@agent-native/core 0.57.0 → 0.58.0

package/docs/content/harness-agents.md

@@ -0,0 +1,232 @@
+---
+title: "Harness Agents"
+description: "Run Claude Code, Codex, Pi, and other full coding harnesses as embedded agents inside Agent-Native, with their own loop, sandbox, native tools, and resumable SQL-backed sessions."
+search: "harness agents AgentHarness ai-sdk HarnessAgent Claude Code Codex Pi Cursor Mastra embedded coding agent resolveAgentHarness startAgentHarnessRun resumable session sandbox host tools"
+---
+
+# Harness Agents
+
+A harness agent is a full agent runtime — Claude Code, Codex, Pi, and similar —
+that owns its own loop, workspace, native file tools, session state, compaction,
+approval model, and sandbox behavior. Agent-Native runs these through the
+**`AgentHarness`** substrate in `@agent-native/core/agent/harness`, streams their
+events into the normal transcript, and persists their native session so a thread
+can pause and resume.
+
+This is different from the built-in chat agent and from bringing your own chat
+runtime. The built-in agent and `AgentEngine` are for one model round trip
+beneath `runAgentLoop`. A harness is not an `AgentEngine` provider — it runs its
+own loop end to end, so Agent-Native drives it as a session, not as a single
+model call.
+
+| You want to…                                                               | Use                                                           |
+| -------------------------------------------------------------------------- | ------------------------------------------------------------- |
+| Run Claude Code / Codex / Pi **as the agent**, with their own loop + tools | **Harness agents** (this page)                                |
+| Put an agent you built elsewhere behind Agent-Native's **chat UI**         | [`AgentChatRuntime`](/docs/native-chat-ui#byo-agent-runtimes) |
+| Let an external MCP host (Claude Code, Cursor, …) **call into your app**   | [External Agents](/docs/external-agents)                      |
+| Render a Claude-Code/Codex-style **coding workspace UI**                   | [Agent-Native Code UI](/docs/code-agents-ui)                  |
+| Spawn background / sub-agent runs and teams                                | [Custom Agents & Teams](/docs/agent-teams)                    |
+
+## Built-in harnesses {#built-in}
+
+`registerBuiltinAgentHarnesses()` registers three adapters backed by the AI SDK
+`HarnessAgent`:
+
+| Name                         | Runtime     | Sandbox | Approvals |
+| ---------------------------- | ----------- | ------- | --------- |
+| `ai-sdk-harness:claude-code` | Claude Code | yes     | yes       |
+| `ai-sdk-harness:codex`       | Codex       | yes     | no        |
+| `ai-sdk-harness:pi`          | Pi          | no      | yes       |
+
+Their runtime packages are **optional peer dependencies** and load lazily, so an
+app that never uses a harness does not pay for it. Each adapter carries an
+`installPackage` hint (for example `@ai-sdk/harness@canary
+@ai-sdk/harness-codex@canary`); `resolveAgentHarness` throws a clear install
+error if the packages are missing, and `isAgentHarnessPackageInstalled(entry)`
+lets you check first.
+
+## Register and resolve {#register-resolve}
+
+```ts
+import {
+  registerBuiltinAgentHarnesses,
+  resolveAgentHarness,
+} from "@agent-native/core/agent/harness";
+
+registerBuiltinAgentHarnesses();
+const adapter = resolveAgentHarness("ai-sdk-harness:codex");
+```
+
+`resolveAgentHarness(name, config?)` returns an `AgentHarnessAdapter`. The
+optional `config` is forwarded to the adapter factory — for the AI SDK adapters
+that maps to `AiSdkHarnessAdapterOptions` (`label`, `description`,
+`permissionMode`, `harnessOptions`, `agentOptions`). Use `listAgentHarnesses()`
+to enumerate what is registered for a picker.
+
+## Run a turn {#run-a-turn}
+
+`startAgentHarnessRun` bridges a harness session into the shared run-manager
+lifecycle. It creates (or reuses) the native session, persists it, streams the
+turn, translates each harness event into transcript events, and detaches the
+resumable state when the turn completes.
+
+```ts
+import { startAgentHarnessRun } from "@agent-native/core/agent/harness";
+
+const run = startAgentHarnessRun({
+  runId,
+  threadId,
+  adapter,
+  input: { prompt },
+  createSession: {
+    sessionId,
+    resumeState, // opaque value from a previous turn, if resuming
+    instructions,
+    sandbox, // required for sandboxed harnesses — see Sandbox Adapters
+    permissionMode: "allow-reads",
+    tools, // a narrow, intentional set of host tools (see below)
+  },
+  ownerEmail,
+  orgId,
+});
+```
+
+`startAgentHarnessRun` returns the `ActiveRun` from the run-manager, so the turn
+shows up through the existing run routes, transcript, and cancellation just like
+any other agent run. Pass an already-created `session` instead of `createSession`
+to continue a session you are holding in memory.
+
+## Sessions and resume {#sessions}
+
+A harness owns long-lived native session state. Agent-Native persists it in SQL
+so a thread can survive across turns, processes, and deploys. The `resumeState`
+is **opaque** — Agent-Native stores it and hands it back, but never inspects or
+interprets it.
+
+```ts
+import {
+  getLatestAgentHarnessSessionForThread,
+  listAgentHarnessSessions,
+} from "@agent-native/core/agent/harness";
+
+const last = await getLatestAgentHarnessSessionForThread(threadId);
