← Back to library

Harness Engineering: How to Build Software When Humans Steer, Agents Execute — Ryan Lopopolo, OpenAI

Watch videoView transcript

AI Engineer46m 20sTranscript ✅Added May 7, 11:52 am GMT+8

Actionable Insights

  1. Build a harness before scaling agents The talk’s title is the playbook: humans steer, agents execute. Start by documenting how agents should run the app, tests, observability, browser tooling, and review process. Start by turning this into a small, reversible pilot: write down the exact input, expected output, owner, and success metric before changing the wider workflow. The useful detail from the analysis is: It is a powerful dogfood constraint for an OpenAI team, b - 1:07 — Title slide. The slide explicitly says “How to Build Software When Humans Steer and Agents Execute,” framing the role split. - Best practitioner addition: Start by adding tests and automating where huma - Official OpenAI article: Search results surface OpenAI’s “Harness engineering: leveraging Codex in an agent-first world,” which states “Humans steer. Treat the first run as an evaluation, not a migration: capture before/after examples, note where the method saves time or improves quality, and keep the old path available until the new one passes repeated checks. Watch for the main failure mode here: overgeneralizing the creator’s demo beyond the evidence. If the video or comments only showed a narrow case, keep the rollout narrow and require fresh proof before broad adoption.

  2. Optimize for the three scarce resources Ryan’s slide at 5:16 names human time, human/model attention, and model context window. Every rule, skill, lint, and test should reduce one of those constraints. Start by turning this into a small, reversible pilot: write down the exact input, expected output, owner, and success metric before changing the wider workflow. The useful detail from the analysis is: - 5:16 — Scarcity slide. The three boxes — human time, human/model attention, model context window — are the architecture constraints for the whole methodology. - Implementation is no longer the scarce resource. At 2:11–4:44, Ryan argues code is cheap to produce/refactor/delete, while human attention and model context are scarce. Treat the first run as an evaluation, not a migration: capture before/after examples, note where the method saves time or improves quality, and keep the old path available until the new one passes repeated checks. Watch for the main failure mode here: overgeneralizing the creator’s demo beyond the evidence. If the video or comments only showed a narrow case, keep the rollout narrow and require fresh proof before broad adoption.

  3. Write “what good looks like” as durable repo text At 6:47–10:52, he emphasizes breadcrumbs, ADRs, persona-oriented docs, ticket/code-review history, and QA-plan docs. Put these into AGENTS.md, skills, ADRs, review checklists, and lint/test messages. Start by turning this into a small, reversible pilot: write down the exact input, expected output, owner, and success metric before changing the wider workflow. The useful detail from the analysis is: This is one of the more actionable “AI coding” talks because it does not stop at “agents write code.” It names the engineering substrate required to make agents useful: docs, skills, lints, tests, review agents, observability, and just-in-time context. - Guardrails are prompts. Lints, test failures, reviewer comments, rules files, skills, prompts, and embedded agent SDK checks all inject instructions into models at different points (14:25–16:27). Treat the first run as an evaluation, not a migration: capture before/after examples, note where the method saves time or improves quality, and keep the old path available until the new one passes repeated checks. Watch for the main failure mode here: overgeneralizing the creator’s demo beyond the evidence. If the video or comments only showed a narrow case, keep the rollout narrow and require fresh proof before broad adoption.

  4. Use reviewer agents for non-functional requirements At 11:53–13:25, security/reliability review agents check timeouts, retries, misuse-resistant interfaces, and recurring failures. Turn repeated review comments into automated checks. Start by turning this into a small, reversible pilot: write down the exact input, expected output, owner, and success metric before changing the wider workflow. The useful detail from the analysis is: The better path is to adopt harness engineering incrementally: turn recurring human review comments into durable machine-readable checks, then let agents operate inside those rails. The better path is to adopt harness engineering incrementally: turn recurring human review comments into durable machine-readable checks, then let agents operate inside those rails. Treat the first run as an evaluation, not a migration: capture before/after examples, note where the method saves time or improves quality, and keep the old path available until the new one passes repeated checks. Watch for the main failure mode here: overgeneralizing the creator’s demo beyond the evidence. If the video or comments only showed a narrow case, keep the rollout narrow and require fresh proof before broad adoption.

