Differences and Design Methods for Prompts, Context, Harnesses, Agentics, and Loop Engineering
Prompt, Context, Harness, Agentic, and Loop Engineering address instructions, information, the working environment, autonomous execution, and iterative improvement, respectively. This article explains the boundaries, integration structures, application sequences, validation metrics, and failure prevention methods for these five approaches from a practical perspective.
- Prompt engineering is the process of clearly defining objectives, constraints, examples, output specifications, and success criteria.
- Context engineering manages the relevance, recency, and source of the information that AI uses to make decisions, as well as token efficiency.
- Harness Engineering creates an environment where AI can operate reliably through tools, permissions, sandboxes, documentation structures, validators, and logs.
- Agentic engineering delegates the selection of the next action and tools needed to achieve a goal to AI to a limited extent.
- Loop engineering converges results by linking generation, verification, root cause analysis, correction, re-execution, and termination conditions.
If we lump all efforts to improve the quality of generative AI under the umbrella of “writing good prompts,” it becomes difficult to accurately diagnose the causes of failure. Prompt, context, harness, agentic, and loop engineering are not interchangeable buzzwords, but rather complementary design approaches that address distinct control aspects: request formulation, information selection, execution environment, autonomous decision-making, and iterative improvement.
Core Definitions of the Five Concepts
| Category | Key Question | Primary Design Focus | Representative Output | Representative Success Criteria |
|---|---|---|---|---|
| Prompt Engineering | How should we instruct the AI to perform a task? | Instructions, constraints, examples, output format | Prompt templates, example inputs and outputs | Instruction compliance rate, format accuracy, quality of initial results |
| Context Engineering | What should we show the AI right now? | System guidelines, search documents, conversation history, memory, tool results | Context assembly rules, search and summarization policies | Relevance, recency, evidence-based accuracy, token efficiency |
| Harness Engineering | What kind of working environment should we create to make it difficult for the AI to make mistakes? | Tools, Permissions, Sandbox, Repository Structure, Validators, Logs | Work Rules, Tool Interfaces, Testing and CI, Runbooks | Reproducibility, Safety, Verifiability, Recoverability |
| Agent-Centric Engineering | Who will decide the next action, and within what scope? | Goals, Plans, Tool Selection, State Transitions, Delegation | Agent Loop, Orchestration, Approval Points | Task Completion Rate, Appropriate Tool Selection, Human Intervention Rate |
| Loop Engineering | How will we converge when the initial result is incorrect? | Generation, Evaluation, Cause Classification, Correction, Re-execution, Termination Conditions | Evaluator, Regression Testing, Retry Policy, Failure Classification | First-Pass Rate, Recovery Rate, Number of Iterations, Final Pass Rate |
Connecting these five concepts in a single line yields the following:
Express a request → Present the necessary information → Provide a safe working environment → Allow the AI to choose its next action → Verify and improve until the results meet the criteria.
Points to Note When Interpreting Terminology
While “prompt engineering” and “agent” are relatively widely used terms, the scope of “harness engineering” still varies depending on the context. Some articles refer to nearly all execution layers—excluding the model—as a “harness,” while others narrow the definition to the rules, verification, and feedback structures that coding agent users create outside the repository. “Loop engineering” is also best understood as a practical term describing the design of generation and validation as a closed-loop feedback process, rather than a formal classification fixed by a single standard. ([OpenAI][1])
1. Prompt Engineering: Designing the Quality of Instructions
Prompt engineering is the process of making the instructions given to a model clear and verifiable. While it often produces the most noticeable effects in a single request-response cycle, it also applies to system messages and multi-turn dialogue rules.
A good prompt typically separates the following elements:
- Goal: What needs to be accomplished?
- Input: What is the subject of analysis, and what are the input boundaries?
- Constraints: What should not be done; acceptable ranges; length and format
- Output Contract: The structure of the result (e.g., JSON, table, code snippet)
- Success Criteria: What conditions must be met for the response to be considered correct?
- Handling Uncertainty: How should the system handle situations where information is insufficient or conflicting?
- Examples: Representative inputs and outputs that demonstrate the expected behavior
A practical template can start simply, as shown below.