+// Feed last?.resumeState into createSession.resumeState on the next turn.
+```
+
+The store also exposes `saveAgentHarnessSession`, `updateAgentHarnessSession`,
+`getAgentHarnessSession`, `getAgentHarnessSessionByRunId`,
+`markAgentHarnessSessionStopped`, and `ensureAgentHarnessSessionTables`.
+`startAgentHarnessRun` calls the save/update/stop paths for you; reach for them
+directly only in a custom host.
+
+## Host tools and permissions {#host-tools}
+
+A harness brings its own native tools (read, edit, write, shell, and so on), so
+you do **not** re-expose file editing as host tools. Pass only a **narrow,
+intentional set** of Agent-Native actions through `createSession.tools` when you
+want the harness to reach specific app operations — and keep `defineAction`
+auth, request context, timeouts, truncation, and read-only metadata intact when
+you do.
+
+`permissionMode` gates what the harness may do without approval:
+
+| Mode          | Meaning                                            |
+| ------------- | -------------------------------------------------- |
+| `allow-reads` | Default. Reads run; edits and risky actions prompt |
+| `allow-edits` | Reads and edits run; other risky actions prompt    |
+| `allow-all`   | No approval gating                                 |
+
+When a harness pauses for approval it emits an `approval-request` event and the
+session is marked `idle` with the pending approval recorded, so the UI can
+surface it and resume on the user's decision. See
+[Human Approval](/docs/human-approval) for the approval surface.
+
+## Events {#events}
+
+A harness session streams `AgentHarnessEvent` values, which Agent-Native
+translates to the standard `AgentChatEvent` stream with
+`agentHarnessEventToAgentChatEvents`. The event union covers `text-delta`,
+`thinking-delta`, `activity`, `tool-start`, `tool-done` (which can carry an
+`mcpApp` payload for native widgets), `approval-request`, `file-change`,
+`compaction`, `usage`, `error`, and `done`. Because tool results flow through the
+same translation, action-declared native widgets still render — see
+[Native Chat UI](/docs/native-chat-ui).
+
+## Background runs and the UI {#background-runs}
+
+Harness runs project into the shared `BackgroundAgentRun` shape with
+`createAgentHarnessBackgroundAgentController()` and are available through the
+existing run routes as `goalId=agent-harness`. That means a long-running Claude
+Code or Codex session appears in the same background-run and transcript surfaces
+as Agent Teams and other adapters, with `listAgentHarnessBackgroundRuns`,
+`listAgentHarnessBackgroundTranscriptEvents`, `getAgentHarnessBackgroundRun`, and
+`stopAgentHarnessBackgroundRun` available for custom hosts.
+
+## Custom adapters {#custom-adapters}
+
+To wrap a runtime that is not one of the built-ins, implement
+`AgentHarnessAdapter` and register it. The adapter declares its capabilities and
+creates sessions; a session exposes `streamTurn` and optional `continueTurn`,
+`approve`, `detach`, `stop`, and `destroy`.
+
+```ts
+import {
+  registerAgentHarness,
+  type AgentHarnessAdapter,
+} from "@agent-native/core/agent/harness";
+
+const myHarness: AgentHarnessAdapter = {
+  name: "acme:my-coder",
+  label: "Acme Coder",
+  description: "Runs the Acme coding agent.",
+  installPackage: "@acme/coder",
+  capabilities: {
+    sandbox: true,
+    resumable: true,
+    approvals: true,
+    hostTools: true,
+    fileEvents: true,
+  },
+  async createSession(opts) {
+    // Build your native session and adapt it to AgentHarnessSession.
+    return createAcmeSession(opts);
+  },
+};
+
+registerAgentHarness({
+  name: myHarness.name,
+  label: myHarness.label,
+  description: myHarness.description,
+  installPackage: myHarness.installPackage,
+  capabilities: myHarness.capabilities,
+  create: () => myHarness,
+});
+```
+
+Keep the runtime package optional with a dynamic import in `createSession` and an
+`installPackage` hint. For bridge-backed coding harnesses, require a real
+sandbox/workspace provider rather than running an arbitrary coding agent in the
+host process — see [Sandbox Adapters](/docs/sandbox-adapters). The AI SDK adapter
+(`createAiSdkHarnessAdapter`, backed by `HarnessAgent` from `@ai-sdk/harness`) is
+one implementation of this contract, not the public abstraction.
+
+## Don't {#donts}
+
+- Don't add Claude Code, Codex, Cursor, Mastra, or Pi as an `AgentEngine`. They
+  own their loop; running one under `AgentEngine.stream()` double-runs the loop
+  and loses session lifecycle semantics.
+- Don't replay full Agent-Native chat history into a harness each turn. Resume
+  the harness session with its `resumeState` instead.
+- Don't store `resumeState` in `application_state`. It belongs in the harness
+  session SQL table.
+- Don't expose every app action to every harness session by default. Hand it a
+  small, intentional tool set.
+
+## Related docs {#related-docs}
+
+- [Native Chat UI](/docs/native-chat-ui) — put your own agent behind the chat UI with `AgentChatRuntime`.
+- [Agent Surfaces](/docs/agent-surfaces) — choose headless, chat, sidecar, or full-app.
+- [Agent-Native Code UI](/docs/code-agents-ui) — the reusable coding workspace surface.
+- [Custom Agents & Teams](/docs/agent-teams) — background runs and sub-agent delegation.
+- [Sandbox Adapters](/docs/sandbox-adapters) — pluggable execution backends for coding harnesses.
+- [Human Approval](/docs/human-approval) — the approval surface harness runs use.

