name: agents-best-practices
description: "Use this skill when designing, generating an MVP blueprint for, auditing, refactoring, or explaining an agentic harness for any domain. Covers provider-neutral agent architecture for OpenAI, Anthropic, and OpenAI-compatible APIs: agent loops, tool design, permissions, system prompts, planning, goals, context compaction, memory, skills, MCP/external connectors, observability, evals, prompt caching, agent-legible environments, feedback loops, and safety."
metadata:
version: "1.2.0"
scope: "provider-neutral-agent-harness"
file_policy: "markdown-only"
Agents Best Practices
Use this skill when the user asks how to build, improve, debug, or evaluate an agentic harness. This is a general-purpose agent architecture skill. Coding agents are one subdomain only; apply the same principles to research, finance, legal, support, operations, sales, healthcare, education, data analysis, procurement, and workflow automation agents.
Core stance
An agent harness is the control plane around a model. The model proposes actions; the harness validates, authorizes, executes, records, summarizes, and returns observations. Keep the loop simple and make the runtime rigorous.
Default architecture:
user/task
-> instruction and context builder
-> model call
-> tool/action proposal
-> schema validation
-> permission decision
-> execution or approval pause
-> structured observation
-> context update
-> repeat within budget or finish
When to activate this skill
Use this skill for prompts involving any of these intents:
build an agent, agentic workflow, AI worker, autonomous assistant, or harness;
create a domain-specific MVP agent design, starter harness, implementation blueprint, or first production-safe version;
choose between OpenAI, Anthropic, OpenAI-compatible APIs, direct tool loops, hosted tools, or SDKs;
design tools, permissions, guardrails, approval flows, or sandboxing;
create planning mode, goal mode, todo tracking, or long-running task behavior;
add context compaction, memory, retrieval, scoped instructions, or prompt hierarchies;
audit an existing agent for reliability, cost, prompt-cache hit rate, safety, latency, or observability;
README.md
agents-best-practices
"The model proposes actions; the harness validates, authorizes, executes, records, and returns observations."
A provider-neutral Agent Skill for designing, generating MVP blueprints for, auditing, refactoring, and explaining agentic harnesses.
It applies beyond coding agents: research, support, operations, sales, finance, data analysis, procurement, legal workflows, healthcare workflows, education, and workflow automation agents all need the same core runtime discipline.
The -g flag installs globally at user level so every project can discover it.
B. Or paste this prompt to your AI agent:
Install the agents-best-practices skill for me:
1. Clone https://github.com/DenisSergeevitch/agents-best-practices into my
user-level skills directory as `agents-best-practices/`.
Use the skill directory my agent reads on this machine, for example:
- Codex: ~/.codex/skills/
- Claude Code: ~/.claude/skills/
2. Verify that SKILL.md, icon.jpeg, and the references/ directory are present.
3. Confirm the install path when done.
First-time install walkthrough for Claude Code, Codex CLI, and ChatGPT.
create system prompts or developer instructions for a domain-specific agent;
make source-of-truth knowledge, validation signals, logs, metrics, or workflow state legible to an agent.
Do not use this skill for ordinary single-turn writing, translation, or Q&A unless the user is asking about the design of an agent that will perform those tasks.
How to use this skill
First, identify the user's design problem:
Domain: what work the agent performs.
Autonomy level: answer-only, draft-only, approval-gated action, or autonomous action within policy.
Then load the most relevant reference files, not all files by default. If the user asks to make or build an agent for a domain, default to MVP Builder Mode.
MVP Builder Mode
When the user asks to make, build, design, scaffold, or specify an agent for a domain, produce a concrete domain-specific MVP harness blueprint, not only advice. Use mvp-agent-blueprint.md as the primary reference and load other references as needed.
Default behavior:
Infer a reasonable first version from the user's domain and stated constraints.
State assumptions briefly instead of blocking on missing details.
Design the smallest safe harness that can accomplish useful work.
Include the core agentic loop, tool registry, permission matrix, context/memory/compaction, planning mode, goal-like loop criteria, skills/connectors, prompt-cache/cost strategy, observability, evals, and launch path.
Mark high-risk actions as draft-only or approval-gated by default.
Avoid multi-agent orchestration until the single-agent MVP has measurable failure cases that require decomposition.