Objective:
Input:
Constraints:
Output Format:
Success Criteria:
Verification Method:
Handling Uncertainty:
Representative Examples:
It is important to define success criteria and empirical testing methods before refining the prompt. Not all failures can be resolved by modifying the prompt; costs, delays, tool errors, and incorrect data selection may be issues at other levels. ([Claude Platform Docs][2])
Problems That Prompt Engineering Effectively Solves
- Issues where the output format frequently breaks
- Issues where the priority of instructions is ambiguous
- Problems where the input and output are relatively clear, such as classification, extraction, transformation, and summarization
- Problems where performance stabilizes when representative examples are provided
Problems That Are Difficult to Solve with Prompts Alone
- When necessary facts or files are missing from the input
- When outdated or conflicting documents are mixed together
- When external systems must be safely queried or modified
- When multiple execution stages and failure recovery are required
- When there is no way to objectively verify whether the result is correct
2. Context Engineering: Designing the Information the AI Sees
Context engineering is the process of selecting, organizing, compressing, and updating all the information available to the model at the moment it generates an answer. Context may include not only the prompt but also system guidelines, user requests, conversation history, search documents, memory, tool descriptions, tool execution results, the current time, permission status, and task progress.
Since the context window is finite, the goal is not to “include as much as possible,” but rather to include the necessary information at the right time. Anthropic describes context as a critical but finite resource for agents and recommends strategies such as a minimal toolset, representative examples, runtime search, compression, and memory management for long interactions. ([Anthropic][3])
Key Design Principles
- Relevance First: Include only the information necessary for the current stage.
- Source and Recency: Manage the document’s creation date, version, owner, and reliability together.
- On-Demand Retrieval: Rather than pre-loading all data, retrieve it from files, databases, or search systems as needed.
- Information Hierarchy: Distinguish between fixed rules, current tasks, reference materials, and tool results.
- Conflict Resolution: If multiple sources conflict, specify priorities and the authoritative source.
- Compression and State Preservation: Summarize old conversations without losing decisions, unresolved issues, or supporting links.
- Separation of Instructions and Data: Establish boundaries to prevent sentences in web pages or documents from being treated as system commands.
Example
When a customer support AI answers a question about refund policies, simply reinforcing the prompt “Provide an accurate answer” has its limitations. Proper context engineering involves retrieving and providing the customer’s country, purchase date, product type, current policy version, exceptions, and order status at the appropriate moment, while ensuring that the policy provisions used in the response are traceable.
3. Harness Engineering: Designing the Environment Where AI Works
A harness is the operational framework that connects the model’s intelligence to real-world tasks. Harness engineering involves designing the work environment so that common AI errors are prevented or detected early through documentation, tools, permissions, structure, automated validation, and feedback.
Key Components of the Harness
| Component | Role | Example |
|---|---|---|
| Work Instructions | Specify procedures and prohibitions for repetitive tasks | AGENTS.md, runbooks, checklists |
| Knowledge Structure | Enables AI to easily find necessary materials | Repository map, ADR, glossary, collection of examples |
| Tool Interfaces | Clearly restrict inputs and outputs of actions | File search, database queries, code execution, deployment APIs |
| Execution Environment | Isolates failures and improves reproducibility | Sandbox, container, fixed dependencies |
| Validator | Automatically verifies that results meet criteria | Schema validation, unit tests, linters, policy checks |
| Permissions and Authorization | Restrict risky actions | Least privilege, separation of read/write access, human approval |
| Observability | Record what was observed and what actions were taken | Traces, logs, tool invocation records, costs |
| Recovery Mechanisms | Safely roll back and resume after a failure | Checkpoints, rollbacks, retry budgets |
OpenAI’s harness engineering case study describes the engineer’s role as extending beyond simply writing code to designing environments, intentions, repository knowledge, and loops of testing, verification, review, and recovery. The key is not to simply ask the AI to “try harder,” but to explicitly add the missing capabilities and signals to the environment. ([OpenAI][1])
Example Data Structure
/ai
/instructions # Common rules and role-specific guidelines
/skills # Procedures for repetitive tasks
/examples # Good and bad results
/evals # Evaluation data and scoring rules
/policies # Permissions, security, and approval policies
/runbooks # Troubleshooting and exception handling
This structure itself is not the only correct answer. What matters is that the data remains up-to-date, contains minimal duplication or conflicts, is accessible to the AI when needed, and that the rules lead to automated verification.
4. Agent-Based Engineering: Provide Goals and Tools, Then Delegate the Next Action
Agentic engineering is a design approach that provides AI with goals, tools, task status, and boundary conditions, allowing it to independently choose the next steps within a certain range to achieve those goals.