  5. Make codebases agent-legible Use source-code tests for file size, dependency boundaries, duplicated schemas, shared helpers, package privacy, and architecture rules. Ryan’s example at 13:55 limits files to 350 lines because context is scarce. Start by turning this into a small, reversible pilot: write down the exact input, expected output, owner, and success metric before changing the wider workflow. The useful detail from the analysis is: Create bespoke lints/tests for repeated failures: missing retries/timeouts, file size, dependency layering, duplicated schemas, unsafe interfaces. Create bespoke lints/tests for repeated failures: missing retries/timeouts, file size, dependency layering, duplicated schemas, unsafe interfaces. Treat the first run as an evaluation, not a migration: capture before/after examples, note where the method saves time or improves quality, and keep the old path available until the new one passes repeated checks. Watch for the main failure mode here: overgeneralizing the creator’s demo beyond the evidence. If the video or comments only showed a narrow case, keep the rollout narrow and require fresh proof before broad adoption.

  6. Surface instructions just in time At 24:33–25:35, he warns against frontloading all requirements. Let agents prototype, then use lints/tests/review comments to inject the next instruction when it matters. Start by turning this into a small, reversible pilot: write down the exact input, expected output, owner, and success metric before changing the wider workflow. The useful detail from the analysis is: - Guardrails are prompts. Lints, test failures, reviewer comments, rules files, skills, prompts, and embedded agent SDK checks all inject instructions into models at different points (14:25–16:27). - Guardrails are prompts. Lints, test failures, reviewer comments, rules files, skills, prompts, and embedded agent SDK checks all inject instructions into models at different points (14:25–16:27). Treat the first run as an evaluation, not a migration: capture before/after examples, note where the method saves time or improves quality, and keep the old path available until the new one passes repeated checks. Watch for the main failure mode here: overgeneralizing the creator’s demo beyond the evidence. If the video or comments only showed a narrow case, keep the rollout narrow and require fresh proof before broad adoption.

  7. Do not chase thousands of skills The Q&A around 22:31–23:32 says his team centralizes leverage around 5–10 skills and improves them instead of spreading maintenance across many brittle tools. Start by turning this into a small, reversible pilot: write down the exact input, expected output, owner, and success metric before changing the wider workflow. The useful detail from the analysis is: - Everyone becomes a staff engineer. At 4:44, he says engineers now have as many “team members” as tokens and concurrency allow, so they must think in systems, delegation, and future structure. - Everyone becomes a staff engineer. At 4:44, he says engineers now have as many “team members” as tokens and concurrency allow, so they must think in systems, delegation, and future structure. Treat the first run as an evaluation, not a migration: capture before/after examples, note where the method saves time or improves quality, and keep the old path available until the new one passes repeated checks. Watch for the main failure mode here: overgeneralizing the creator’s demo beyond the evidence. If the video or comments only showed a narrow case, keep the rollout narrow and require fresh proof before broad adoption.

Core thesis

When agents can produce abundant code, the engineering bottleneck moves from implementation to harness design: the systems, repository structure, skills, tests, lints, prompts, documentation, review agents, observability, and feedback loops that let humans steer and agents execute reliably.

Big ideas / key insights

  • Implementation is no longer the scarce resource. At 2:11–4:44, Ryan argues code is cheap to produce/refactor/delete, while human attention and model context are scarce.
  • Everyone becomes a staff engineer. At 4:44, he says engineers now have as many “team members” as tokens and concurrency allow, so they must think in systems, delegation, and future structure.
  • Guardrails are prompts. Lints, test failures, reviewer comments, rules files, skills, prompts, and embedded agent SDK checks all inject instructions into models at different points (14:25–16:27).
  • QA plans compound. A single product-minded engineer documenting what a good QA plan looks like can improve every future agent trajectory (16:57–17:58).
  • Codex should be the entry point. In Q&A at 20:30–23:32, he describes tooling the repo so Codex can launch the app, run observability, attach DevTools, and invoke skills directly.
  • The right harness is minimal context management. At 24:02–25:35, the “bitter lesson” is to avoid overengineering and focus on getting the right text to the model at the right time.

