4AIVN
Back to News

What is an agent harness? The framework that helps AI work efficiently

Published on 1 June, 2026
What is an agent harness? The framework that helps AI work efficiently

Quick Summary

Agent harness is the software layer surrounding an AI model, handling all administrative and logistical tasks so the model can focus entirely on reasoning and problem-solving. Without a harness, AI agents have no long-term memory, lose progress when systems fail, and often declare tasks complete without verifying results. This article breaks down the four core components of a complete harness, its two operating phases, and three common architectural patterns ranging from simple to complex. Harness engineering, a term coined by Mitchell Hashimoto in 2026, treats every agent failure as a system problem to fix permanently rather than a prompt to retry. This mindset is what enabled OpenAI to ship 3.5 pull requests per engineer per day without writing a single line of code by hand.

Imagine having an AI assistant that is incredibly smart but forgets everything between sessions and cannot check the quality of its own work. To solve this problem, developers created a protective management layer around AI models called an agent harness. This is what enables AI agents to complete complex, multi-step tasks autonomously without requiring constant human intervention.

What is an agent harness?

Think of an AI model as a brilliant new employee with no long-term memory and zero familiarity with the workplace. They can solve complex problems in seconds but will just as easily forget what they were working on, or accidentally send a confidential document to the wrong client. In that scenario, an agent harness acts as the experienced manager sitting right beside them, keeping things on track.

Put simply, an agent harness is the software layer wrapping around an AI model that handles all administrative and logistical work so the model itself can focus entirely on reasoning and problem-solving. It connects the AI to external tools, maintains a complete record of work across sessions, and verifies results before considering a task done.

In practice, an agent harness handles the following:

  • Connecting the AI model to external tools such as web search, email, and calendars
  • Persisting progress across sessions so the AI never has to start from scratch
  • Filtering out irrelevant information and supplying only the data the AI actually needs at each step
  • Monitoring AI actions to prevent dangerous mistakes
  • Logging activity in detail so humans can audit what happened when needed

Why do AI agents fail at long-running tasks?

The biggest weakness in today's AI models is the complete absence of long-term memory. Every new conversation starts from zero with no recollection of anything that happened before. Imagine hiring an employee who wakes up every morning having forgotten every agreement, every deadline, and every piece of progress from the day before.

When Anthropic tested Claude building a complex web application without harness support, the results were consistently disappointing. Two failure modes kept appearing:

  • The AI tried to do everything at once, ran out of working memory midway through, and left the project unfinished. The next session wasted time trying to figure out what had already been done.
  • The AI declared the task complete without actually running the result to verify it worked.

Beyond those two core failures, long-horizon tasks expose three additional problems:

  • Context clog: Accumulated conversation history and tool outputs crowd out the original instructions, causing the AI to gradually lose focus on the actual goal
  • Tool misuse: The AI sometimes searches for information that does not exist or submits incorrect inputs to forms, and without anything to stop it, repeats the same error in a loop
  • Total progress loss on failure: Any network error or system crash wipes out whatever was stored in temporary memory, forcing a full restart

How does an agent harness work in practice?

An agent harness operates in two distinct phases to keep work flowing continuously without interruption.

Setup phase (runs once)

The harness prepares the full working environment before the AI begins: building a structured task list, initializing storage, and recording the starting point. Think of it as the manager drawing up a detailed project plan before handing anything off. This phase only needs to happen once.

Execution phase (repeats)

Each time the AI begins a new session, the harness automatically reloads all saved progress and assigns only the next relevant task. When the AI wants to take an action such as searching for information or sending a notification, the harness checks whether that request is valid, executes it safely, cleans the returned result, and passes it back to the AI. The model never touches external systems directly without going through this control layer first.

