Skip to content

Blog

Operator-grade essays on harness engineering, context packs, replay, evaluators, and running agents in production.

Get new posts by email

ContextOS essays, field notes, and implementation guides.

RSS remains available for feed readers.

Start with the path that matches your job

The best ContextOS essays are built as field guides: pick the role path, then go deeper through the series.

Open start guide

Start here

If you have read nothing yet, read these in order.

AI literacy series

Mental models for business leaders, domain experts, and operators learning how to think about real agentic systems.

AI Tokenomics: From Cost per Token to Cost per Trusted Outcome illustration
May 26, 2026·16 min

AI Tokenomics: From Cost per Token to Cost per Trusted Outcome

AI tokenomics connects cost per token, agentic cost multipliers, routing, evals, governance, and cost per trusted outcome.

The Autonomy Budget: How Enterprises Should Decide What AI Agents Are Allowed to Do illustration
May 23, 2026·12 min

The Autonomy Budget: How Enterprises Should Decide What AI Agents Are Allowed to Do

A practical governance model for granting AI agents bounded authority based on risk, evidence, policy confidence, evals, and approval.

AI Agents for Business Leaders: Build the Airport, Not Just the Plane illustration
May 13, 2026·20 min

AI Agents for Business Leaders: Build the Airport, Not Just the Plane

A practical executive playbook for agentic AI: define the work, evidence, authority, scorecards, approvals, security, observability, and improvement loop.

May 13, 2026·4 min

Before Your Team Asks for an AI Agent, Map the Real Work

A practical guide for business teams mapping real work before building agents: actors, evidence, tools, decisions, risks, exceptions, and feedback loops.

May 13, 2026·4 min

Trusting AI at Work: Approvals, Boundaries, and Receipts

A plain-English guide to agent trust: what AI can read, draft, send, change, approve, and how receipts make decisions accountable.

May 13, 2026·4 min

How to Judge AI Work: Scorecards, Not Vibes

A practical guide for business teams evaluating AI agents with scorecards, examples, traces, human corrections, and launch gates instead of demos and vibes.

May 13, 2026·8 min

AI Does Not Launch Once: Feedback Loops After Go-Live

A plain-English guide to operating agents after launch: corrections, recurring failures, proposal queues, rollout, rollback, and review.

Product management series

How product managers shape real agentic systems with intents, authority, scorecards, rollout gates, and improvement loops.

Agent engineering series

How strong AI engineers build agents with datasets, scorecards, traces, and harness improvement loops.

Agent security engineering series

Threat-model, contain, authorize, and red-team tool-using agents with deterministic controls around the model.

July 12, 2026·9 min

Threat-Model an AI Agent: Sources, Sinks, Authority, and Blast Radius

A practical AI agent threat-modeling method that maps untrusted sources to dangerous sinks, then constrains identity, authority, data, and blast radius at deterministic runtime boundaries.

February 21, 2026·9 min

Prompt Injection Is a Boundary Problem, Not a Prompt Problem

Why "smarter prompts" don't defend against indirect prompt injection, and what changes when authority lives outside the model's view.

Agent Identity Is the New Trust Boundary illustration
May 17, 2026·13 min

Agent Identity Is the New Trust Boundary

A practical model for separating agent identity, workload proof, user delegation, scoped authority, and audit across MCP and A2A.

July 12, 2026·8 min

Secure the MCP and Tool Supply Chain: Trust Must Be Continuous

How to secure MCP servers, remote tools, connectors, skills, and their outputs with admission controls, audience-bound authorization, least privilege, runtime containment, and revocation.

May 5, 2026·5 min

Build the Tool Gateway: The Boundary That Actually Stops a Bad Action

A build-along for the Tool Gateway: adapter manifests, typed envelopes, resolver checks, dispatch, and destructive-action boundaries.

May 6, 2026·5 min

Approval Gates in Code: The Destructive-Mode Handshake

A build-along for approval gates: frozen evidence, human signatures, gateway redemption, and replayable destructive-action handshakes.

July 12, 2026·9 min

Red-Team Agent Hijacking: Build a Security Eval Gate for Repeat Attacks

A practical agent-hijacking evaluation harness: scenario design, adaptive and repeated attempts, path-aware metrics, deterministic release gates, and production replay.

Architecture & foundations

The five planes, why prompts alone do not scale, what context engineering means.

The State of AI Agents in 2026: Standards Converged, Models Improved, Production Moved to the Harness illustration
June 21, 2026·13 min

The State of AI Agents in 2026: Standards Converged, Models Improved, Production Moved to the Harness

A mid-2026 review of agentic AI: MCP, A2A and AP2 converged as standards and models got more reliable — yet the bottleneck moved to the governed agent harness.

SecondBrain: A Local-First Agent Operating System You Can Run, Inspect, and Trust illustration
June 26, 2026·8 min

SecondBrain: A Local-First Agent Operating System You Can Run, Inspect, and Trust

SecondBrain is an open-source, local-first agent OS: cognition, memory, governed tools, durable sessions, workflows, and bounded self-improvement in one inspectable runtime you run on your own machine. Here is how it works and how to run it.

Agent Harness: An Architectural Framework for Production AI Agents illustration
May 19, 2026·33 min

Agent Harness: An Architectural Framework for Production AI Agents

A whitepaper on typed contracts, policy gates, traces, verification loops, and release control for production AI agents.

Antahkarana Stack: A Cognitive Layer for Local-First Agents illustration
May 20, 2026·17 min

Antahkarana Stack: A Cognitive Layer for Local-First Agents

A builder-facing explanation of Antahkarana as an engineering layer inspired by the inner faculties of Manas, Buddhi, Chitta, and Ahamkara.

April 29, 2026·10 min

The Five Planes of Agentic Operating Systems

A working decomposition for production agent systems: Intelligence, Context, Decision, Action, and Trust.

ContextOS: A Research-Grounded Architecture for Governed Agent Runtimes illustration
May 16, 2026·28 min

ContextOS: A Research-Grounded Architecture for Governed Agent Runtimes

A research-grounded framing of ContextOS as a governed runtime for context, tools, memory, security, evaluation, replay, and optimization.

March 2, 2026·14 min

Beyond Prompts: The Architecture of Trust for Agentic AI

Building a governed decision runtime across Intelligence, Context, Decision, Action, and Trust — with evaluator scoring, approval tiers, and replay-bound audit.

February 4, 2026·8 min

Context Engineering in Production

Why most agent failures are not model failures — they are context failures — and what changes when context becomes a versioned, testable, replayable contract.

March 26, 2026·8 min

Context Packs in Practice: From Spec to Run

A practical walkthrough of Context Packs: buckets, policy bundles, evaluation gates, lifecycle, and the compile pipeline.

Building the runtime

Compile, gateway, Critic, evaluators, failure handling — the per-request pipeline.

Trust, audit, governance

Replay, approval modes, approval-gate handshakes, and the security boundary.

Memory & evidence

How agents remember, what gets promoted, how knowledge is grounded.

Enterprise use cases

Concrete agentic workflows for incident response, financial crime, regulated operations, data stewardship, and software delivery.

Reviewers & improvement

Reviewer agents, rollouts, operator corrections becoming versioned StrategyRules.