Mike Piccolo’s X article argues that most teams do not truly build an agent harness—they adopt a monolithic framework (LangChain, LangGraph, OpenAI Agents SDK, Anthropic SDK, AutoGen, and similar stacks) and later pay when one bundled layer (policy, credentials, approvals, budgets) no longer fits. His alternative: decompose the harness into replaceable workers on the iii engine, connected by one primitive—iii.trigger()—so “build your own” means swap workers, not fork a framework.
%%{init: {"theme": "base", "themeVariables": {"background": "transparent", "lineColor": "#000000"}}}%%
graph TD
CLIENT[Client chat or CLI] --> HARNESS[harness meta-worker]
HARNESS --> RUN[run start on turn-orchestrator]
RUN --> PROV[Provisioning sandbox and skills]
PROV --> STREAM[Provider stream tokens]
STREAM --> TOOLS[Tool calls via policy gate]
TOOLS --> APPROVE{Approval needed?}
APPROVE -->|yes| GATE[approval-gate worker]
APPROVE -->|no| LOOP[Steering and next turn]
GATE --> LOOP
LOOP --> DONE[Session end and traces]
classDef agent fill:#8B0000,color:#fff
classDef hook fill:#189AB4,color:#fff
classDef decision fill:#444,color:#fff
class HARNESS agent
class RUN agent
class STREAM hook
class TOOLS hook
class APPROVE decision
Frameworks bundle loop, tools, policy, and memory; iii treats each concern as an independent worker on one engine bus.
Adopt vs compose
Piccolo’s opening line: teams pick the loop, tools, memory, and orchestration as one import decision. When the bundled policy engine or credential store does not match production, you fork, fight, or work around—not replace a single layer. Pi-style agent packages improve modularity, he notes, but still sit in “add another service and wire it to everything else.” iii’s bet is that provider routing, credential vaults, policy, approvals, model catalogues, session trees, budget tracking, hook fanout, and the durable turn loop should be independent workers on the same bus—interoperable with queues, HTTP APIs, streaming, and even browser workers.
One turn walks through orchestration, provider streaming, fail-closed policy, optional human approval, then steering or stop.
Fifteen jobs every production harness must cover
| # | Job | Why it matters |
|---|---|---|
| 1 | Accept and persist turn requests | Durable entry from UI, CLI, or API |
| 2 | Resolve provider credentials | Secrets without hard-coding keys in prompts |
| 3 | Model capability lookup | Vision, tools, streaming, context limits |
| 4 | Per-turn state machine | Provision, stream, tools, steer, teardown |
| 5 | Skill bodies for functions | Schemas, errors, usage notes per tool |
| 6 | System prompt assembly | Mode, identity, working dir, skill index |
| 7 | Token streaming to client | Live UX while the model thinks |
| 8 | Policy check per tool call | Allow, deny, or needs approval |
| 9 | Human-in-the-loop routing | Park calls; resume the right session |
| 10 | LLM budget tracking | Per-workspace or per-agent spend caps |
| 11 | Before/after tool hooks | Logging, redaction, side effects |
| 12 | Branching session tree | Forks and resumes without losing history |
| 13 | Context compaction | Stay inside the window without silent amnesia |
| 14 | UI event stream | Subscribers see agent progress |
| 15 | End-to-end OpenTelemetry | One trace graph across all workers |
Frameworks ship one version of each concern. Piccolo’s point: a year in, you often need a different policy or approval surface—and replacing it inside a monolith means replacing the harness. On iii, each job maps to a worker on workers.iii.dev, installable with iii worker add, swappable in any language with an SDK.
The production worker stack
The open-source bundle at iii-hq/workers/harness (Apache-2.0, v0.4.7 at time of writing) composes workers including:
| Worker | Role in one line |
|---|---|
turn-orchestrator | Durable FSM: provision → stream → tools → steer → finish |
harness (meta) | Entry harness::trigger, policy, OTel baggage seeding |
approval-gate | approval::resolve writes decisions to iii state |
session | Branching session tree persistence |
llm-budget | budget::record spend tracking |
auth-credentials | auth::get_token for providers |
models-catalog | Static or pluggable model metadata |
provider-* | Anthropic, OpenAI, Kimi, LM Studio, llama.cpp streams |
hook-fanout | hook-fanout::publish_collect for tool hooks |
context-compaction | Compaction on agent::turn_end |
web | Console / UI surfaces |
Piccolo describes eleven core workers, one engine in the article narrative; the monorepo also ships additional provider and config workers you enable per deployment. Each process opens a WebSocket to the engine, registers functions and triggers, and is runnable alone (pnpm dev:turn-orchestrator) or via the composite pnpm start:all entry point.