The four core components of an agent harness

For an AI to operate reliably over extended periods, a standard agent harness needs four essential components:

  • External tool gateway: Allows the AI to interact with the real world by reading documents, searching the web, or sending messages. The harness acts as an intermediary, validating every request before execution and ensuring returned results are clean and usable.
  • Layered memory management: Maintains three types of memory serving different needs: short-term working memory for the current session, a task log recording what has been completed and what remains, and a long-term knowledge store that accumulates across multiple projects over time.
  • Intelligent context filter: Summarizes long conversation histories down to key points and supplies only the data relevant to the current step rather than loading everything at once, keeping the AI focused on the right task at the right moment.
  • Safety checker and human approval gate: Automatically verifies results before marking a task as complete. For sensitive actions such as deleting important data or sending bulk emails, the harness pauses and waits for human confirmation before proceeding.

Harness engineering and the secret behind millions of lines of code

Harness engineering is the practice of treating every AI failure as a system problem to fix permanently rather than something to retry or ignore. As Mitchell Hashimoto put it: if the agent makes a mistake, redesign the environment so that mistake becomes physically impossible to repeat.

In practice, when OpenAI built large software projects with three engineers producing 3.5 pull requests each per day without typing a single line of code, they had set up automatic verification checks after every AI action. When the AI produced something incorrect, the system returned error messages written in a specific structure so the AI immediately understood what needed to change on the next attempt. Every error message became a learning signal, not just a warning.

A study presented at ICML 2025 further confirmed that the same AI model equipped with a harness consistently outperformed itself running without one, even with identical training weights and identical prompts. The environment surrounding the AI matters just as much as the model itself.

When do you actually need an agent harness?

For simple one-off tasks like summarizing a document or answering a specific question, calling an AI directly is perfectly fine. But the moment work extends beyond a single conversation, requires memory from a previous session, or involves multiple steps that need to happen in a specific order, a harness becomes necessary.

One thing worth reflecting on: the built-in web search in ChatGPT and Gemini is itself a form of harness. When AI automatically looks something up, there is infrastructure behind the scenes making the tool call, processing the result, and feeding clean information back into context. The harness is invisible to the user but indispensable to the system.

Agent harness is not a short-term technical trend. It is the answer to fundamental limitations that AI cannot resolve on its own: no long-term memory, finite working context, and a tendency to misuse external tools without guardrails. 4AIVN has also started applying harness to our own workflows — and what we have found is that it does not just help AI finish tasks. It turns AI into a system that learns from failure and gets more reliable over time.

Discussion (0)

Log in to join the discussion.

No comments yet. Be the first!

