Long Running Agent Engineering
What does it take for an agent to keep working after you leave? Not "answer a long question." Not "use a big context window." I mean actually keep working. Hours. Days. Maybe weeks. Wake up in a fresh session, understand what happened before, choose the next useful thing, make progress, verify it, leave the workspace cleaner than it found it, and do it again. For the last few years we have mostly talked about agents as if the hard thing was autonomy inside one conversation. Give the model tools. Put it in a loop. Let it call bash, edit files, search the web, open a browser, run tests. That loop is real, and it is already enough to change how software gets built. But long running agents expose a different problem. The agent loop is not the product. The harness is. The model does not naturally persist across turns, context windows, sandboxes, process crashes, or days of work. A fresh session is born with amnesia. It has no idea what the last session tried, which tests failed, which files were half edited, which plan is stale, which shortcut was tempting but wrong, or whether the thing it is about to mark done was already marked done three runs ago and later discovered broken. That is the real long running agent problem: handoff across amnesia. The answer emerging across Anthropic, Cursor, OpenAI, Claude Code, Addy Osmani's survey of long running agents , and the Ralph Wiggum community is surprisingly consistent. It is not one magical always awake model. It is not stuffing the whole history into a bigger window. It is a harness that externalizes state into the workspace, restarts agents with fresh context, uses machine verifiable checks as backpressure, and assigns completion judgment to something other than the worker that wants to be done. Here is the punchline up front: Long running agents are not long conversations. They are recoverable workflows. The model is one worker inside that workflow. The durable artifacts are the real continuity layer. It also helps to separate three ideas people collapse into one phrase: long horizon reasoning, long running execution, and persistent agency. A model can reason through a deep task without running for days. A process can run for days without remembering anything useful. An agent can remember the user without owning one large task. Production systems blur the three, but the engineering problems are different. Here's what I'll cover: The naive version of a long running agent is a single agent in a single conversation with a very large context window. This works for small tasks. It fails exactly where long running agents are supposed to matter. The failure is not just that the context window fills. A 200K or 1M token window still becomes a junk drawer if you keep pushing tool outputs, diffs, plans, screenshots, stack traces, and half obsolete reasoning into it. The model does not get a clean working memory. It gets an archaeological site. Anthropic's effective harnesses post frames this cleanly: complex tasks span multiple context windows, but each new agent session begins with no memory unless the environment itself tells the story. They describe two predictable failures. First, the agent tries to one shot too much, runs out of context, and leaves a half implemented mess. Second, a later session looks around, sees progress, and decides the whole project is done. That second failure is the one I keep seeing. The agent is not lazy. It is locally rational. It sees a repo with code, some tests, maybe a UI that loads, maybe a checklist with many items checked. In the absence of a crisp external completion contract, "looks basically done" becomes an attractive stopping point. Long running work makes this worse because every session inherits ambiguity from the previous one. Compaction helps, but compaction is not continuity. A summary can preserve some facts, but it cannot replace a workspace that is structured for recovery. This is the same lesson as agent memory engineering, just at task scale. Memory that lives only in the context window dies when the window dies. Work that lives only in the agent's chain of thought dies when the session dies. If you want continuity, put it somewhere the next worker can read. The architecture that keeps recurring looks like this: There are variations, but the spine is stable. Anthropic uses an initializer agent plus repeated coding agents. The initializer creates the environment future agents need: an , a progress file, a feature list, and a first git commit. Subsequent agents read the state, pick one not yet passing feature, implement it, test it end to end, update the progress log, and commit. The community Ralph Wiggum pattern is the minimal version: The important thing is not the loop. The important thing is what the loop forces. Every iteration starts with fresh context. Every iteration rehydrates from disk. Every iteration must leave disk in a state the next iteration can understand. Blake Crosley's Ralph Loop writeup describes the same pattern through stop hooks: intercept exit attempts, persist state to the filesystem, and restart with a fresh context window until machine verifiable completion criteria are met. Geoffrey Huntley's community guide reduces it to a beautiful primitive: a shell loop feeding a prompt file to the agent, with the implementation plan on disk acting as shared state between otherwise isolated runs. That is the thing people keep underestimating. The loop can be dumb if the workspace is smart. No