package/docs/content/key-concepts.md

@@ -190,27 +190,27 @@ See [Context Awareness](/docs/context-awareness) for the full pattern: navigatio
 
 Agent-native supports a lot of agent-facing protocols because different hosts standardize different pieces of the same workflow. App authors should not have to choose among them or rebuild the same operation for each client. The center of gravity stays the action system.
 
-| Surface                 | Status              | What agent-native provides                                                                                                      | What you write                          |
-| ----------------------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- |
-| Agent tool calling      | Shipping            | The in-app agent sees actions as function tools with zod-derived JSON Schema.                                                   | `defineAction()`                        |
-| UI actions              | Shipping            | React calls the same action through `useActionMutation()` / `useActionQuery()`.                                                 | The same action                         |
-| Native chat widgets     | Shipping            | Tool results with explicit widget discriminants can render native tables, charts, and typed app results in chat.                | Structured action results               |
-| HTTP and CLI            | Shipping            | Actions auto-mount at `/_agent-native/actions/:name` and run via `pnpm action <name>`.                                          | The same action                         |
-| MCP server              | Shipping            | External MCP hosts get Streamable HTTP tools, the `ask-agent` meta-tool, and optional MCP Apps resources.                       | The same action, plus optional `mcpApp` |
-| MCP OAuth               | Shipping            | Standard remote MCP OAuth, PKCE, dynamic client registration, refresh tokens, and `mcp:read` / `mcp:write` / `mcp:apps` scopes. | Nothing per action                      |
-| MCP Apps                | Shipping            | External hosts that support app resources can render iframe/native-host widgets, with deep-link fallback elsewhere.             | Optional `mcpApp` metadata              |
-| A2A                     | Shipping            | Other agents discover the agent card and call the app over JSON-RPC tasks.                                                      | The same actions and agent config       |
-| Deep links              | Shipping            | Action results can round-trip users into the running UI through `/_agent-native/open` and `agentnative://open`.                 | Optional `link` metadata                |
-| MCP clients             | Shipping            | The app can also consume local, remote, or hub-shared MCP servers as `mcp__...` tools.                                          | `mcp.config.json` or settings           |
-| Instructions and skills | Shipping            | `AGENTS.md`, skills, memory, slash commands, sub-agents, jobs, and automations live in the SQL-backed workspace.                | Workspace resources, not protocol glue  |
-| Agent Web               | Shipping            | Public pages can publish `robots.txt`, `sitemap.xml`, `llms.txt`, markdown mirrors, and structured metadata.                    | Route access plus `agentWeb` config     |
-| Extensions              | Shipping            | Sandboxed mini-apps call app actions, persist extension data, and use proxied fetch helpers.                                    | Extension HTML using `appAction()`      |
-| AG-UI                   | Adapter target      | A good fit for connecting an external agent runtime to an agent-native chat/UI shell through event streams.                     | An adapter, not duplicate actions       |
-| ACP                     | Coding-agent/editor | Useful for coding agents inside editors/IDEs; not the general BYO app-chat runtime contract.                                    | Editor/agent adapter work               |
-
-The practical rule is simple: implement domain operations as actions, add `readOnly`, `publicAgent`, `link`, `mcpApp`, or an explicit native widget result only when a surface needs it, and use skills/instructions for behavior. MCP, A2A, MCP Apps, MCP OAuth, UI mutations, native chat widgets, CLI commands, and deep-link handoffs are adapters around that same core.
-
-Adapter horizon: [AG-UI](https://docs.ag-ui.com/introduction) is a strong fit for connecting external agent runtimes to Agent-Native chat and app shells through events. [ACP](https://zed.dev/acp) is important for coding-agent/editor interoperability, but it is not the general BYO app-agent UI contract.
