惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security @ Cisco Blogs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
Cyberwarzone
Cyberwarzone
SecWiki News
SecWiki News
Webroot Blog
Webroot Blog
L
LINUX DO - 最新话题
V
Vulnerabilities – Threatpost
T
Troy Hunt's Blog
Cloudbric
Cloudbric
L
LINUX DO - 热门话题
Google DeepMind News
Google DeepMind News
H
Heimdal Security Blog
S
Schneier on Security
NISL@THU
NISL@THU
The Hacker News
The Hacker News
Attack and Defense Labs
Attack and Defense Labs
A
Arctic Wolf
V2EX - 技术
V2EX - 技术
Security Latest
Security Latest
AWS News Blog
AWS News Blog
Scott Helme
Scott Helme
W
WeLiveSecurity
S
Secure Thoughts
Y
Y Combinator Blog
GbyAI
GbyAI
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - Franky
量子位
人人都是产品经理
人人都是产品经理
雷峰网
雷峰网
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
T
Tenable Blog
The GitHub Blog
The GitHub Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
J
Java Code Geeks
Vercel News
Vercel News
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
小众软件
小众软件
Engineering at Meta
Engineering at Meta
宝玉的分享
宝玉的分享
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Palo Alto Networks Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The Agent Harness Is the Real Product. The Model Is Just the Engine.
Anil Kurmi · 2026-05-16 · via DEV Community

On May 15, the VS Code team published a blog post that quietly reframed the last two years of "best coding model" arguments. Buried inside it is a scatter plot from their internal benchmark, VSC-Bench, that I have been thinking about all week.

The chart compares eight model-effort configurations across forty containerized runs. The line you expect goes up and to the right: more reasoning effort, more tokens, more tasks resolved. It mostly does. Until you get to xhigh. At xhigh, the model burns more tokens than high and resolves fewer tasks. The caption is dry as gravel: "may indicate that it is past the useful effort sweet spot where extra thinking no longer converts into better outcomes."

Read that twice. The biggest, hungriest, most expensive setting is worse. Not slower. Worse. And the only reason anyone knows is because someone built a harness that could measure it.

That is the story of the week. The model is the engine. The harness is the car. And this week, three different teams shipped pieces of the car.

The 5-Minute Skim

  • What changed this week: VS Code documented its Copilot agent harness in detail, shipped Agents Window to Stable in 1.120, Visual Studio added Agent Skills, and Martin Fowler published a framework that tells you why none of this is enough.
  • Default recommendation: Stop chasing model upgrades in isolation. Tune the harness — context assembly, tool exposure, system prompts — per model, and measure with a closed-loop eval. Treat skills (SKILL.md files) as a first-class context-budget tool.
  • When it breaks: The "behaviour harness" is still unsolved. Your linters and ArchUnit will catch dead code and layering violations. Nothing catches the AI writing a 300-line function that works but that no senior on your team would ever ship.
  • Key trade-off: More reasoning effort is not free, and beyond a point it actively hurts. Spend the budget on harness engineering instead.

Visual Architecture: The Harness Is the Loop

Diagram: Visual Architecture: The Harness Is the Loop

The model is one node. The harness is the cycle wrapped around it, plus the eval loop that grades the cycle.

Why does this conversation matter now?

For most of 2024 and 2025, the discourse on coding agents was a model-leaderboard arms race. Sonnet vs. GPT vs. Gemini. SWE-bench scores. Twitter threads with column charts.

Then May 15 happened. The VS Code engineering team published "Agent Harnesses in GitHub Copilot for VS Code" and Julia Kasper wrote one of the cleanest framings I have read all year: "The model gets better at filling in the blanks, but the harness defines what the blanks are."

Two days earlier, VS Code 1.120 pushed the Agents Window to Stable and shipped two settings that look small until you read them: chat.tools.compressOutput.enabled, which trims terminal output before it hits the model, and chat.tools.riskAssessment.enabled, which tags commands as Safe / Caution / Review carefully. Neither is a model improvement. Both change what the agent does. Same day, Visual Studio's DevBlog announced Agent Skills, built on the agentskills.io spec. And Martin Fowler published "Harness engineering for coding agent users," which gives the whole movement a vocabulary.

Four pieces, one week. The harness has graduated from implementation detail to product surface.

What is actually inside a harness?

Strip away the marketing and you have three responsibilities and one loop.