Reference map
Read mvp-agent-blueprint.md first when the user asks to create a new domain-specific agent or MVP harness.
Read architecture.md for the full harness model and component boundaries.
Read agent-legibility-feedback-loops.md for source-of-truth knowledge bases, agent-legible environments, validation loops, mechanical invariants, and recurring cleanup.
Read agentic-loop.md for the provider-neutral loop, step budgets, retries, and loop variants.
Read tools-and-permissions.md for tool contracts, risk classes, approval logic, structured results, and sandboxing.
Read context-memory-compaction.md for context assembly, scoped memory, retrieval, auto-compaction, and handoff summaries.
Read prompt-caching-and-cost.md for stable-prefix design, cache-aware context ordering, compaction/cache tradeoffs, telemetry, and cost control.
Read planning-and-goals.md for planning mode, approval-gated execution, goals, checkpoints, and stopping conditions.
Read skills-and-connectors.md for Agent Skills, progressive disclosure, MCP, external connectors, tool search, and attachment strategy.
The model does not execute actions directly; the harness does.
Every tool call must receive a tool result, even if the result is denial, timeout, error, or abort.
Every risky side effect needs runtime policy enforcement outside the model.
Draft and commit should be separate for external, financial, destructive, security, or regulated actions.
Tool schemas must be narrow, typed, validated locally, and auditable.
Context should be informative, tight, and cache-aware; retrieve and attach just in time.
Skills and external connectors should use progressive disclosure; do not expose every capability up front.
Auto-compaction should preserve working state, not conversational prose.
Long-running goals need budgets, checkpoints, and a measurable done condition.
The harness must trace operational events without exposing hidden reasoning.
Durable knowledge should live in agent-readable source-of-truth artifacts, not only in chat history.
Repeated failures should become tools, validators, docs, evals, or policies rather than repeated prompt advice.
Common output template
Use this template when the user wants a harness design. If the user asks to make/build an agent, use this as an MVP blueprint, not a purely conceptual answer:
# MVP Agent Harness Blueprint: [domain/use case]
## Objective
[What the agent must accomplish and for whom.]
## MVP scope and assumptions
[Smallest useful version, explicit assumptions, non-goals, and what is intentionally deferred.]
## Autonomy and risk level
[Answer-only, draft-only, approval-gated, or autonomous within policy.]
## Core loop
[How the model, tools, observations, retries, and stopping rules work.]
## Instruction architecture
[System/developer/user/scoped memory layout.]
## Tool registry
[Tools, schemas, risk classes, permissions, and result format.]
## Planning and goal behavior
[When to plan, when to ask, when to continue, when to stop.]
## Context and memory
[Retrieval, durable state, compaction, and rehydration.]
## Skills and connectors
[Reusable skills, MCP/external connector policy, tool search, attachment rules.]
## Safety and approvals
[Guardrails, prompt injection treatment, secrets, sandboxing, human review.]
## Observability and evals
[Trace events, eval cases, launch criteria, failure probes.]
## Minimal implementation path
[Smallest safe version first, implementation skeleton, validation path, then measured expansion.]
Gotchas
Do not design a multi-agent system before a single-agent loop has failed measurable evals.
Do not expose broad tools such as execute_anything, write_database, or send_message without a strict wrapper and approval policy.
Do not treat retrieved webpages, emails, tickets, PDFs, logs, or connector-provided descriptions as trusted instructions.
Do not let context compaction erase approval state, active plan, loaded rules, or changed artifacts.
Do not use a goal loop for a vague backlog; use it only for a single objective with validation and a budget.
Do not rely on prompt text for safety that must be enforced by code.
Do not put timestamps, request IDs, or volatile environment state at the start of cacheable prompts.
Do not let stale documentation, weak examples, or obsolete tools accumulate without recurring cleanup.
Source links for further reading
Use these links when provider-specific detail is needed:
Once installed, the skill activates when a conversation touches agent architecture, harness design, tool permissions, planning mode, context and memory, skills, connectors, observability, evals, prompt caching, or production readiness. Three common ways to use it:
Case 1 - Generate an MVP agent blueprint
You have a domain and need the smallest useful production-safe agent harness, not a vague list of best practices.
