logs?

Enter fullscreen mode Exit fullscreen mode

Recent Codex and Claude Code developments make this shift clear. Codex is moving toward remote work loops that can be monitored and redirected from mobile. Claude’s managed-agent writing separates session, harness, and sandbox as first-class concerns. OpenAI’s sandbox engineering posts focus on the hard middle ground between “ask me every time” and “full access.” Anthropic is packaging agents around real industry workflows.

The signal is not just that coding agents are getting better.

The signal is that coding agents are becoming workers.

And workers need an operating model.

The Hidden Layer: Harness, Not Model

Most AI agent demos make the model look like the product. The model reads a prompt, calls a tool, and prints an answer. That is the clean demo path.

But production use does not live on the clean path.

A real agent run includes:

  • context assembly
  • model selection
  • tool routing
  • permission checks
  • shell or file access
  • retries
  • human approval
  • streaming state
  • audit records
  • workspace boundaries
  • notification channels
  • cost tracking
  • failure recovery

That is the harness.

The harness is the part around the model that turns a smart assistant into a manageable system.

This is where MateClaw fits.

MateClaw is an open-source, self-hosted Agent Harness OS for teams. It is not trying to replace Codex or Claude Code. It is trying to give organizations a place to run, govern, observe, and extend AI workers.

In a MateClaw deployment, Codex can be a coding capability. Claude Code can be a development employee. Local models can handle private or lower-risk tasks. MCP servers can provide tools. Internal systems can expose workflow-specific APIs. The important part is that all of those capabilities enter through one governed runtime.

Codex / Claude Code / local models / MCP tools / internal APIs
                         ↓
              MateClaw Agent Harness OS
                         ↓
Digital employees / Skills / Tool Guard / Approval / Channels / Audit

Enter fullscreen mode Exit fullscreen mode

That is a different category from “another chat UI.”

Why Mobile Handoff Changes the Agent Product

Codex moving into mobile workflows matters because it changes the social contract between user and agent.

When an assistant only responds while you are watching it, it feels like a tool.

When it keeps working in the background, pauses for clarification, asks for approval, and resumes after you answer from your phone, it starts to feel like delegated work.

That sounds subtle. It is not.

Delegated work creates new product requirements:

  • users need to see what is happening
  • agents need resumable state
  • approvals need to survive page reloads
  • notifications need to reach the right person
  • tools need risk levels
  • history needs to be inspectable
  • long tasks need a control plane

MateClaw already treats agents as digital employees, not just chat sessions.

Each digital employee can have a role, goal, tool set, skills, workspace, memory, knowledge context, channel presence, runtime status, and security rules.

That product model matters. An employee can be assigned work. A chatbot can only be prompted.

Sandboxes Are Not Enough

Sandboxing is necessary. It is not sufficient.

The Codex Windows sandbox discussion is useful because it makes a real tradeoff visible:

  • require approval for every command and the agent becomes slow
  • give full access and supervision becomes weak
  • block too much and the agent cannot do useful work
  • allow too much and the blast radius becomes unacceptable

Every company adopting agents will face this.

Once an agent can run shell commands, write files, query databases, send messages, or call internal APIs, you need more than a sandbox. You need a policy layer.

MateClaw’s Tool Guard is that policy layer.

Tool Guard can evaluate tool calls before execution:

  • low-risk actions can proceed
  • risky actions can require approval
  • destructive patterns can be blocked
  • shell execution can be treated as sensitive by default
  • file writes and cron changes can be approval-gated
  • audit trails can capture what happened

This is a practical distinction.

A sandbox asks:

Where can the agent run?

Enter fullscreen mode Exit fullscreen mode

A harness asks:

Should this specific action be allowed?
Who approved it?
What was the context?
Can we explain it later?

Enter fullscreen mode Exit fullscreen mode

Enterprises need both.

Approval Should Pause the Run, Not Kill It

Many agent products treat approval as a UI feature: show a confirmation box, then continue if the user clicks yes.

That works for simple flows. It breaks down for long-running work.

Consider a realistic task:

Inspect a repository
Run tests
Find a migration issue
Edit a file
Need approval before touching production config
Pause
Notify the reviewer
Resume after approval
Run verification
Write the report

Enter fullscreen mode Exit fullscreen mode

If approval kills the run, the user has to reconstruct context. That is not delegated work. That is babysitting.

MateClaw treats approval as part of the runtime lifecycle. A run can pause on an approval gate, persist the pending state, then resume after a decision.

That matters for engineering teams, operations teams, and any organization where sensitive actions require a human checkpoint.

The more agents become remote workers, the more this becomes table stakes.

Vendor Choice Is Becoming a Risk Surface

The Codex versus Claude Code debate is easy to frame as a winner-take-all race.

