Skip to content

Tool Runtime vs Agent Harness

harrison-chase + sam-partee split agent architecture into two layers with different responsibilities:

  • Agent harness (Harrison): the scaffolding around the model — file system, planning tool, sub-agent spawning, memory, iteration loop. Examples: Claude Code, LangChain Deep Agents.
  • Tool runtime (Sam): the integration layer that holds credentials, scopes, and third-party service clients. Responsible for auth, authentication, authorization, multi-user. Example: arcade-ai.

"These two things actually have very different responsibilities and have an incredible responsibility in the foundation of a general agent."

Why separate them?

Tools inside the harness (like Claude Code's file read/write) are single-user and local. Tools outside the harness (Gmail, Salesforce, Jira) are multi-user and authenticated. If you mix them, you end up with a service token that either has too much privilege (no CISO signs it) or too little (agent can't do anything useful).

Why this matters

This is the missing architectural diagram in most 2026 agent startups. People talk about "MCP servers" as a monolith; Chase/Partee insist that local-STDIO MCP and remote-authenticated MCP are different layers with different failure modes. The separation is the prerequisite for enterprise deployment — connects to auth-for-ai-four-pillars.