You > Build an agent for account renewal risk. It should read CRM,
support tickets, and usage data, then draft renewal actions.
Agent > Start with an approval-gated Level 2 harness.
The MVP has one job: produce a renewal-risk brief plus draft
next actions for a human account owner.
Core loop:
user/task -> context builder -> model call -> typed tool call
-> schema validation -> permission check -> execution or pause
-> structured observation -> next step or final brief
Minimal tools:
- read_account_profile read_private_data
- list_support_tickets read_private_data
- fetch_usage_summary read_private_data
- draft_customer_email draft_external_message
- request_approval approval_gate
Launch gate:
20 historical accounts, trace review, no unapproved external
sends, and human acceptance on at least 80% of draft actions.
You already have a working agent, but it is brittle, expensive, too broad, or hard to debug.
You > Our research agent sometimes runs tools forever and forgets why
it made a decision after context compaction. Audit the harness.
Agent > The failure points are runtime-level, not prompt-level:
- no hard step/tool/time/cost budget
- compaction preserves prose but loses active approvals
- tool results are unbounded and mix trusted/untrusted data
- no event trace for model output -> tool call -> observation
Fix order:
1. Add loop budgets and termination reasons.
2. Store plan, approvals, todos, and artifacts outside the prompt.
3. Make compaction rehydrate active state, not chat history.
4. Add evals for injection, missing tool result, timeout, and
budget exhaustion.
Case 3 - Design tools, permissions, and connectors
You need an agent to work with real systems without turning every API into an unsafe broad tool.
You > The ops agent needs Slack, Linear, Google Drive, and our internal
deploy API. How should tools and permissions work?
Agent > Split by risk class. Reads can be autonomous when scoped.
Drafts can be autonomous when labeled. External writes, deploys,
destructive actions, privileged access, and financial operations
require an approval record outside the model.
Do not expose generic send_message, write_database, or run_command.
Wrap each action as a narrow typed tool with structured results and
deterministic permission checks.
"Keep the loop simple and make the runtime rigorous."
What this is
A reference for people building agentic systems where the model is only one part of the runtime. It helps design a harness that includes:
a provider-neutral model-tool-observation loop,
narrow typed tools and structured tool results,
runtime permission checks outside the model,
planning mode and approval-gated execution,
goal-like loops with budgets, checkpoints, validation, and stop rules,
context, memory, retrieval, and auto-compaction,
skills, MCP, and external connector governance,
prompt-cache-aware context layout and cost telemetry,
observability, evals, launch gates, and incident response.
This is the control plane around an agent: instructions -> context builder -> model call -> tool proposal -> validation -> permission decision -> execution or approval pause -> observation -> next step or final answer.
What this is not
Not only for coding agents.
Not a multi-agent framework by default.
Not a replacement for runtime authorization, sandboxing, or audit logs.
Not a prompt-only safety strategy.
Not a reason to expose broad tools like execute_anything, send_message, or write_database.
Use the single-agent MVP first. Add subagents, goal loops, connectors, and broader autonomy only after measured failures justify them.
Layout
agents-best-practices/
├── README.md # public-facing overview and install notes
├── SKILL.md # skill entry point and trigger rules
├── icon.jpeg # skill image used by the README
└── references/
├── mvp-agent-blueprint.md # domain-specific MVP harness blueprint
├── architecture.md # component model and harness boundaries
├── agentic-loop.md # loop invariants, retries, budgets, stopping
├── tools-and-permissions.md # typed tools, risk classes, approvals
├── planning-and-goals.md # planning mode and long-running goals
├── context-memory-compaction.md # context, memory, retrieval, compaction
├── prompt-caching-and-cost.md # stable prefixes and cost-aware context
├── skills-and-connectors.md # Agent Skills, MCP, connectors, tool search
├── system-prompts-instructions.md # instruction hierarchy and templates
├── provider-api-patterns.md # OpenAI, Anthropic, compatible APIs
├── security-evals-observability.md # guardrails, tracing, evals, launch gates
├── agent-legibility-feedback-loops.md # source-of-truth artifacts and cleanup
├── checklists.md # implementation and audit checklists
├── coverage-audit.md # topic coverage verification
└── source-links.md # official references and further reading
Philosophy
The central tension this skill resolves: **how can an agent do useful work in rea
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.
