BD Brain Drip
🧩
Module 02 9 concepts

Harness Primitives

The reusable building blocks every harness exposes — hooks, slash commands, skills, sub-agents, settings, plugins, MCP, and permission scopes.

01

Agent Definitions and Personas

An agent definition is the file that declares a sub-agent’s identity (system prompt + tools + model + termination) and makes it reusable across sessions; the persona is the part of that file that captures voice, role, and decision-making style — together they turn ad-hoc role prompts into versioned, composable artifacts.

 02

Hooks and Lifecycle Events

Hooks are user-defined scripts that fire on harness lifecycle events — before a tool runs, after it returns, when a session starts, when the agent stops — letting you add policy, logging, validation, or transformation without forking the harness.

 03

MCP as the Universal Tool Bus

The Model Context Protocol (MCP) is the cross-harness tool standard — a single MCP server runs identically inside Claude Code, Cursor, ruflo, Codex CLI, Zed, and Continue, which is why the same github or postgres server installation works everywhere and why MCP, not any harness’s native tool format, became the lingua franca of harness extensions.

 04

Permission and Tool Scoping Primitives

A harness’s permission system — which tools a given agent can use, when they require user confirmation, and which paths/commands are off-limits — is enforced at the harness layer (not the model layer) and is the most important security primitive for any agentic deployment.

 05

Plugin and Marketplace Systems

A harness plugin is a packaged directory of extensions (sub-agents, hooks, slash commands, skills, MCP servers) that can be installed into a harness as a unit; a marketplace is the discovery layer that turns plugins into a distributed ecosystem — ruflo’s marketplace and Claude Code’s plugin system are the reference implementations in 2026.

 06

Settings and Configuration Files

A harness’s configuration files (settings.json, CLAUDE.md, .cursorrules, .ruflo/config.toml) are its public API — the user-editable contract through which extensions, permissions, hooks, and memory are declared; their format and merge semantics matter as much as any code in the harness.

 07

Skills vs. Tools

Tools are individual callable functions the model invokes by name (read_file, run_tests); skills are higher-level capabilities the model opts into mid-conversation that bundle a system prompt, instructions, and a curated set of tools — the skill is the unit a model decides to adopt; the tool is the unit it calls.

 08

Slash Commands

Slash commands are user-typed shortcuts (/review, /test, /explain) that inject a parameterized prompt or invoke a workflow inside an active harness session — they are the keyboard-first surface for harness-extension UX, sitting alongside hooks (system-driven) and tools (model-driven).

 09

Sub-Agents as Primitives

A sub-agent is a full agent — its own context window, system prompt, scoped tool registry, and termination condition — that the main agent can spawn for a specific task; sub-agents differ from “role prompts” precisely because of that isolation, and treating them as the same is a common source of multi-agent bugs.