How one agent turn runs
At a high level (from Piccolo’s walkthrough):
- Trigger: Client POSTs
harness::triggerwithsession_id,message_id, payload; meta-worker forwards torun::startwith OTel baggage on session/message IDs. - Orchestrator:
turn-orchestratorpersists the run, seedsturn_state, and drives a durable FIFO state machine (terminal statesstoppedandfailed). - Provisioning: Optional
iii-sandboxmicroVM;directory::skills::download; system prompt from mode (plan / ask / agent), identity preamble, and default skills—or a caller-suppliedsystem_promptoverride. - Streaming: Provider worker streams SSE into an iii channel; orchestrator emits
message_updateonagent::events. - Tools: Each call goes through
dispatchWithHook;policy::check_permissions(5s timeout, fail-closed) returnsallow,deny, orneeds_approval. - Approvals: One reactive
turn::on_approvaltrigger wakes the session whenapproval::resolvewrites state—no per-call resume RPCs. - Loop:
steering_checkcontinues, stops, or hitsmax_turns;finishSession()frees sandbox and emitsagent_end.
Latency details he highlights: hook fanout skips ~500ms when no subscriber exists; teardown inlined to avoid an extra queue hop; compaction listens on turn boundaries, not every event.
Build your own = register the same function IDs
Replacement examples from the article—each keeps the rest of the stack on the bus:
| Goal | What you swap | Wire contract (examples) |
|---|---|---|
| Live model catalogue | models-catalog | models::list, models::get, models::supports |
| New LLM provider | Add provider-* worker | provider::name::stream, budget::record |
| Private skill store | Custom directory worker | directory::skills::get, directory::skills::list |
| Custom system prompt | Pass-through on run::start | Optional system_prompt field |
| Slack approvals | New worker calling | approval::resolve (gate unchanged) |
| OPA / Cedar policy | Custom policy worker | policy::check_permissions |
Thin vs thick: a config slider, not a rewrite
Piccolo reframes the classic “Anthropic thin loop vs LangGraph DAG” debate: on a worker bus, thin might be orchestrator + one provider + auth + minimal meta-worker (internal research, high trust). Thick adds approvals, budgets, hook fanout, compaction, custom policy, and Slack-driven approval surfaces (customer-facing, auditable spend). Moving along that slider is adding or removing workers in config.yaml—same protocol, same trace shape—not rewriting the harness.
He cites a recent turn-orchestrator refactor (11 → 7 FSM states, reactive approvals, inlined teardown) where every neighbouring worker stayed unchanged because contracts are bus-level function IDs—a property monolithic frameworks struggle to offer.
How this relates to Motia and other harnesses
Piccolo also founded Motia (event-driven agent steps in TypeScript/Python/Ruby). The X piece is specifically about iii as substrate: Workers, Triggers, and Functions as the three primitives (iii engine). That is a different axis from product harnesses such as Claude Code dynamic workflows or Pi subagents—those optimise the agent loop inside a product; iii generalises the platform layer so harness concerns are ordinary workers your business logic already uses.
Try it locally
# Clone the harness bundle (from Piccolo's article)
git clone https://github.com/iii-hq/workers.git
cd workers/harness
pnpm install && pnpm build
pnpm start:all # composite stack against a running iii engine
# Docs: https://iii.dev/docs
# Registry: https://workers.iii.devSummary snapshot
| Topic | Piccolo / iii position |
|---|---|
| Framework adoption | One-shot import; hard to swap policy, auth, or approvals later |
| Composition unit | Worker on shared engine bus |
| Integration primitive | iii.trigger() and registered function IDs |
| Policy default | Fail-closed; 5s timeout → deny |
| Observability | OTel on session, message, function IDs auto-wrapped |
| “Build your own” | Install/swap workers; write missing ones |
| Open source | iii.dev/docs, iii-hq/workers |
Piccolo’s closing bet: a harness is not a product you install—it is the set of jobs your system must perform for durable, safe, observable agents. When the substrate composes those jobs as workers, the harness becomes exactly the shape your organisation needs, with the same trace from registry workers and custom ones alike.
Research supplement
Live web sources were not accessible during this session (WebFetch and WebSearch permissions were not granted). The following notes reflect what could be inferred from the reference URLs and project structure provided in the task specification:
- iii engine (github.com/iii-hq/iii) — open-source runtime for iii workers; full README and architecture details require direct inspection.
- Harness bundle (github.com/iii-hq/workers/tree/main/harness) — reference scaffolding for building a custom agent harness on iii; implementation details require direct inspection.
- iii documentation (iii.dev/docs) — canonical reference for worker model, engine API, and harness design.
- Worker registry (workers.iii.dev) — public catalog; worker catalog depth and quality require live inspection to assess.
No additional reputable third-party sources corroborating iii's production maturity, performance characteristics, or community size were retrieved. Claims in the main article body are clearly flagged as inferred where live verification was not possible.
