Introducing Harness Agents

Autonomous DevSecOps.
Pipeline‑Native AI Agents.

Harness Agents are AI-powered autonomous workers that run inside your pipelines — building, deploying, testing, remediating, and optimizing your software delivery lifecycle from commit to production.

Explore on GitHub Read the Docs

Designed for

Pipeline-native AI agents that ship, secure, and optimize your software delivery

Stage

Limited Preview

Models

Anthropic · OpenAI · Gemini

// OVERVIEW

What Are Harness Agents?

Harness Agents are autonomous AI workers that execute DevOps tasks inside Harness pipelines. Unlike standalone AI assistants, agents are pipeline-native — they inherit your pipeline's context, permissions, secrets, and governance controls while taking multi-step actions across your SDLC.

⚡

Pipeline-Native Execution

Agents run as first-class pipeline steps — not as external scripts or webhook callbacks. They share the pipeline's execution context, secrets, connectors, and RBAC scope. Every action is logged, auditable, and governed.

🔀

System + Custom Agents

Start with Harness-built System Agents for CI autofix, CD remediation, code review, and feature flag cleanup. Then create Custom Agents tailored to your organization's workflows, standards, and domain knowledge.

🧠

Context-Aware Intelligence

Agents access your Knowledge Graph — pipelines, infrastructure, services, configs, and history. They understand your environment and make decisions grounded in your actual platform state, not generic suggestions.

templates/code-coverage/pipeline.yaml

pipeline:
  clone:
    depth: 1
    ref:
      name: <+inputs.branch>
      type: branch
  repo: <+inputs.repo>
  connector: "<+inputs.gitConnector>"
  stages:
    - name: code-coverage
      steps:
        - name: coding_agent              # ← AI-powered step
          run:
            container:
              image: harness/codecov:coding-agent
            with:
              max_iterations: "300"
              code_coverage: "true"
              verify: "true"
              prompt: "Analyze the current codebase and identify
                test coverage. Generate comprehensive unit tests
                to increase overall coverage to at least 90%
                and each file coverage to at least 80%.
                Generate a CONCISE COVERAGE.md file."
            env:
              ANTHROPIC_API_KEY: <+inputs.llmConnector.token>

        - name: push_and_create_pr        # ← Opens PR with tests
          run:
            container:
              image: harness/coding-agent-pr-skill
            env:
              PLUGIN_PR_TITLE: "Code Coverage: Automated
                coverage increase by Harness AI"
              PLUGIN_CREATE_PR: "true"

        - name: post_coverage_comment     # ← Posts report to PR
          run:
            container:
              image: harness/coding-agent-comment-skill

      platform:
        os: linux
        arch: arm64
  inputs:
    llmConnector:
      type: connector              # LLM provider connector
    gitConnector:
      type: connector              # SCM connector
    repo:
      type: string
    branch:
      type: string
      default: main

From thisrohangupta/agents — agent templates are modular pipeline definitions with metadata, YAML, docs, and logo.

// ARCHITECTURE

How Agents Work

Agents compose three layers: the execution runtime (Harness Pipelines), the intelligence layer (LLM + Knowledge Graph), and the tool layer (MCP + Harness APIs). Each layer is independently configurable.

🏗️

Pipeline Engine

Agents execute within the Harness pipeline runtime — inheriting job semantics, parallel execution, failure strategies, rollback, and the full orchestration model. No new runtime to manage.

📦

Step Templates

Agents are packaged as Step Templates and Step Group Templates. Reference them by name, version them in your template library, and compose them into any pipeline.

🔄

Agents Are Pipelines

Every agent is backed by a pipeline definition under the hood. Fork an agent, edit the YAML, publish your own variant. Full transparency — no black boxes.

// USE CASES

What Can Be Built with Agents

Agents handle the high-value, judgment-intensive work that can't be reduced to simple scripts — but shouldn't require a human in the loop for every instance.

Autofix

When builds fail, the agent analyzes logs, identifies root cause, generates a fix, and opens a PR — all within the pipeline execution. Reduces MTTR from hours to minutes.

Testing

Code Coverage

Analyzes your codebase, identifies coverage gaps, generates comprehensive unit tests to hit 90%+ overall and 80%+ per file, and opens a PR with a coverage report — fully autonomous.

Code Quality

Code Review

Reviews every PR against your team’s conventions, architecture guidelines, and best practices. Goes beyond linting — agents understand intent, suggest refactors, and catch logic errors.

Feature Flags

FF Cleanup

Scans your codebase for stale feature flags, identifies dead code paths, and generates cleanup PRs — keeping your codebase lean and eliminating flag debt automatically.

Manifest Remediator

Detects and remediates Kubernetes manifest issues — misconfigurations, security violations, and resource misallocations — before they reach production.