+| Surface                     | Status              | What agent-native provides                                                                                                            | What you write                                    |
+| --------------------------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- |
+| Agent tool calling          | Shipping            | The in-app agent sees actions as function tools with zod-derived JSON Schema.                                                         | `defineAction()`                                  |
+| UI actions                  | Shipping            | React calls the same action through `useActionMutation()` / `useActionQuery()`.                                                       | The same action                                   |
+| Native chat widgets         | Shipping            | Tool results with explicit widget discriminants can render native tables, charts, and typed app results in chat.                      | Structured action results                         |
+| AgentChatRuntime connectors | Shipping            | The chat shell can sit on top of OpenAI Agents, OpenAI Responses, Claude Agent SDK, Vercel AI SDK, AG-UI, or normalized HTTP streams. | Pick a runtime helper or stream normalized events |
+| HTTP and CLI                | Shipping            | Actions auto-mount at `/_agent-native/actions/:name` and run via `pnpm action <name>`.                                                | The same action                                   |
+| MCP server                  | Shipping            | External MCP hosts get Streamable HTTP tools, the `ask-agent` meta-tool, and optional MCP Apps resources.                             | The same action, plus optional `mcpApp`           |
+| MCP OAuth                   | Shipping            | Standard remote MCP OAuth, PKCE, dynamic client registration, refresh tokens, and `mcp:read` / `mcp:write` / `mcp:apps` scopes.       | Nothing per action                                |
+| MCP Apps                    | Shipping            | External hosts that support app resources can render iframe/native-host widgets, with deep-link fallback elsewhere.                   | Optional `mcpApp` metadata                        |
+| A2A                         | Shipping            | Other agents discover the agent card and call the app over JSON-RPC tasks.                                                            | The same actions and agent config                 |
+| Deep links                  | Shipping            | Action results can round-trip users into the running UI through `/_agent-native/open` and `agentnative://open`.                       | Optional `link` metadata                          |
+| MCP clients                 | Shipping            | The app can also consume local, remote, or hub-shared MCP servers as `mcp__...` tools.                                                | `mcp.config.json` or settings                     |
+| Instructions and skills     | Shipping            | `AGENTS.md`, skills, memory, slash commands, sub-agents, jobs, and automations live in the SQL-backed workspace.                      | Workspace resources, not protocol glue            |
+| Agent Web                   | Shipping            | Public pages can publish `robots.txt`, `sitemap.xml`, `llms.txt`, markdown mirrors, and structured metadata.                          | Route access plus `agentWeb` config               |
+| Extensions                  | Shipping            | Sandboxed mini-apps call app actions, persist extension data, and use proxied fetch helpers.                                          | Extension HTML using `appAction()`                |
+| ACP                         | Coding-agent/editor | Useful for coding agents inside editors/IDEs; not the general BYO app-chat runtime contract.                                          | Editor/agent adapter work                         |
+
+The practical rule is simple: implement domain operations as actions, add `readOnly`, `publicAgent`, `link`, `mcpApp`, or an explicit native widget result only when a surface needs it, and use skills/instructions for behavior. MCP, A2A, MCP Apps, MCP OAuth, UI mutations, native chat widgets, AgentChatRuntime connectors, CLI commands, and deep-link handoffs are adapters around that same core.
+
+Adapter horizon: [A2UI](https://a2ui.org/) is worth watching for portable generated UI across trust boundaries, but first-party Agent-Native widgets should stay explicit native renderers. [ACP](https://zed.dev/acp) is important for coding-agent/editor interoperability, but it is not the general BYO app-agent UI contract.
 