Related Articles

Hermes Agent and MCP: Automate Real Workflows

An AI agent may plan extremely well, yet it still cannot update Notion, read GitHub issues, or retrieve reports from Google Drive without the right connection. By combining Hermes Agent with MCP, users can turn a conversation into a practical workflow while clearly controlling which tools and permissions the agent may use. If you are not yet familiar with Hermes memory and its ability to create skills, our guide to what Hermes Agent is provides the necessary foundation. This article focuses on how MCP extends Hermes beyond the terminal so it can work with everyday data and services. What does MCP add to Hermes Agent? MCP is a connection standard between an AI application and a server that provides tools or data. It can be understood as an adapter layer: Hermes remains the agent responsible for understanding the goal and choosing the next step, while each MCP server contributes specific actions such as searching Notion, reading a pull request, creating an issue, or querying files. According to the Hermes Agent MCP documentation, Hermes supports local servers over stdio and remote servers over HTTP. At startup or after a configuration reload, Hermes discovers the tools exposed by each server and registers them in its normal tool system. Users therefore do not need to write a native Hermes tool for every service that already has a suitable MCP server. MCP does not automatically make a workflow safe. A server may expose tools that read, write, create, and delete data. Hermes supports filtering per server, allowing users to enable only the operations they need instead of exposing every capability to the model. How to connect MCP without granting excessive access The standard Hermes installation already includes MCP support. Users can open the picker with hermes mcp, view the catalog with hermes mcp catalog, and test a connection with hermes mcp test. Nous Research reviews entries before they enter the Hermes catalog, but its documentation still recommends reading the manifest, source repository, and installation commands before use. For a server outside the catalog, users can add an HTTP connection or a stdio command to config.yaml. After completing OAuth or configuring the required environment variables, reload MCP and ask Hermes to list the available tools. This simple check reveals servers that failed to connect or tools that were accidentally filtered out. Begin with read access The safest setup is to connect one server, enable read only tools, and test with nonsensitive data. Add create or update permissions only after results are stable. Deletion, sharing changes, and outbound publishing should require human approval. Notion initially needs only search and page reading access. GitHub can be limited to reading repositories, issues, and pull requests. Google Drive access should be limited by folder, account, and required OAuth scope. Three practical workflows with Notion, GitHub, and Google Drive Turn Notion into a knowledge center The official Notion MCP allows an agent to search, read, and update workspace content under the authenticated user's permissions. A useful workflow lets Hermes collect meeting notes, find relevant decisions, and prepare a summary on the project page. Hermes can create a draft first so a user can review it before updating status or assigning work. Notion MCP uses user based OAuth, so it does not fit every unattended process. For scheduled automation, verify how the server maintains authentication and avoid designing a workflow around operations that OAuth cannot support in a headless environment. Coordinate development work through GitHub The GitHub MCP Server is provided and maintained by GitHub, allowing AI tools to work with software development data according to account permissions. Hermes can read new issues, compare them with repository changes, and draft a progress report. It can then prepare issue text or release notes while waiting for an owner to approve the write operation. This workflow works best with clear criteria. For example, Hermes can summarize only pull requests merged during the previous seven days, group them by label, and connect each change to its related issue. A second MCP server can then send the result to Notion as a weekly report. Summarize files and reports from Google Drive With a compatible Google Workspace MCP server, Hermes can find Drive files, read permitted content, and feed data into a reporting process. For example, the agent can locate a sales report in a fixed folder, extract selected metrics, and create a summary for Notion or a GitHub issue. Google collects its official MCP projects in the Google MCP repository, including a path for Google Workspace integration. However, several community Drive servers have different maintenance histories. Check the source, update history, and OAuth scopes of the specific server instead of installing one based only on its name. Combine multiple MCP servers into a controlled workflow A complete workflow can begin in GitHub, use Drive as a data source, and finish in Notion. Hermes reads an issue labeled for reporting, finds the corresponding spreadsheet in Drive, produces a summary, and updates the project page. Each stage uses a different MCP tool group, while Hermes plans the sequence and passes results between stages. Do not enable parallel execution merely because a server supports it. Hermes documentation allows servers to declare parallel tool support but warns that operations reading and writing shared state can conflict. Independent read operations may run together, while Notion updates, issue creation, and file changes should remain sequential. Important: An MCP server is software that can run commands and receive credentials. Install only trusted servers, keep tokens out of prompts, filter dangerous tools, and require approval for deleting, sharing, or publishing data. How should you start the first workflow? Do not connect Notion, GitHub, and Google Drive on the same day and immediately assign a critical process. Choose one input, one output, and one completion criterion that is easy to verify. A first workflow could read closed GitHub issues and create a draft report in Notion without deletion or publishing permissions. After several stable runs, you can turn the procedure into a reusable Hermes skill and add a schedule. The real value of MCP is not the number of connected servers. It is the ability to complete a recurring workflow with a small permission surface, verifiable results, and a clear data path.