Anthropic defines a workflow as a system that coordinates LLMs and tools via a predetermined code path, and defines an agent as a system in which the model dynamically determines its own process and tool usage. OpenAI also describes an agent as a system in which an LLM manages workflow execution and dynamically selects tools to interact with external systems. ([Anthropic][4])
Basic Agent Loop
- Observe the current goal and state.
- Plan the next subgoal or action.
- Select a tool and execute it.
- Check the results and changes in the environment.
- Decide on one of the following: complete, modify, retry, or hand off to a human.
When Agents Are Appropriate
- When the sequence of tasks varies with each input
- When unstructured information—such as natural language, documents, or code—must be interpreted
- When multiple tools must be used selectively
- When plans must be adjusted based on intermediate results
- When failure causes are diverse and a certain level of recovery is possible
When Agents Are Overkill
- Simple automation with fixed rules and sequences
- Tasks that can be reliably resolved with a single API call or SQL query
- Tasks with no means of verification and extremely high error costs
- Systems that perform irreversible actions—such as payments, deletions, or deployments—without approval
- Multi-agent structures where the number of agents is increased merely to expand roles, even though a single agent would suffice
Autonomy is not a binary concept. It can be categorized into: an advisory type that only makes recommendations; an execution type that allows only limited read/write access; a supervised type that requires approval at key stages; and a high-autonomy type that operates for extended periods within a low-risk scope. Autonomy should be expanded in stages according to task risk and verification capabilities.
5. Loop Engineering: Designing a Verifiable Improvement Process
Loop engineering is not simply a matter of retrying. It involves creating an explicit, closed-loop feedback system consisting of generation → verification → root cause analysis → selection of a correction strategy → re-execution → termination decision.
Components of a Proper Loop
- Generate Candidates: Create drafts, code, plans, or data transformation results.
- Validation: Execute tests, schema checks, reference data checks, policy checks, and rationale checks.
- Classification of Causes: Distinguish between instruction errors, missing context, tool failures, implementation defects, and evaluator defects.
- Correction: Apply the minimum changes necessary to address the cause of failure.
- Re-execution: Do not repeat the entire process from the beginning; instead, restart from the necessary steps.
- Termination: Stop when one of the following conditions is met: passing, reaching the maximum number of iterations, exceeding the cost limit, exceeding the time limit, or reaching the uncertainty threshold.
- Regression Protection: Verify that the new modification has not broken existing successful cases.
Agent evaluation is more complex than single-turn evaluation, which considers only inputs and outputs. Since agents call tools multiple times and alter the state of the environment, it is necessary to examine not only the final result but also the process and environmental changes. The core of automated evaluation is providing an input and applying scoring logic to the output or the altered state. ([Anthropological][5])
Verifier Priorities
- Deterministic Verification: Compilation, unit tests, schemas, mathematical constraints, and permission checks
- Reference-Based Validation: Reference data, citations of original sources, database cross-checks
- Rule-Based Validation: Prohibited words, required fields, policy conditions
- Model-Based Evaluation: Items that are difficult to formalize into rules, such as style, semantic preservation, and overall quality
- Human Evaluation: High-risk judgments, validity of the objective itself, and approval of exceptions
Whenever possible, use deterministic validation first, and do not allow the model to self-score its own results based solely on model evaluation. When using model evaluation, include evaluation criteria, examples, bias checks, and human review of samples.
The Five Approaches Form a Hierarchy, Not Substitutes
In real-world systems, the five approaches operate together.
- Prompts establish a contract for current actions.
- Context provides the state and rationale necessary for judgment.
- The harness provides an actionable environment and safety mechanisms.
- Agent-based design allocates the authority to choose the next action.
- Loop design detects errors and converges quality.
Therefore, it is inaccurate to assume that “context engineering has replaced prompt engineering” or that “using agents eliminates the need for workflows.” The broader layer simply encompasses or utilizes the narrower layer, and for simple problems, a simple design may be more stable.
Practical Example: An AI Coding System That Fixes Bugs
Let’s assume an AI is fixing a bug where “only certain users encounter a 500 error after logging in.”
Prompt Engineering
- Verify the conditions under which the error occurs.
- Do not modify the public API.
- Resolve the issue with minimal changes.
- Report test results and remaining risks after the fix.