 ## Three product shapes {#three-product-shapes}
 
@@ -302,6 +302,7 @@ Adopting the framework is valuable mostly because of what you stop having to bui
 - **One action = every surface.** Every action defined with `defineAction()` is simultaneously an agent tool, a typesafe frontend hook (`useActionQuery` / `useActionMutation`), a framework-owned HTTP transport, a CLI command, an MCP tool for external clients, and an A2A tool for other agent-native apps. Optional `link` and `mcpApp` metadata add deep links and MCP Apps UI without a second implementation.
 - **A full workspace per user.** Skills, shared `LEARNINGS.md`, personal `memory/MEMORY.md`, `AGENTS.md`, custom sub-agents, scheduled jobs, connected MCP servers — all SQL-backed, no dev-box required. See [Workspace](/docs/workspace).
 - **Drop-in React components.** `<AgentPanel />` and `<AgentSidebar />` render chat + workspace anywhere in your app. See [Drop-in Agent](/docs/drop-in-agent).
+- **BYO agent chat runtimes.** The same chat UI can sit on top of OpenAI Agents, OpenAI Responses, Claude Agent SDK, Vercel AI SDK, AG-UI, or your own normalized HTTP stream. See [Native Chat UI](/docs/native-chat-ui#byo-agent-runtimes).
 - **Live sync between agent and UI.** Same-process writes stream immediately over `/_agent-native/events`; a lightweight poll keeps serverless, cron, and cross-process writes convergent. Mutating actions invalidate action-backed queries automatically, so agent-created records appear without a manual refresh. See [Live Sync](#polling-sync) below.
 - **Auth, orgs, RBAC.** Better Auth with orgs/members/roles is wired in for every template. See [Authentication](/docs/authentication).
 - **Context awareness.** The agent always knows what the user is looking at through the `navigation` app-state key. See [Context Awareness](/docs/context-awareness).

package/docs/content/native-chat-ui.md

@@ -208,6 +208,39 @@ export function SupportChat() {
 }
 ```
 
+If your endpoint already streams a common agent protocol, use the matching
+connector and skip writing a custom mapper:
+
+```ts
+import {
+  createAgUiChatRuntime,
+  createClaudeAgentChatRuntime,
+  createOpenAIAgentsChatRuntime,
+  createOpenAIResponsesChatRuntime,
+  createVercelAiChatRuntime,
+} from "@agent-native/core/client/chat";
+
+const openAiAgentsRuntime = createOpenAIAgentsChatRuntime({
+  endpoint: "/api/openai-agents/chat",
+});
+
+const openAiResponsesRuntime = createOpenAIResponsesChatRuntime({
+  endpoint: "/api/openai-responses/chat",
+});
+
+const claudeAgentRuntime = createClaudeAgentChatRuntime({
+  endpoint: "/api/claude-agent/chat",
+});
+
+const vercelAiRuntime = createVercelAiChatRuntime({
+  endpoint: "/api/vercel-ai/chat",
+});
+
+const agUiRuntime = createAgUiChatRuntime({
+  endpoint: "/api/ag-ui/chat",
+});
+```
+
 The endpoint may stream the normalized event shape directly:
 
 ```txt
@@ -241,11 +274,10 @@ assistant-ui adapter control. Use `PromptComposer` by itself when your product
 owns the entire external transcript and only wants Agent-Native's composer
 field.
 
-AG-UI is still an adapter target: it can be mapped into `AgentChatRuntime`
-events, actions, context, and native renderers over time. ACP remains
-coding-agent/editor interoperability, not the general app-chat runtime for end
-users. A2UI is not claimed as supported here; if it matures, it should adapt
-into this same explicit runtime/widget contract.
+OpenAI, AG-UI, Claude Agent SDK, and Vercel AI SDK streams can use the standard
+connector helpers. ACP remains coding-agent/editor interoperability, not the
+general app-chat runtime for end users. A2UI is not claimed as supported here;
+if it matures, it should adapt into this same explicit runtime/widget contract.
 
 ## Related docs {#related-docs}
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-native/core",
-  "version": "0.57.0",
+  "version": "0.58.0",
   "type": "module",
   "engines": {
     "node": ">=22"