That is probably the wrong frame for enterprises.

The real world will be multi-agent and multi-provider:

  • one team may prefer Claude Code for complex refactors
  • another may prefer Codex inside ChatGPT workflows
  • security teams may want local models for sensitive triage
  • support teams may use cheaper models for classification
  • operations teams may need deterministic tool policies
  • finance teams may care about cost ceilings and audit trails

The more useful question is not:

Which coding agent wins?

Enter fullscreen mode Exit fullscreen mode

It is:

How do we keep control when the winning tool changes?

Enter fullscreen mode Exit fullscreen mode

MateClaw is designed to keep the harness stable while the agent ecosystem changes around it.

It supports multiple model providers, self-hosted deployment, local model paths, skills, MCP-style extension, approval workflows, channel adapters, and workspace boundaries. That gives teams a place to manage capability without hard-binding the organization to one vendor’s interface.

Skills Are the Product Shape Enterprises Actually Want

Anthropic’s industry-agent templates point to another important shift: companies do not want raw agents. They want packaged workflows.

Nobody wants to start from a blank prompt and build “an enterprise agent.” They want:

  • an operations assistant
  • a code review assistant
  • a sales research assistant
  • a knowledge manager
  • a support triage employee
  • a finance analyst
  • a release note writer
  • a document processing employee

MateClaw’s Skill system is built for this packaging layer.

A useful enterprise agent package should include more than a prompt:

  • the employee role
  • the system instructions
  • the skills it can use
  • the tools it can call
  • the model preference
  • the approval policy
  • the workspace scope
  • the knowledge sources
  • example tasks
  • channel bindings

That is how an agent becomes deployable by a team instead of handcrafted by one power user.

Why Java Matters

A lot of agent infrastructure is born in Python notebooks, TypeScript CLIs, and local developer environments.

That is fine for experimentation.

It is not always fine for enterprise operations.

Many companies still run a serious amount of production software on Java and Spring Boot. They have existing CI/CD, observability, identity, database, deployment, and security practices around that stack. If AI agents are going to become part of the production system, they need to fit into the production system.

MateClaw is built with that audience in mind:

  • Spring Boot backend
  • Vue 3 admin console
  • MySQL for production
  • H2 for development
  • Flyway migrations
  • StateGraph-based agent runtime
  • multi-channel adapters
  • workspace-aware data model
  • tool governance and approvals
  • one deployable service shape

That is not as trendy as a tiny agent CLI. It is more useful when IT has to run it.

The enterprise agent layer should not depend on one developer’s laptop.

Multi-Channel Is Not a Nice-to-Have

Work does not happen in one place.

Engineering teams live in GitHub, Slack, terminals, IDEs, and issue trackers. Chinese enterprise teams may use DingTalk, Feishu, WeCom, or QQ. Support teams may live in webchat. Managers may approve from mobile. Operators may need alerts in a channel, not a dashboard.

MateClaw assumes that agents need to exist across channels.

The important idea is continuity.

The same digital employee should be able to:

  • answer in the web console
  • receive a task from a team channel
  • notify a reviewer when approval is needed
  • resume work after a decision
  • keep the same memory and tool policy
  • preserve auditability across surfaces

This is where the “remote worker” metaphor becomes real.

If an AI agent is part of the team, it has to show up where the team works.

What MateClaw Is Not

MateClaw is not a replacement for every coding assistant.

If you are one developer using Claude Code or Codex locally, and you do not need approvals, audit trails, workspaces, or multi-channel operations, you may not need a full harness.

That is fine.

MateClaw becomes interesting when the question changes from personal productivity to organizational adoption:

How do we let agents touch real systems without losing control?
How do we route work across models and tools?
How do we make actions visible to operators?
How do we package reusable agent roles?
How do we keep data and approvals inside our own environment?

Enter fullscreen mode Exit fullscreen mode

That is the gap MateClaw is trying to fill.

The Next Agent Platform Will Look More Like Infrastructure

The first wave of AI tools felt like apps.

The next wave will look more like infrastructure.

It will include:

  • model routing
  • tool policy
  • sandbox integration
  • approval workflows
  • skill packaging
  • memory lifecycle
  • workspace isolation
  • audit logging
  • multi-channel delivery
  • runtime observability
  • human handoff

Those are not optional extras. They are what make agents acceptable inside organizations.

Codex and Claude Code are showing what powerful agents can do.

MateClaw is focused on what organizations need around those agents.

That is why the phrase “Agent Harness OS” matters. It is not about branding. It is about locating the missing layer.

The future is not one agent to rule them all.

The future is many agents, many models, many tools, and one governed place to run them.

References