Architecture

Sub-Agent vs Tool-Agent in AI Harness Engineering A sub-agent is another agentic process delegated a goal. It has its own prompt/context, can reason over steps, may call tools, and returns a synthesized result or handoff. Use it when the work benefits from independent judgment. Example: Investigate why the auth tests are flaky and report root cause plus fix options. A tool-agent is a tool-shaped interface that may internally use agentic behavior, but from the harness perspective it is invoked like a tool: bounded input, bounded output, narrower contract. Use it when you want a capability, not an independent collaborator. ...

MCP Interaction Model Components (official MCP nomenclature) Host — The user-facing application that embeds the LLM and enforces policy (Claude Desktop, Claude Code, an IDE plugin, etc.). It owns the user, the model, and the trust boundary. Client — A protocol connector that lives inside the Host. One Client per Server, holding a 1:1 stateful session. The Host spawns Clients as needed. Server — The process that exposes capabilities (tools, resources, prompts) over the MCP protocol. Can be local (stdio transport) or remote (Streamable HTTP transport). Authorization Server (AS) — For remote Servers: the OAuth 2.1 issuer of access tokens. May be the Server itself or a separate identity provider. Resource Server (RS) — OAuth role played by the remote MCP Server when it validates bearer tokens on incoming requests. User — The human who approves connections, consents to tool calls, and answers elicitations. LLM — Not technically an MCP component, but the reasoning engine the Host drives; never talks to a Server directly. Phase 1 — Transport & connection Host → Client: Host launches a Client configured for a specific Server (command + args for stdio, or URL for HTTP). Client ↔ Server: Transport established. stdio: Host spawns the Server as a subprocess; JSON-RPC over stdin/stdout. Streamable HTTP: Client opens an HTTPS connection; bidirectional via POST + SSE stream. Phase 2 — Authorization (remote Servers only) MCP uses OAuth 2.1 + PKCE, with Resource Indicators (RFC 8707) and Dynamic Client Registration (RFC 7591). ...

Defense-in-Depth Defense-in-depth is a security strategy that uses multiple layers of defenses so that if one layer fails, others still protect the system. The idea comes from military fortification — castles didn’t rely on a single wall; they had moats, outer walls, inner walls, keeps, and so on. Breaching one didn’t mean the attacker won. In Information Security This translates to combining different controls rather than depending on any single one. A typical stack might include: ...

Mixture of Experts (MoE) Mixture of Experts is an architecture pattern in machine learning where a model is divided into many specialized sub-networks (“experts”), with a routing mechanism that selectively activates only a subset of them for any given input. Core Idea Instead of passing every input through all parameters of a model, MoE routes each token (or input) to only a few relevant experts. This decouples total parameter count from compute per forward pass — you can have a massive model that’s still fast and efficient to run. ...