Nam
16 Jul, 2026
Comparing Hermes Agent, OpenClaw, and Claude Cowork

Hermes Agent, OpenClaw, and Claude Cowork are all called AI agents because they do more than answer questions. They can break an objective into multiple steps, call tools, read data, and produce a complete result. However, comparing these three products using only a feature table can easily lead to the wrong choice. Hermes Agent is designed as an agent that can learn how you work. OpenClaw is designed as a personal assistant that is always available through messaging channels, while Claude Cowork is intended for users who want to delegate office work in natural language within an environment managed by Anthropic. Therefore, the important question is not which tool is the most powerful, but how much you want to manage yourself and where you want the agent to appear in your daily workflow. Three products with different designs The differences among these three AI agent tools do not lie only in the model that performs the work. They also come from the framework surrounding the model, which manages tools, memory, access permissions, and the execution loop. This concept is explained in detail in our article What is an agent harness?, which helps explain why three products that are all called AI agents can behave so differently. Hermes Agent prioritizes a learning loop and execution environments The notable point about Hermes is that skills are not merely a list of skills that have already been installed. After completing a task, the agent can extract a useful process, save it, and improve it the next time. Our article What is Hermes Agent? explains this self learning mechanism separately. The accumulated value of this mechanism grows over time when users have recurring tasks such as analyzing projects, monitoring information sources, standardizing reports, or operating a chain of internal tools. Hermes also supports several types of sandboxes, including local execution, Docker, SSH, Singularity, and Modal. A sandbox is an isolated environment in which the agent executes commands and works with files. This flexibility lets users choose among speed, control, and isolation, but it also requires an understanding of infrastructure, access permissions, and secret management. OpenClaw uses the Gateway as its coordination center In OpenClaw, the Gateway is the control layer between the agent, devices, and communication channels. A message can become a request for the agent to read a calendar, process a file, call a service, or respond in the correct conversation. This approach feels natural for people who want to message an assistant from their phone without needing to remember where the server is running. OpenClaw is most suitable when the agent needs to react as soon as work appears, without requiring the user to open a computer or enter a separate application. Instead of waiting for you to start a work session, it remains available in the messaging channels you already use and begins processing as soon as a message arrives or a configured event is triggered. Claude Cowork provides a managed workspace Cowork reduces the amount of infrastructure that users must manage themselves. In the desktop application, users can grant access to a local folder and ask Claude to read, organize, or create files. With remote sessions, work takes place in an isolated environment on Anthropic servers, which suits long tasks that do not require a personal computer to remain active continuously. In return, the level of customization and control over the execution layer is not as broad as in a self hosted project. Cowork is better suited to people who want quick results within the Claude ecosystem and do not want to maintain a server or design a Gateway themselves. How the memory of the three tools works differently Memory in an agent should not be understood simply as storing every conversation. A useful system must know which information is worth retaining, which information matters only in the current session, and when old data should be retrieved. If it stores too little, the agent must ask the same questions repeatedly. If it stores too much, costs will certainly increase and sensitive data can easily be used in the wrong context. Hermes stands out by combining persistent memory with skills that can improve. Memory records preferences and context, while a skill records how to complete a type of task. These two layers make the agent feel as if it increasingly understands the user, but quality still depends on whether the user reviews what has been stored and removes processes that are no longer appropriate. OpenClaw runs across several channels at once, and that is also its most complicated aspect. Remembering conversation content is only one part of the problem. The harder issue is distinguishing who is speaking, which channel they are using, and which scope the work belongs to. A command sent in a company Slack group should not automatically pull in private context previously discussed on Telegram. If session configuration and identity policies should be established clearly from the beginning, even a strong model cannot rescue a system when everything remains ambiguous. Cowork limits context to each work session, reads only the files for which you grant access, and uses only the connections you allow. For people who are not accustomed to building systems, this approach is easier to control because the boundaries of each task are relatively clear. However, clear boundaries do not mean automatic