Context Engineering
- Issue description and error logs
- Relevant request trace IDs
- Files related to authentication and user models
- Recent change history
- Architecture rules and coding standards
- Failed tests and execution environment information
Harness Engineering
- Tools for repository search, file reading/editing, and test execution
- Isolated branches and sandboxes
- Formatters, linters, unit and integration tests
- No-change zones and permission policies
- Logs of all commands and file changes
- Rollbacks and checkpoints in case of failure
Agent-Based Engineering
AI selects the sequence of steps—reproduction, hypothesis formulation, exploration of relevant code, patching, testing, and result summarization—based on the situation. However, deployments or data changes require human approval.
Loop Engineering
If a test fails, instead of repeating the same command, the system classifies the failure type. If it’s a reproduction failure, it supplements context collection; if it’s a regression failure, it refines the patch; and if it’s an environment error, it restores dependencies and settings. The process ends when all required tests pass and justification for the change is documented.
How to Determine What Kind of Engineering Is Needed Based on Problem Symptoms
| Symptom | Area to Check First |
|---|---|
| Output format or style is frequently inconsistent | Prompt |
| Facts or files required for the answer are missing | Context |
| Incorrect tool selection or execution of dangerous commands | Harness and permission design |
| Many variations that are difficult to handle with a fixed sequence | Agent-based design |
| Initial results are often incorrect, but automatic evaluation is possible | Loops and evaluators |
| The cause of failure is unknown and difficult to reproduce | Observability of the harness |
| Costs increase with each iteration without any improvement in quality | Cause classification, verification signals, and termination conditions |
| The more data there is, the worse the answers become | Context organization and search policy |
Recommended Implementation Order
Step 1: First, establish success criteria and an evaluation set
Collect representative tasks, challenging cases, and prohibited cases, and define how results will be evaluated. If no ground-truth data is available, at a minimum, establish a schema, required evidence, policy compliance, and human evaluation criteria.
Step 2: Establish a single-call baseline
Measure performance, cost, and latency using the simplest prompt and the minimum necessary context. Without a baseline, it is difficult to distinguish the effects of complexity when deploying an agent.
Step 3: Instrument context provisioning
Record which documents and tool results were included, how old they were, and whether they were actually used in the response. Distinguish between search failures and excessive context.
Step 4: Create a Minimal Harness
Reduce the number of tools and clarify their names and inputs. Prioritize sandboxes, least privilege, automated testing, logs, and checkpoints.
Step 5: Grant Limited Autonomy
Have a single agent begin by performing read-only, low-risk tasks. Specify termination conditions and conditions for human handover, and require separate approval for write, delete, payment, and deployment permissions.
Step 6: Close the Validation and Recovery Loop
Link failure classifications, remediation strategies, maximum number of iterations, cost limits, and regression tests. Expand the scope of tools and autonomy only after the success rate has stabilized.
Operational Metrics
Since there are no universal target values, benchmarks must be set based on task risk and cost.
| Metric | Meaning |
|---|---|
| Task Completion Rate | The percentage that meets the final success criteria |
| First-Pass Success Rate | The percentage of tasks that passed on the first attempt without iterative corrections |
| Recovery Rate | The percentage of tasks that succeeded through the loop after the first failure |
| Average Number of Iterations | The number of cycles required to reach success or termination |
| Tool Selection Error Rate | The percentage of inappropriate or unnecessary tool invocations |
| Evidence Completeness | The percentage of key claims supported by traceable sources |
| Human Intervention Rate | The percentage of cases requiring approval, modification, or re-instruction |
| Cost and Delay per Successful Unit | The resources required to complete a single successful task |
| Number of Safety Incidents | The number of authorization violations, incorrect writes, or irreversible actions |
| Regression Failure Rate | Percentage of new changes that break existing successful cases |
Common Design Mistakes
| Area | Mistake | How to Improve |
|---|---|---|
| Prompt | Cumulates all exceptions into a single sentence | Structure the rules and separate representative examples from evaluation criteria |
| Prompt | Instructs to “write well” without success criteria | Specify format, required content, prohibited actions, and evaluation criteria |
| Context | Includes all irrelevant documents | Use runtime search and step-by-step context |
| Context | Provides both outdated and current policies | Manage versions, expiration dates, and source references |
| Harness | Provides many tools with overlapping functionality | Design a minimal set of tools with clear parameters |
| Harness | Lacks write permissions and rollback capabilities | Implement least privilege, sandboxing, and checkpoints |
| Agent-based | Creates multiple agents from the start | Verify using a single agent and a deterministic workflow |
| Agent-based | Allows continuous execution without completion conditions | Establish explicit termination, budget, and handover conditions |
| Loop | Repeats the same request verbatim | Classify failure causes and change the points of correction |
| Loop | Self-evaluates all results using a single generative model | Combines deterministic checks, reference comparisons, and human sample reviews |
Implementation Checklist
- Are success conditions verifiable not only through text but also, to the extent possible, through machine-readable checks?