The context assembler decides what goes into the prompt. Not just the user message — the open file, recent edits, terminal output, prior tool results, pinned memory, the relevant chunks of AGENTS.md. This is the layer that gets blamed when the model "forgets" what you told it three turns ago. It rarely deserves the blame. Context windows are finite, and someone had to choose what to drop.

The tool exposure layer turns the things the agent can do into JSON schemas the model can call. This is where the per-model divergence lives, and it is more brutal than I expected. Claude models in Copilot use a tool called replace_string_in_file. GPT models use apply_patch. Gemini, in Kasper's words, "needs reminders to use tool-calling instead of narrating it, and breaks on orphaned tool calls in history."

Read that again. Gemini will sometimes describe what it is about to do instead of doing it. The harness has to detect this and nudge it back. If a previous tool call is left dangling because of a network hiccup, Gemini's run dies. It is what the model is. The harness has to know.

The tool executor validates arguments, spawns processes, captures output, and decides what to send back to the model. This is where output compression lives. A 12,000-line npm install log is context poison. The 1.120 setting collapses it to a banner like "lockfile diff omitted" plus the final summary, and the model proceeds without choking on yarn progress bars.

Wrapped around all three is the agent loop: think, act, observe, repeat. VS Code calls a single LLM invocation a round, a user-facing exchange a turn, and the whole conversation a run. Tool-call limits per round. Context-window summarizer. Stop hooks. None of it is the model.

Claude Sonnet 4, Sonnet 4.5, and Opus each get their own system prompt. The team tunes the harness against pre-release model checkpoints before the model goes public. By the time you see "Claude X.Y is now available in Copilot," somebody has spent days re-shaping the scaffolding around it.

Why is per-model tuning real engineering, not a config flag?

This is the part most teams underestimate.

The temptation is to write one harness that takes a model_id and routes the call. One context assembler. One tool registry. One prompt template with a couple of conditional blocks. It is the right starting point. It is also the wrong place to stop.

The VS Code team makes the opposite call. Different system prompts per model family. Different tool sets — not just different names for the same tool, but actually different tools because apply_patch and replace_string_in_file have different failure modes. Different reminders for Gemini. Different trim policies because some models cope better with long tool history than others.

Why does this matter for the rest of us? The moment you ship a model picker, you have inherited this problem. A user clicks the dropdown from Sonnet to GPT, and your harness either gracefully retunes itself or it produces worse output than the model is capable of. Switching models without retuning the harness can decrease quality. That is the unintuitive bit.

Model-agnostic frameworks are useful for the first 80% of the work. The last 20% — the part your users feel — lives in the per-model glue.

VSC-Bench: when more thinking hurts

Back to the chart that started this post.

Diagram: VSC-Bench: when more thinking hurts

The line goes up, then bends down at xhigh. More reasoning tokens, fewer tasks resolved. The dry-as-gravel caption: "past the useful effort sweet spot."

VSC-Bench runs forty tasks across eight model-effort configurations inside containerized workspaces. Each container launches a real VS Code, drives the full agent loop, and grades the result. It is offline, deterministic enough to compare runs, and free of the SWE-bench contamination problem where models may have been trained on the very issues being tested.

What it shows is that effort is a curve, not a ramp. Medium to high reasoning effort buys more resolved tasks. High to xhigh costs more tokens and gives back fewer. There is a measurable ceiling. Past it, the model's "extra thinking" looks like a drunk person re-litigating the same argument with themselves.

It is rare to see a vendor publish a chart that says "our most expensive setting is worse." Most release notes would have quietly removed xhigh from the documentation. Without VSC-Bench, you would just be guessing.

If you have not built an evaluation that drives the entire loop end-to-end on a fixed task set, you do not actually know whether your agent is getting better. You know whether your latest commit feels good in a demo.

The PR-level eval pipeline

The plumbing behind VSC-Bench is, in some ways, more interesting than the benchmark itself.

Diagram: The PR-level eval pipeline

Six steps, fully automated. A regression in the harness is caught before merge, not after a Twitter thread surfaces it.

A pull request to the Copilot extension is tagged ~requires-eval-assessment. That label triggers an Azure DevOps build, which packages the eval agent for that PR, versions it, and publishes it to an internal vscode-evals npm feed. A repository_dispatch event fires off to a separate repo, github/evald, which pulls the freshly published eval agent and runs the benchmark. Intermediate status comments are queued back to the PR via an Azure Logic App. Final results show up as comment links — not an inline analysis body, because dumping full traces into a PR conversation would make it unreadable.