understanding. You still need to explain what you want, what completion should look like, and where the data should come from. Cowork cannot infer your company context unless you actively provide it. Which type of work each tool automates best Hermes includes web tools, terminal access, MCP, scheduled runs, and subagents. MCP is a connection standard that helps an agent communicate with external data sources or applications through a consistent interface. By combining MCP with skills, users can turn an experiment into a repeatable process, such as collecting data each morning, analyzing changes, and sending a summary. OpenClaw is strong at workflows that begin with a message or an event. For example, a user can send an invoice to a private channel, after which the agent extracts the information and updates a storage system. Another example is receiving a service alert, gathering additional diagnostic data, and returning a summary directly to the operations group. Its value comes from reducing the gap between the moment a need appears and the moment the agent begins acting. Cowork suits structured office outputs. It can research a topic, synthesize data, create a document, and continue revising it according to feedback. Long running or scheduled tasks help Cowork move beyond short question and answer interactions. Even so, organizations need to inspect each connector and its access permissions before allowing the agent to work with real data stores. When deep integration with private infrastructure is required, Hermes and OpenClaw generally provide more room. When the priority is reducing the time from a request to a finished document, Cowork usually has an advantage. This is the difference between a platform intended for assembly and a product that has already been packaged. How secure are these three AI agents? There is no simple answer to the question of which one is safer because the security risks of each tool come from completely different areas. Hermes Agent: Self hosting does not automatically mean safety. The greatest risk comes from automatically generated skills because, in essence, they are pieces of code that the agent writes and then runs by itself. If they are not reviewed before scheduled execution, a skill with terminal access or permission to send data externally can do things without your knowledge. In addition, API keys and sensitive folders should not appear in prompts or be mounted directly into a sandbox when the skill does not actually need them. OpenClaw: The more channels you connect, the wider the attack surface becomes. The point most easily overlooked is sender authentication. If the Gateway trusts only a display name or a channel that has not been properly secured, a compromised messaging account may be enough for someone to issue commands to your agent. The list of people allowed to send commands and the permissions of each bot need to be reviewed whenever you add a new channel. Claude Cowork: The most concerning risk is prompt injection, which occurs when the agent reads a document or webpage containing hidden instructions intended to redirect it away from your original request. Anthropic provides safeguards and asks for confirmation before sensitive actions, but those measures do not replace your own review of the results or the need to avoid granting broader permissions than the task actually requires. Note: With any agent, do not grant permission to delete files, send external messages, or perform sensitive transactions. Start with read only mode, enable complete logging, and retain human approval for actions that require human judgment. Should you choose Hermes Agent, OpenClaw, or Claude Cowork? Every tool has its own strengths and weaknesses, so selecting the most suitable one depends on the user and the work that needs to be done. Choose Hermes Agent when you want the agent to understand how you work increasingly well Hermes suits developers, researchers, and technical teams that want an agent to learn their own processes and run on flexible infrastructure. It is particularly worth considering when tasks recur often enough for skills to create accumulated value. You need to be prepared to read logs, review skills, and manage execution environments. Best suited when: You want the agent to remember and improve work processes through repeated use. You can manage sandboxes, select models, and control access permissions yourself. Choose OpenClaw when work requires continuous communication through messages OpenClaw is suitable when the assistant needs to be present on Telegram, WhatsApp, Slack, Zalo, or similar channels. It is useful for alerts, rapid collection of requests, and automation that begins with a conversation. In return, you must manage identity, channel permissions, and Gateway stability. Best suited when: Requests usually arrive as messages or automated alerts. You need one coordination point for several different communication channels. Choose Claude Cowork when you need quick results without building a system Cowork suits content creators, analysts, and managers who need complete documents, spreadsheets, and slides without wanting to think about servers or Gateways. In return, you should understand the limits of your plan, where data travels, and which connections are enabled before introducing real work. Best suited when: You want to describe the required outcome in natural language and receive a complete output. You prioritize the convenience of a managed service over full control of the infrastructure.