Best timestamped moments with interpretation

  • 0:35–1:40 — Ryan frames the extreme dogfood constraint: his team works exclusively through agents, not editors.
  • 2:11–4:44 — “Code is free” thesis: provocative but useful if interpreted as “implementation capacity is abundant compared with human attention.”
  • 5:16–7:48 — Scarce resources and breadcrumbs: the practical design center for harness engineering.
  • 8:18–10:52 — Non-functional requirements: agents need explicit standards for maintainability, reliability, and acceptable merged patches.
  • 11:53–13:25 — Reviewer agents and bespoke lints: repeated human review failures should become durable checks.
  • 13:55–15:57 — Source-code tests and instructive lint errors: tests can check code shape and give remediation prompts.
  • 16:27–17:58 — Prompting skill writes prompts; QA-plan docs drive review agents; leverage stacks.
  • 20:30–23:32 — Actual working setup: tickets, skills, app launch skill, observability stack, Chrome DevTools, local harnesses, ESLint rules.
  • 24:33–25:35 — Just-in-time context: do not overload the agent up front; inject requirements at completion gates.
  • 29:39–31:40 — Getting started: use agents to add tests and automate time sinks first.

Practical takeaways / recommended workflow

  1. Create a repo-level AGENTS.md that says how to run, test, review, and ship.
  2. Add 3–5 skills first: launch app, run tests, inspect logs/telemetry, browser-debug, write QA plan.
  3. Create bespoke lints/tests for repeated failures: missing retries/timeouts, file size, dependency layering, duplicated schemas, unsafe interfaces.
  4. Make error messages agent-readable: include why it failed and exact remediation steps.
  5. Add reviewer agents for security, reliability, architecture, and QA-plan completeness.
  6. Require media/evidence on user-facing PRs: screenshots, logs, traces, test output, or benchmark deltas.
  7. Keep humans focused on intent, prioritization, acceptance, and systemic guardrails — not line-by-line implementation.

Comment insights

The extracted comments for this video were much thinner than the transcript, but the broader audience signal around this topic is clear from the video’s premise and Q&A:

  • The useful audience questions ask about overengineering. This is the key concern: harness work can become its own rabbit hole. Ryan’s answer is to keep the harness focused on context delivery and guardrails, not bespoke agent platforms.
  • People want the actual setup. The Q&A asks for his working setup and collaboration platform, indicating practitioners care less about slogans and more about repo/tool mechanics.
  • The implied skepticism is cost and reproducibility. Ryan calls himself a “token billionaire” and mentions a billion output tokens/day in the intro/Q&A framing. Most teams need a scaled-down version with budget caps.
  • Best practitioner addition: Start by adding tests and automating where humans spend time (30:10–31:40). That is more grounded than banning editors immediately.
  • Caveat: The talk is from an OpenAI context with internal tools, token access, and Codex expertise. Smaller teams should adopt the patterns incrementally.

Deep research

  • Official OpenAI article: Search results surface OpenAI’s “Harness engineering: leveraging Codex in an agent-first world,” which states “Humans steer. Agents execute,” and claims the team built in about 1/10th the time by choosing an agent-first constraint. This directly supports the talk’s core framing.
  • Third-party coverage: InfoQ and Engineering.fyi snippets describe the method as Codex agents generating, testing, and deploying a million-line production system, with observability, architecture, and feedback loops. This supports the talk’s claim that harness engineering is an operational methodology, not just prompt style.
  • Ryan’s thesis: The transcript repeatedly defines the shift: abundant code, scarce human attention/context, and guardrail-driven workflows. External snippets align with that.
  • Contradicting/limiting evidence: The strongest limitation is resource context. The methodology is proven in an OpenAI-internal, token-rich environment; it does not automatically prove ordinary teams can or should run huge agent fleets. Security, compliance, code ownership, and review accountability remain open concerns.
  • Comparative note: This is more concrete than generic “AI writes code” claims because it names mechanisms: skills, lints, QA plans, reviewer agents, source-code tests, observability hooks, and PR collaboration.