A closed loop. Code change → packaged eval agent → containerized run → comment with links → human reviews. The per-PR gate means a regression in the harness is caught before it ships, not after a Twitter thread surfaces it.

Most teams I talk to do not have this. They have unit tests for JSON schemas and a manual demo before the release. The gap between that and what VS Code is doing is the gap between "we shipped an LLM feature" and "we are running an agent platform."

Skills as a harness extension primitive

While VS Code documented the harness, Visual Studio shipped Agent Skills, built on the agentskills.io specification. Same week, same conceptual move: turn extensible behavior into something the harness can reason about.

A skill is a directory containing a SKILL.md file plus optional supporting artifacts. The spec defines a clean progressive disclosure model. Roughly 100 tokens of metadata get loaded at startup so the model knows the skill exists. The full body — capped at 5,000 tokens — only loads when the model decides the skill is relevant. Referenced files load on demand.

Three loading tiers. Three context-budget moves. Good harness design when nobody is allowed to be lazy with the context window.

Skills also carry an allowed-tools field for skill-scoped tool gating. A "release notes" skill might be allowed to run git log and write Markdown, but not kubectl. A security primitive that lives in the harness, not the model.

Custom instructions are always on — your team's coding style, the framework you use. Skills are dynamically activated per task. Conflating them is what makes prompts bloated and agents confused.

Skills and MCP also fit together cleanly. The skill describes how to handle a task. MCP provides the capability to execute. The skill tells the model when and why to reach for the MCP tool — a handoff doing more work than it gets credit for.

The unsolved problem: behaviour

So the harness is winning. Right? Not quite.

Martin Fowler's article this week introduces a vocabulary I have already started borrowing in design reviews. He splits harness controls into guides (anticipatory: AGENTS.md, skills, scaffolding scripts) and sensors (observational: linters, type-checkers, AI review agents). And he splits both into computational — deterministic, fast, cheap — and inferential — semantic, slow, expensive.

He then groups what we are trying to regulate into three buckets: maintainability, architecture fitness, and behaviour. The first two are largely solved. Linters, formatters, ArchUnit, fitness functions — twenty years of accumulated tooling that translates cleanly into harness sensors.

Diagram: The unsolved problem: behaviour

Fowler's framework. Two of three buckets have twenty years of tooling. The third — does the code do the right thing for the user? — still needs a senior engineer in the loop.

Behaviour is the problem. Does the code do the right thing for the user? Fowler's honest answer is that we are nowhere close. Generated tests "put too much faith into AI-generated tests, that's not good enough yet."

The deeper problem is the one he names with rare bluntness: "A coding agent has none of this: no social accountability, no aesthetic disgust at a 300-line function, no intuition that 'we don't do it that way.'"

Sit with that. The implicit harness on a senior engineer is decades of taste, the discomfort of writing something you would be embarrassed to show in a review, the awareness that your name is on the commit. None of it is in SKILL.md. None of it shows up in a linter. The xhigh effort setting will not produce it either — the VSC-Bench chart suggests the opposite, that more thinking past a point produces worse judgment.

The behaviour harness is the open frontier. Every team I see succeeding with coding agents has a human in the loop doing the aesthetic-disgust work. The harness has not replaced that human. It has made the human's leverage 5–10x what it was.

What you should do next

A few things that fall out of the week's reading:

  • Stop debating model X vs. model Y in isolation. Pick the model your harness is best tuned for. If you cannot tune the harness, pick the harness, and the model will follow.
  • Measure the loop, not the response. If you ship anything agentic, you need a VSC-Bench equivalent. Containerized runs, fixed task set, end-to-end agent loop, gated by your PR pipeline. Even a tiny version beats nothing.
  • Treat context-budget as a first-class concern. Compression, summarization, progressive disclosure via skills. The 5,000-token cap on a SKILL.md body is not arbitrary — it is the spec saying "respect the budget."
  • Adopt the per-model tuning mindset. Even if you route to a single provider today, write your harness so per-model system prompts and tool sets are easy to swap in.
  • Be honest about the behaviour gap. Your agent will write code that looks fine and is subtly wrong in ways your linters cannot catch. Build review rituals that assume it.

The quietly radical line in the VS Code post is the one that does not announce itself. Different models get different system prompts, different tools, different reminders. Somebody, every week, is rewriting little pieces of the wrapper while the model APIs sit still.

That is where the work is now. The engine is somebody else's problem. The car is yours.