Nam
14 Jul, 2026
YC CEO's 6 forcing questions before starting any project

I'd heard a lot about the gstack repo from the CEO of Y Combinator, so I got curious and installed it to try. What surprised me most wasn't the polished workflows — it was the genuinely different mindset behind them. That mindset shows up in the very first command: /office-hours, with six questions that don't ask about code at all, only the things most people haven't thought through before they start building. What is gstack and why did Garry Tan build it gstack is an open-source toolkit by Garry Tan, CEO of Y Combinator, built primarily for Claude Code. The core idea: instead of using AI as a plain code writer, Garry Tan wanted to turn Claude into a small AI agent team, where each member handles a different role — from product direction and security review to testing and release. The entire workflow runs in an ordered loop: Think → Plan → Build → Review → Test → Ship → Reflect. More specifically, gstack splits Claude Code into 23 specialized roles, and the output of each step is automatically passed to the next — no manual handoff needed. Some of the standout commands: /office-hours 6 questions that force you to rethink your feature before writing a single line of code /plan-ceo-review checks whether you're overbuilding or underbuilding relative to what's actually needed /review catches serious bugs that standard automated checks miss /qa opens a real browser, performs real interactions, finds real bugs /cso runs an automated security audit against international standards /ship syncs, tests, pushes code and opens a pull request in a single command How effective is gstack? Garry Tan says his working speed in 2026 is roughly 810 times faster than in 2013, measured by lines of completed code per day (11,417 vs 14). In 60 days, he shipped 3 production services and over 40 features — all while running Y Combinator full-time. Andrej Karpathy, co-founder of OpenAI, confirmed a similar trend, sharing that he hasn't typed a single line of code himself since December 2025 thanks to AI agents. But among all those commands, /office-hours stands out for the opposite reason from the rest, it doesn't help you work faster and it helps you avoid building the wrong thing from the start. Why Garry Tan puts /office-hours first Garry Tan placed /office-hours at the top of the workflow based on a simple observation: most products fail not because of poor code, but because they build the wrong thing. Teams spend weeks on a feature nobody needs, or build the right feature for the wrong audience, or solve a problem users already handle better another way. The command has two modes: Startup mode for founders and people building real products with real users, and Builder mode for side projects, hackathons, and open source. This article focuses on Startup mode, where the 6 questions are most directly applicable. 6 questions that stop you from building the wrong thing These aren't 6 questions to answer quickly and move on. They're designed to make you think honestly, because the more truthful your answers, the more accurately Claude can match what you actually need — saving you a significant amount of time later. You can read the full original prompts at office-hours/SKILL.md.tmpl. Demand reality: Is there a real need? Original question: "Who specifically has this problem? How are they solving it today?" Not "users in general" or "the marketing team" — the goal is to name one real person, ideally by name, who is actively struggling with a specific problem. If you can't name someone like that, you don't yet understand what they actually need. Concrete example: Instead of "users want better task management," it should be: "Minh, a project manager at a 20-person company, copy-pastes between Notion and Google Sheets every Monday morning because the two tools don't sync." Apply this to your own situation accordingly. Status quo: What are they using instead? Original question: "What is their current workaround? How much better do you need to be for them to switch?" Everyone is already solving their problem somehow — whether with Excel, sticky notes, or a WhatsApp group. If their current solution is good enough, they have no reason to migrate their data and learn an entirely new platform. Your solution needs to be meaningfully better before they'll even consider switching. Desperate specificity: Who needs this badly enough? Original question: "Who needs a solution badly enough to use your ugly beta version today?" This is the