Platform

Onboarding

Scans repositories, infers build/deploy topology, and auto-creates CI/CD pipelines. New repos get pipelines in minutes, not days — with human approval before activation.

Migration

React Upgrade

Automates framework migration — analyzing dependencies, updating APIs, refactoring components, and validating builds. Handles the tedious, error-prone upgrade work at scale.

Security

Zero Day Remediation

Responds to zero-day vulnerability disclosures by scanning affected dependencies, assessing blast radius, generating patches, and opening remediation PRs — governed by your security policies.

// DESIGN PHILOSOPHY

Built on What You Already Use

Agents don't replace your pipeline infrastructure — they extend it. Same YAML, same RBAC, same audit trail. New intelligence, same control plane.

⚡

Pipeline‑Native

Agents inherit pipeline semantics — triggers, secrets, environments, failure strategies, and approval gates. No new execution model to learn or secure.

🤖

Model Independent

BYOM by default. Connect Anthropic or OpenAI. Swap models without rewriting agents. Compare performance across providers with the same agent definition.

🔀

Forkable & Shareable

Every agent is a pipeline. Fork System Agents, customize the logic, share via the Agent Marketplace. Teams can standardize, remix, and version their agent library.

🛡️

Security First

Least-privilege by default. OPA-governed actions. Scoped tools. Human-in-the-loop for effectful operations. Every agent decision is logged and reviewable.

👁️

Observable

No hidden prompts. Full reasoning chains in pipeline logs. Inspect exactly what the agent saw, decided, and executed. You own the behavior end-to-end.

🏢

Enterprise‑Grade

Built for regulated industries. Data residency controls, RBAC integration, compliance audit trails, and governance policies that scale to thousands of pipelines.

// SECURITY & GOVERNANCE

Trust Architecture

Agentic automation introduces new attack surfaces — prompt injection, tool side-effects, data exfiltration. Our security model is built on explicit constraints over implicit trust.

🔐

Scoped Permissions

Agents inherit pipeline RBAC. They can only access resources, connectors, and secrets that the pipeline execution context permits.

📜

OPA Policy Gates

Every effectful action is evaluated against OPA policies before execution. Block, warn, or require approval based on declarative rules.

🔧

Allow-Listed Tools

Agents can only invoke explicitly declared tools. No ambient permissions. Tool specifications are reviewed and versioned like code.

👁️

Visible Artifacts Only

Agents create PRs, comments, and logs — never silent mutations. Every output is visible to the team for review and approval.

🏗️

MCP Gateway Proxy

External MCP server calls are filtered and proxied through the Harness MCP Gateway — enabling allow-listing, rate limiting, and content inspection.

📊

Compliance Audit Trail

Full chain-of-thought logging. Model inputs, tool calls, outputs, and decisions are captured for SOC 2, FedRAMP, and enterprise compliance requirements.

// DIFFERENTIATION

Agents vs. Traditional Automation

Dimension	Scripts & Webhooks	Standalone AI Assistants	Harness Agents
Execution Model	External processes, custom infrastructure	API calls, no pipeline context	Pipeline-native steps with full orchestration
Context	Manual wiring via env vars	Chat history only	Knowledge Graph — services, infra, history
Governance	DIY approval scripts	None / per-provider	OPA policies, RBAC, audit logs
Model Flexibility	Hard-coded API calls	Vendor lock-in	BYOM — Anthropic, OpenAI, per-agent
Extensibility	Custom code for each integration	Plugin-dependent	MCP + forkable agents + marketplace
Observability	Custom logging	Chat logs	Full reasoning chain in pipeline logs

// ROADMAP

What’s Shipping

Harness Agents is being delivered iteratively — foundations first, extensibility next, then the marketplace ecosystem.

January 2026 Shipped

Code Review & Code Coverage Agents

The first agents built on the new agentic architecture. Powered by your Harness CI Pipeline results, the Code Review Agent surfaces issues, suggests refactors, and catches logic errors with full build context. The Code Coverage Agent identifies gaps, generates targeted tests to meet user-defined thresholds, and opens PRs with coverage reports — your SDLC feeding intelligence back into your codebase.

February 2026 Building

Foundation Release

Agent runtime, LLM Connectors (Anthropic, OpenAI), and 8 System Agent templates: Autofix, Code Coverage, Code Review, FF Cleanup, Manifest Remediator, Onboarding, React Upgrade, and Zero Day Remediation. Pipeline YAML integration, Step Templates, and Harness Auth for agent execution.

April 2026 — MVP 1 Building

Agent Extensibility

Fork and customize agents. Reference agents across pipelines. Onboarding Agent for guided first-run experience. Agent Marketplace with curated community agents.

H2 2026 Planned

Autonomous Operations

Event-driven agent triggers (incidents, drift detection, SLA breaches). Multi-agent orchestration for complex workflows. Advanced MCP Gateway with content inspection and policy enforcement.