- Are the priorities of prompts, reference materials, and tool outputs clearly separated?
- Can the source, version, expiration date, and owner of documents be tracked?
- Are tool names and parameters clear and free of overlap?
- Are read, write, delete, payment, and deployment permissions separated by risk level?
- Are there sandboxes to isolate failures and rollback mechanisms in place?
- Are all critical actions and tool calls logged in a reproducible format?
- Are there external validators, such as tests, schemas, and policy checks?
- Are the maximum number of iterations, cost, time, and conditions for human handover defined?
- Is there regression testing to ensure new improvements do not break existing use cases?
Conclusion
A good AI system is not the one with the longest prompts. It is a system that distinguishes where failures occurred—whether in instructions, information, environment, decision-making, verification and recovery, and applies the simplest solution at that specific layer. A stable approach is to first establish success criteria and a baseline for a single call, then augment context and the harness only as much as necessary, and finally expand autonomy and the iteration loop within verifiable bounds.
FAQ
Do the five engineering methods have to be implemented in order?
These are not fixed maturity levels. However, once you establish success criteria and a single call baseline, organize the prompts and context, and add a harness, autonomy, and an iteration loop as needed, it becomes easy to measure the effects of complexity.
Is context engineering replacing prompt engineering?
They are not interchangeable. A prompt defines the actions to be taken and the output agreement, while context provides the facts, states, and rationale necessary for those actions. A good system designs both together.
What is the difference between context engineering and harness engineering?
Context engineering focuses on the information a model perceives at a given moment. Harness engineering encompasses the tools, permissions, execution environments, document structures, logs, and recovery mechanisms used to locate that information, perform actions, and inspect the results.
How do agents differ from general workflow automation?
While general workflows follow a predefined sequence and branching logic, agents interpret their current state to dynamically select their next actions and tools. For tasks with stable rules, deterministic workflows may be more cost-effective and predictable.
How is loop engineering different from a simple retry?
A simple retry merely regenerates the output under the same conditions. Loop engineering involves verifying a failure using an external validation signal, classifying the cause, modifying the necessary components—such as the prompt, context, tools, or implementation—and then applying termination conditions and regression testing.
When should I use multiple agents?
This approach is considered when the tools and permissions vary significantly by role, and when a single agent’s context or set of tools becomes too large, leading to degraded performance and evaluation. Creating multiple agents solely for the purpose of dividing roles can increase costs, latency, error propagation, and the difficulty of debugging.
Is it okay to let AI evaluate its own results?
While it can be used as a supplementary indicator, relying on it as the sole validation tool is risky. Whenever possible, apply tests, schemas, reference data, and policy rules first, and supplement model evaluation with explicit rubrics and human sample reviews.
What should I include in the harness documentation?
Include recurring work procedures, repository and system structures, permitted and prohibited actions, tool usage instructions, examples of best and worst practices, test commands, troubleshooting procedures, approval policies, and completion criteria. The documentation should be concise, searchable, and version-controlled.
What is the most important security principle to follow when incorporating external documents into a context?
External documents must be treated as untrusted data and kept separate from system guidelines. Tool privileges must be minimized to prevent the execution of commands contained in the documents, and critical actions such as writing, deleting, payment, and distribution must be subject to separate policy checks and human approval.
Where should a small team start?
Gather a small set of representative evaluations and failure cases to establish a baseline for a single model invocation. It is then most efficient to identify which of the following is the primary cause of failure—instructions, information, the tool environment, planning, or verification—and improve the system one layer at a time.
Sources
- Overview of Prompt Engineering - Claude Platform Docs
- Effective Context Engineering for AI Agents
- Harness Engineering: Leveraging Codex in an Agent-First World
- Building Effective Agents
- A Practical Guide to Building Agents
- Demystifying Eval Functions for AI Agents
- Harness Engineering for Coding Agent Users
Images