question that separates nice-to-have from must-have. If you can't find anyone willing to use an incomplete, rough, buggy version right now, the problem you're solving isn't urgent enough. Real early users are people who need a solution badly enough to tolerate an unpolished product — as long as it's moving in the right direction. Narrowest wedge: What is the smallest possible piece? Original question: "What is the smallest thing you could launch tomorrow? Not the full vision — the smallest piece." Not the first full-featured version — something even smaller than that. This question typically cuts 80% of the scope people add because they think "might as well do it while I'm here." It's a trap many builders fall into, including myself. Launch the smallest meaningful piece first, listen to real users, then decide whether to expand. Common mistake: Many people confuse "smallest piece" with "first full-featured version." The narrowest wedge truly means one small thing that solves one specific problem for one specific group of users — nothing more. Observation and surprise: Have you watched real people use it? Original question: "Have you watched real people use your product? Did they use it in ways you didn't expect?" This question is best saved for the second iteration onward, once you have something to test. Rather than asking for feedback through messages or surveys, sit and watch directly — or review screen recordings. The most valuable insights usually don't come from what users say, but from what they do that you didn't design for, or what they skip that you thought was important. Note: If you're in your first iteration and don't have a product yet, you can skip this question and come back after launching the smallest piece in step 4. Future-fit: The 2 to 3 year view Original question: "In 2-3 years, will what you're building still be relevant — or is the trend moving against you?" This isn't about predicting the future precisely. It's about avoiding building something that's already fading. If the trend is making your problem less urgent over the next two years, that's a clear signal to reconsider from the start. That said, if your goal is to move fast and capture the market before big tech ships something similar, this question can reasonably be set aside. A real example: a simple idea completely flipped In the gstack documentation, Garry Tan walks through a practical example. You open /office-hours and say: "I want to build an app that summarizes my daily work calendar." Claude doesn't agree and start executing. Instead, it pushes back: what you just described isn't a calendar summary app — it's actually a full personal AI chief of staff. These are entirely different in scope, technical complexity, and user expectations. From that single opening description, /office-hours helps you see: 5 features you were describing without realizing it 4 assumptions that need to be validated before building 3 different implementation directions with varying levels of complexity 1 recommendation: launch the smallest piece first, treat the rest as a long-term roadmap All of this happens before you write a single line of code. The output is saved as a document that subsequent steps in the workflow automatically pick up and continue from. These 6 questions work even without gstack The 6 questions from /office-hours don't require Claude Code or a gstack installation. They're a way of thinking — the same framework YC partners use to evaluate startups — and you can apply them right now with any AI tool you already have. The difference when using them through gstack is that Claude won't let you give vague answers. It pushes for specifics and won't move forward until your response is grounded enough to be useful. That's why /office-hours tends to be the most uncomfortable command in the entire toolkit — not because it's difficult to use, but because it asks exactly what you've been avoiding. Try it today: Before starting your next project, paste these 6 questions into Claude, Gemini, or ChatGPT along with your idea. Ask it to go through each question one at a time and not let you skip any. The results are often more surprising than you'd expect — even for ideas you've already thought through carefully. gstack currently has over 117k stars on GitHub and is still growing. For me, the most valuable part isn't the technical commands like /review or /ship — it's /office-hours, because it's the only command in the entire toolkit that forces you to stop and think before doing anything else.