blackboard server. No bespoke orchestration database. No vector store. No "agent society" with vibes based coordination. Markdown files, git, tests, and a process supervisor. Annoyingly simple. Annoyingly effective. The Ralph loop works because it replaces one degrading conversation with many clean attempts. The agent is not continuous. The workspace is. This flips the unit of autonomy. You stop asking, "Can this one conversation survive for ten hours?" You ask, "Can each session leave enough evidence that the next session can continue without asking me?" That means the agent's job is not only to build. It has to maintain the run state. A good Ralph prompt usually contains four contracts: This is not glamorous. It is project management for an amnesiac coworker. The loop also gives you a natural escape hatch. If the agent goes off track, you edit the plan. If the prompt is too loose, you add a guardrail. If the tests are weak, you strengthen the oracle. If the agent keeps duplicating work, you make completed work more visible. If it keeps touching unrelated files, you narrow the write scope. The prompts you start with are never the prompts you end with. Long running harnesses are tuned by watching failure patterns. That is why Ralph is more than a meme. It is the first pattern that made the correct abstraction obvious: the human sits outside the loop and engineers the environment, not inside the loop approving every step. The roles keep converging: Sometimes these are separate prompts. Sometimes separate models. Sometimes separate processes. Sometimes the judge is a test suite. Sometimes it is a small evaluator model. But the roles are conceptually different, and mixing them is where harnesses get mushy. The initializer is the first agent that touches the task. Its job is not to implement the product. Its job is to make implementation possible across many future sessions. Anthropic's initializer writes a comprehensive feature list. In their clone example, the feature list expanded the user's high level prompt into hundreds of end to end feature requirements, all initially marked failing. This prevents the later worker from inventing a tiny definition of done. A good initializer creates: The initializer is where you spend tokens to save tokens later. Every future worker starts faster because the workspace already has a map. The worker should not be asked to "finish the project." That is how you get giant diffs, brittle code, and fake completion. The worker should be asked to make one bounded unit of progress. The stop matters. A worker that never stops slowly turns into the bad single session architecture. Fresh starts are not overhead. Fresh starts are the mechanism that keeps drift from compounding. The worker should not be the final judge of completion. Workers want to be done. Not emotionally, obviously, but statistically. The completion token is attractive. The model has a strong prior toward wrapping up once the output looks coherent. On long horizon tasks this creates false positives. Claude Code's productizes this separation. You give Claude a completion condition. After each turn, a separate evaluator model checks whether the condition has been met. If the answer is no, the evaluator's reason becomes guidance for the next turn. The worker model is not the only judge of its own success. That one design detail is huge. OpenAI's harness engineering post describes a similar review loop: Codex writes code, reviews its own changes, requests additional agent reviews locally and in the cloud, responds to feedback, and iterates until reviewers are satisfied. They explicitly call this a Ralph Wiggum loop. The pattern generalizes: The judge does not have to be smarter than the worker. It just has to be fresh, narrower, and less invested in the worker's local narrative. Long running agents need durable state, but not all state is the same. If this state lives only in the transcript, the next session has to reconstruct it. If it lives on disk, the next session can read it. Anthropic's scientific computing post is the cleanest non web app example. Claude worked over multiple days on a differentiable cosmological Boltzmann solver and reached sub percent agreement with the reference CLASS implementation. The interesting part is not that the model wrote numerical code. The interesting part is the harness discipline around it: reference implementation, test oracles, persistent notes, git history, and quantifiable progress. Scientific computing makes the verification problem unusually crisp. You can compare your solver to CLASS or CAMB. You can plot error over time. You can watch the agent get closer to a reference implementation. That gives the run a real gradient. Most coding tasks have weaker oracles, so you have to build them. Long running agents magnify weak specs. A human can carry fuzzy intent across a week because humans have common sense, memory, and the ability to ask clarifying questions. An unattended agent will happily optimize the wrong proxy for hours. The more autonomy you grant, the more literal the state layer has to become. A long running agent without verification is just a text generator with file permissions. Verification is what turns motion into progress. This is why end to end tests matter so much. Anthropic observed that Claude would often mark features complete after shallow checks. Once explicitly prompted to use browser automation and test as a human user would, performance improved. That matches my