🤖 Agents Best Practices：735★ 的 Agent 技能包，把你的 Codex / Claude Code 变成 Agent 架构师

一个 provider-neutral 的 Agent Skill，专治「Agent 跑起来容易，跑好难」

这玩意儿解决什么问题？

老实说，现在搞 Agent 开发的兄弟们普遍状态是：用框架跑个 demo 五分钟，想上生产发现全是坑——工具权限乱给、上下文一长就失忆、没有预算控制、出了问题不知道谁干的。

说的就是这玩意儿。我不是说某个框架不好，而是说整个行业缺一份 「Agent 运行时该长什么样」的参考标准。

agents-best-practices 就是干这个的。735★ 刚发布几天，已经冲上 GitHub Trending。它不是又一个框架，而是一个 provider-neutral 的 Agent Skill，装到 Codex 或 Claude Code 里，你的 Coding Agent 就变成了一个 Agent 架构师。

最骚的操作

安装极其简单，一行命令搞定：

npx skills add DenisSergeevitch/agents-best-practices -g

或者手动装：

# Codex
mkdir -p "${CODEX_HOME:-$HOME/.codex}/skills"
git clone https://github.com/DenisSergeevitch/agents-best-practices.git \
  "${CODEX_HOME:-$HOME/.codex}/skills/agents-best-practices"

# Claude Code
mkdir -p "$HOME/.claude/skills"
git clone https://github.com/DenisSergeevitch/agents-best-practices.git \
  "$HOME/.claude/skills/agents-best-practices"

装完之后，你直接跟你的 AI 说「帮我设计一个风控 Agent」，它就会自动走这个 Skill 的流程，生成一个完整的 MVP 蓝图，包括工具定义、权限分级、预算控制、观测链路。

核心哲学

这个项目最牛逼的地方在于它的核心理念：Agent 不是一个提示词，而是一个运行时。

"The model proposes actions; the harness validates, authorizes, executes, records, and returns observations."

实际开发中拆成七层：

instructions → context builder → model call → 
tool proposal → validation → permission decision → 
execution or approval pause → observation → 
next step or final answer

每层都有明确的边界和检查点。别问我怎么知道的——踩过的坑都是泪。

实际用起来咋样？

比如你让 Agent 设计一个「账户续约风险分析 Agent」：

You > 帮我搭一个账户续约风险评估 Agent。它能读 CRM、工单、用量数据，
      然后生成续约建议。

Agent > 好的，用 approval-gated Level 2 架构。
       MVP 只干一件事：生成风险评估报告 + 草稿建议。

       Core loop:
         user/task -> context builder -> model call -> typed tool call
         -> schema validation -> permission check -> execution or pause
         -> structured observation -> next step or final brief

       Minimal tools:
         - read_account_profile      read_private_data
         - list_support_tickets      read_private_data
         - fetch_usage_summary       read_private_data
         - draft_customer_email      draft_external_message
         - request_approval          approval_gate

       Launch gate:
         20 个历史账户走一遍 trace review，
         无未经审批的外部发送，
         人工审批通过率 ≥ 80%。

看到没？它不会丢给你一个「用 LangChain 搭一个 Agent」这种废话，而是从运行时设计出发，把工具权限、审批流、验证标准全都写清楚了。

有什么坑？

实话讲，这个项目 不是给新手用的。它假设你已经知道 Agent 是什么、为什么要用、基本概念都懂。它不会教你 from scratch 搭 Agent，而是教你 搭一个能上生产的 Agent。

另外，735★ 还算早期，参考文档的覆盖还不太全（比如多 Agent 编排的篇幅很少），但核心的 MVP 蓝图、工具权限、安全评估三份文档写得非常扎实。

总结

• Provider-neutral，Codex 和 Claude Code 都能用，不锁厂商
• 从运行时设计出发，不是提示词工程
• 工具权限分 risk class，窄接口 + 审批门控，不乱暴露 write_database 这种炸弹
• 带了完整的 launch gate 和 checklists

如果你已经在搞 Agent 开发，装一个试试。反正一行命令的事。

🤖 Agents Best Practices: 735★ Agent Skill That Turns Your Codex/Claude Code Into an Agent Architect

A provider-neutral Agent Skill for building production-grade agentic harnesses

The Pain Point

Honestly, the state of agent development is: 5 minutes to run a demo, 5 months to get it production-ready. Tools with no permission boundaries, context that forgets everything after compaction, no budget controls, no observability.

agents-best-practices fixes this. At 735★ and climbing GitHub Trending, it's not another framework — it's a provider-neutral Agent Skill that turns your coding agent into an agent architect.

Installation

One command:

npx skills add DenisSergeevitch/agents-best-practices -g

Or manually:

# Codex
mkdir -p "${CODEX_HOME:-$HOME/.codex}/skills"
git clone https://github.com/DenisSergeevitch/agents-best-practices.git \
  "${CODEX_HOME:-$HOME/.codex}/skills/agents-best-practices"

# Claude Code
mkdir -p "$HOME/.claude/skills"
git clone https://github.com/DenisSergeevitch/agents-best-practices.git \
  "$HOME/.claude/skills/agents-best-practices"

Once installed, ask your agent to "design a risk-assessment agent" and it'll walk through the full MVP blueprint flow — tools, permissions, budgets, observability, launch gates.

Core Philosophy

The central insight: An agent is not a prompt — it's a runtime.

"The model proposes actions; the harness validates, authorizes, executes, records, and returns observations."

Seven layers in production:

instructions → context builder → model call →
tool proposal → validation → permission decision →
execution or approval pause → observation →
next step or final answer

Each layer has clear boundaries and checkpoints. Learned this the hard way.

In Practice

Ask your agent to design an account renewal risk agent:

You > Build an agent for account renewal risk. It should read CRM,
      support tickets, and usage data, then draft renewal actions.

Agent > Using an approval-gated Level 2 harness.
       MVP produces a renewal-risk brief plus draft next actions.

       Core loop:
         user/task → context builder → model call → typed tool call
         → schema validation → permission check → execution or pause
         → structured observation → next step or final brief

       Tools (risk-classified):
         - read_account_profile      read_private_data
         - list_support_tickets      read_private_data
         - fetch_usage_summary       read_private_data
         - draft_customer_email      draft_external_message
         - request_approval          approval_gate

       Launch gate:
         20 historical accounts with trace review,
         zero unapproved external sends,
         ≥80% human acceptance on draft actions.

Notice: no "use LangChain" hand-waving. Real runtime design with permission boundaries, approval flows, and verification criteria.

Caveats

This isn't for beginners. It assumes you know the basics and want to build production-grade agents. At 735★ it's still early — multi-agent orchestration coverage is thin — but the core references (MVP blueprint, tools & permissions, security & evals) are solid.

TL;DR

• Provider-neutral: works with Codex and Claude Code, no vendor lock-in
• Runtime-first design, not prompt engineering
• Risk-classified tools with narrow interfaces and approval gates
• Complete launch gates and checklists

If you're building production agents, npx skills add it. One command.