Nam
27 Jun, 2026
How to combine Codex and Claude Code with one plugin

Is anyone else using Codex and Claude Code side by side? I only recently discovered the Codex plugin for Claude Code, published by OpenAI itself. The useful part is not simply having another AI available. It is being able to call Codex from the current Claude Code session for a code review, an adversarial design challenge, or a separate delegated task without constantly switching tabs and sessions. What makes the Codex plugin for Claude Code useful? The openai/codex-plugin-cc plugin is intended for developers who already work in Claude Code and want to add Codex to that workflow. Instead of allowing both agents to edit the same file at the same time, you can assign clear roles: Claude Code implements and Codex reviews, or Claude Code keeps the main thread while Codex investigates an independent problem in the background. The official plugin provides review commands such as /codex:review and /codex:adversarial-review, delegation through /codex:rescue, and job or session management through /codex:transfer, /codex:status, /codex:result, and /codex:cancel. Codex therefore becomes a collaborator inside the Claude Code workflow rather than a separate window. It does not create a separate Codex runtime The plugin uses the Codex CLI and Codex app server installed on the same machine. It also reuses the local authentication state, current repository checkout, and existing config.toml settings. Integration is straightforward, but each request still contributes to the user's Codex usage limits. Requirements before installation You need Node.js 18.18 or later and either a ChatGPT subscription, including Free, or an OpenAI API key. If Codex CLI is missing, /codex:setup can offer installation guidance. You can also install it manually with npm install -g @openai/codex and sign in with !codex login. How to install the Codex plugin in Claude Code Run these commands in Claude Code: /plugin marketplace add openai/codex-plugin-cc /plugin install codex@openai-codex /reload-plugins /codex:setup The last command checks whether Codex is installed and authenticated. Once setup is complete, the Codex slash commands should appear in Claude Code, along with the codex:codex-rescue agent under /agents. Try a background review first A low-risk first run is /codex:review --background. Use /codex:status to monitor it and /codex:result to retrieve the final review. Multi-file reviews can take time, so background mode keeps Claude Code available for other work. Three effective Codex and Claude Code workflows The value of the plugin comes from role design. If both agents modify the same area without boundaries, the result may be conflicting edits, repeated analysis, and wasted context. The following workflows make ownership clearer. Let Claude implement and Codex review After Claude Code completes a feature, run /codex:review for a read-only review. It can inspect current uncommitted changes or compare the branch against a base with /codex:review --base main. Because Codex does not edit files in this mode, the developer keeps control of what is accepted. For example, after Claude adds a payment flow across several modules, Codex can inspect logic errors, edge cases, and cross-file side effects. Claude Code can then evaluate the findings and apply only the changes that make sense. Delegate an entire task to Codex Use /codex:rescue for a problem that can be isolated, such as /codex:rescue --background investigate why the integration test is flaky. Claude Code can continue working on the interface or documentation while Codex investigates in the background. Rescue supports --background, --wait, --resume, and --fresh. Define the expected output and file scope before delegating. A vague instruction to fix everything while Claude Code is also editing the repository can still create collisions. A good task has a specific goal, completion criteria, and a clearly owned part of the codebase. Use adversarial review to challenge the project direction /codex:adversarial-review is designed to question implementation and design decisions rather than merely find bugs. For example, /codex:adversarial-review --base main challenge the caching and retry design asks Codex to inspect assumptions, trade-offs, alternatives, and risks such as data loss, race conditions, rollback, or reliability. This is where the two agents may appear to argue, but the debate only helps when a human sets a narrow question, requests evidence, and defines a decision rule. Otherwise, the review can become a chain of opinions with no practical outcome. Transfer sessions and manage background jobs /codex:transfer creates a persistent Codex thread from the current Claude Code session and prints a codex resume <session-id> command. It is useful when a discussion has grown beyond a short review and you want to continue directly in the Codex App or TUI without manually rewriting the context. Monitor, retrieve, and cancel work For background tasks, /codex:status shows progress, /codex:result returns the stored output and session ID, and /codex:cancel stops an active job. These commands prevent multi-agent work from becoming a black box. When a task drifts from its goal, canceling early is usually cheaper than waiting and starting over. Watch for review loops and usage limits Important: OpenAI explicitly warns that the optional review gate can create a long-running Claude/Codex loop and drain usage limits quickly. When enabled with /codex:setup --enable-review-gate, the plugin uses a Stop hook, which is an automated trigger that runs when Claude is about to finish its response, to start a targeted Codex review. If it finds an issue, Claude's response is blocked so Claude can address it first. This can be valuable before shipping, but it should not be left unattended. A practical safety checklist Assign roles before running: one agent implements while the other reviews, or each owns a separate task. Limit the scope by naming the branch, files, risk area, and completion criteria. Use background mode for large reviews and check progress periodically. Enable the review gate only while actively monitoring it, then disable it with /codex:setup --disable-review-gate. Do not let Claude review all Codex output and then ask Codex to review every Claude revision without a clear stopping rule. Use /codex:cancel when a task moves in the wrong direction. How can Codex and Claude Code work well together? The official OpenAI plugin offers a cleaner alternative to keeping Codex and Claude Code open in separate tabs or letting both agents edit the same file. Claude Code can remain the coordinator while Codex reviews, challenges a design, or owns a separate task. A sensible starting point is one small /codex:review --background run, followed by status, result, and cancel. Try rescue, transfer, and the review gate only after the basic workflow is familiar. The two systems can complement each other well, provided a person still sets the boundaries, budget, and stopping point.

Nam
14 Jul, 2026