experience. Unit tests are useful, but they are often too close to the implementation. Browser tests force the agent to confront the product surface. The right verification depends on the domain: The best verification is machine checkable and hard to game. The worst verification is asking the same model, in the same context, "are you sure?" That does not mean model judges are useless. They are useful when they judge surfaced evidence against a narrow condition. Claude Code's docs are careful about this: the evaluator does not run commands or read files independently. It judges what Claude has surfaced in the conversation. So the completion condition has to include how the worker should prove it. The judge cannot save you from a vague goal. It can enforce a crisp one. Single worker loops are enough for many tasks. But the moment you want to run hundreds of agents on one codebase for weeks, coordination becomes the whole game. Cursor's scaling agents post is useful because it talks about what failed. Their first approach let agents coordinate as peers through a shared file. Agents would check what others were doing, claim a task, update status, and use locks to prevent duplicate claims. This sounds reasonable. It is also exactly the kind of distributed system that gets weird fast. The problem is not that agents cannot coordinate. The problem is that peer to peer coordination asks every worker to think about the global project while also doing local implementation. That is too much. Cursor moved toward a planner worker judge hierarchy: This is the same role separation again, just scaled out. Workers should not coordinate with other workers if you can avoid it. They should receive a task with a bounded write scope, complete it, and report back. The planner should own the global dependency graph. The judge should decide whether the current state is good enough to continue, merge, or stop. This has a strong human engineering analogue. You do not ask every engineer on a large project to constantly negotiate the whole roadmap with every other engineer. You create ownership boundaries. You run reviews. You integrate. You keep the shared state legible. The hard part is choosing the grain size. Cursor's product follow up, Expanding our long running agents research preview , says long running agents produced substantially larger PRs while keeping merge rates comparable to other agents. That is the product significance. The harness lets agents take on work that previously exceeded the practical size of a single agent session. But "larger PRs with comparable merge rates" is not magic model dust. It is the result of better state, better delegation, better judges, and better recovery. Long running agents need a computer. That computer should be disposable. An agent that can run commands, install packages, edit files, open browsers, and call APIs is powerful enough to be useful and powerful enough to be dangerous. If you run it on your laptop with all your cookies, SSH keys, cloud credentials, and private files, the blast radius is ugly. The long running version makes this worse. A five minute agent can do damage. A five day agent can do creative damage. So the production architecture increasingly separates durable harness state from disposable compute. OpenAI's Agents SDK update points in this direction: model native harnesses, sandbox execution, filesystem tools, memory, manifests, and state rehydration. The key idea is that the agent gets a controlled workspace with the files, tools, and dependencies it needs, while credentials and durable orchestration live outside the sandbox. If the sandbox dies, the run should not die. The harness should rehydrate a fresh sandbox from the last checkpoint, mount the workspace, hand the worker the current state, and continue. This is the same principle again: state must outlive the worker. Sandboxing also changes how you think about tools. In a local interactive agent, giving bash broad access is convenient. In a long running cloud agent, every tool is a capability grant. Network, filesystem, credentials, browser profile, package installation, deploy keys, issue tracker access, email access. Each one needs scope. The Ralph community guide makes this point bluntly: assume the agent environment will be popped at some point, then ask what the blast radius is. That is the right mental model. The best long running harnesses will feel boring operationally: Boring is good. Boring means the agent can be weird without the system becoming weird. There are two product directions converging. The first is the practitioner loop: prompt files, plans, hooks, shell scripts, git commits. This is how power users run agents overnight today. It is messy, flexible, and close to the metal. The second is the productized loop: , cloud agents, background tasks, research previews, SDK harnesses, managed sandboxes. This turns the same patterns into a UX that normal teams can use. The underlying mechanics are more similar than they look. Claude Code's is basically a session scoped Ralph loop with a model judge. Cursor's long running agents are a cloud product built from planner worker judge orchestration. OpenAI's Agents SDK is standardizing the sandbox and filesystem substrate. Anthropic's harness posts are turning the workflow into repeatable environment design. The abstraction is moving up the stack. In 2024, you wrote your own while loop. In 2025, you wrote prompt files and hooks. In 2026, the loop is becoming a product primitive. But