Verdict

  • Claim: “Code is free.” Mixed, medium confidence. Implementation tokens are cheaper than human time in Ryan’s context, but code still has operational, review, security, and comprehension costs.
  • Claim: “Harness engineering is the new leverage point.” Agree, high confidence. The talk gives concrete mechanisms that map to real agent failure modes.
  • Claim: “Agents can do the full job.” Mixed, medium confidence. They can do much more when the repo is instrumented and guarded; humans still steer priorities, define acceptance, and own outcomes.
  • Claim: “Custom harnesses should be minimal.” Agree, high confidence. The best advice is not to build an elaborate platform, but to deliver the right context at the right time.
  • Claim: “Banning editors is a good default.” Disagree as a general practice, medium confidence. It is a powerful dogfood constraint for an OpenAI team, but most teams should transition gradually.
  • Overclaimed: “Code is free” and “full software engineer” if taken literally.
  • Underclaimed: The boring mechanics — lints, docs, test failures, QA plans, logs — are the actual durable advantage.
  • Practical takeaway: Treat your repository as the harness. Make it legible, testable, and self-correcting for agents.

Screen-level insights

  • 1:07 — Title slide. The slide explicitly says “How to Build Software When Humans Steer and Agents Execute,” framing the role split.
  • 5:16 — Scarcity slide. The three boxes — human time, human/model attention, model context window — are the architecture constraints for the whole methodology.
  • 6:47 — Breadcrumbs and docs. The talk visually remains slide-driven, but the transcript’s focus is documentation/ADRs/persona docs as the path that got humans to good code and must now guide agents.
  • 16:27 — Prompt recursion. The speaker jokes about agents writing prompt-writing skills from prompting cookbooks. This matters because prompt quality becomes repo infrastructure.
  • 19:28 — QR/Q&A setup. The session moves from keynote to practitioner questions, which surfaces implementation details rather than just philosophy.
  • 20:30 — Working setup explanation. The “ticket + skills + Codex entry point” flow is the most operational part of the video.
  • 22:31 — Few maintained skills. The Q&A emphasizes 5–10 strong skills rather than many fragile ones.
  • 24:33 — Overengineering/custom tools. The slide/Q&A topic reinforces the main caution: build only the harness pieces that improve context delivery or guardrails.
  • 30:10 — Getting started guidance. The answer shifts to tests and automating time sinks, which is the safest entry point for normal teams.

My read / why it matters

This is one of the more actionable “AI coding” talks because it does not stop at “agents write code.” It names the engineering substrate required to make agents useful: docs, skills, lints, tests, review agents, observability, and just-in-time context. The danger is copying the extreme OpenAI dogfood posture without OpenAI’s resources. The better path is to adopt harness engineering incrementally: turn recurring human review comments into durable machine-readable checks, then let agents operate inside those rails.

Verification notes

  • Source/evidence audit: Used the extracted transcript, frame metadata, image-model review of selected frames, and web search snippets for the OpenAI harness-engineering article plus third-party summaries.
  • Transcript/comment/frame fidelity: Timestamped claims map to transcript chunks. Screen-level notes are based on frames JSON and image review. Comment insights are conservative because extracted comments were limited in the available excerpt.
  • Hallucination/overclaim audit: OpenAI-internal scale claims are treated as contextual, not generally reproducible. “Code is free” is qualified as implementation-abundance rhetoric.
  • Actionable Insights audit: Recommendations are concrete: create repo docs, build a small skill set, add bespoke lints/tests, improve error messages, and add reviewer agents.
  • Residual uncertainty: I did not fetch the full OpenAI article body; external research relied on search snippets. I also did not inspect Ryan’s actual internal tools or Codex app-server setup.
  • Actionable Insights audit: expanded to the newer detailed format with fuller implementation notes, evaluation checks, and cautions where the existing evidence supports elaboration.