the product primitive still has to answer the same questions: The UI can hide the loop. It cannot remove the harness. Long running agents fail differently from short running agents. Short running agents fail by making a bad tool call, hallucinating an answer, editing the wrong file, or stopping too soon. Long running agents fail by accumulating drift. Each failure suggests a harness feature. This is why long running agent engineering looks less like prompt hacking and more like operating a tiny software organization. You need task intake, planning, execution, QA, review, release, rollback, observability, and security. The agent is the worker. The harness is the company. Here are the questions every long running agent system has to answer. My current bias: Fresh sessions beat giant sessions. A fresh context window that reads good state from disk is better than a stale context window carrying ten hours of tool output. Restarting is not giving up. Restarting is garbage collection. The workspace is the memory bus. Plans, progress logs, feature lists, tests, screenshots, git commits, and benchmark outputs are not side effects. They are the continuity layer. If the next worker cannot understand the run from disk, the harness is broken. Judges should be separate from workers. The worker can propose done. Something else should decide done. Ideally tests. Sometimes a model evaluator. Often both. The judge should inspect evidence, not vibes. External verification matters more than longer reasoning. A mediocre plan with a strong oracle will often beat an elegant plan with no backpressure. The agent needs reality to push back. Keep worker scope small. A long running system does not require each worker to do a long task. It requires the whole system to sustain progress across many bounded tasks. Make state disposable and regenerable. Plans rot. Progress logs bloat. Specs change. A good harness can regenerate the plan from the current repo and goal. Treat planning artifacts as useful scaffolding, not sacred truth. Sandbox by default. Long running agents should assume hostile inputs, accidental exfiltration, bad generated code, and runaway loops. Least privilege is not paranoia. It is table stakes. The human's job moves up a level. You stop micromanaging tool calls and start designing the environment: better specs, better evals, better prompts, better ownership boundaries, better recovery points. That last point is the real mindset shift. When code was scarce, the human wrote code. When code became cheap, the human reviewed code. When agents became persistent, the human designs the system in which code keeps getting written after they leave. OpenAI calls this harness engineering, and I think that phrase is going to stick. Harness engineering is the work around the model that makes the model useful over time: This is different from traditional software engineering. You are not only writing deterministic code paths. You are designing an environment that a non deterministic worker can repeatedly enter, understand, act inside, and leave in a better state. That is why the best long running agent harnesses feel weirdly old fashioned. Git. Markdown. Shell scripts. JSON checklists. Test suites. Logs. Small commits. Clear ownership. These are not legacy habits. They are the primitives that survive context death. The future of long running agents is not one immortal session thinking forever. It is many mortal sessions, each with a clean context window, waking up inside a workspace that remembers. So back to the original question: what does it take for an agent to keep working after you leave? Not a bigger prompt. Not just a better model. A durable state layer. A crisp goal. A fresh worker loop. A judge that is not the worker. Tests that push back. Git history that tells the story. Sandboxes that can die without killing the run. Logs that let the human tune the system when it fails. The model is the engine. The harness is the vehicle. And the companies that get this right will not merely have "agents that run longer." They will have agents that can be trusted with larger units of work because the work is recoverable, inspectable, and verifiable. That is the threshold that matters. Not autonomy as theater. Autonomy with a receipt. Why Long Sessions Fail - Context windows rot, agents declare victory early, and half finished work becomes invisible The Architecture That Won - Fresh worker sessions plus durable workspace artifacts The Ralph Loop - Why a dumb restart loop beats a single heroic conversation Initializer, Worker, Judge - The three roles that keep showing up State Outside the Model - Feature lists, progress logs, plans, git history, tests, and notes Verification As Backpressure - Why test oracles matter more than better pep talks Multi Agent Coordination - Why peer to peer locks break and planner worker hierarchies survive Sandboxing and Rehydration - Why long running execution needs disposable compute and durable state What This Means For Agent Design - The checklist every long running harness has to answer Where does state live? What does a new worker read first? How does it choose work? How does it prove progress? Who decides it is done? How do you recover from a bad turn? What happens when the sandbox dies? What is the budget? What is the blast radius?
JSON
Shell
Programming
AI
Open Source
C
Security
Career
Sql
Java
Business
Marketing
Python
Rust
Ruby
Writing
Web Development
Performance
C#
JavaScript
Backend
Data Visualization
Scala
Culture