How-Tos & Practical Guides

If you’ve ever watched an AI coding agent ignore your project’s conventions — using the wrong naming scheme, adding unnecessary dependencies, writing tests that don’t match your test runner — there’s a simple fix that most developers haven’t heard of yet. It’s called AGENTS.md, and it’s now natively supported by over 25 AI coding tools. What Is AGENTS.md? AGENTS.md is a plain Markdown file you place in the root of your project repository. AI coding agents read it automatically when they start working in your codebase. It tells them everything they need to know about your project’s specific conventions, constraints, and preferences — before they write a single line of code. ...

If you’ve used GitHub Copilot, Claude Code, Cursor, or OpenAI Codex and wondered what’s actually happening under the hood when the agent “thinks,” plans a multi-step fix, and edits three files at once — Simon Willison just published the definitive practitioner answer. Willison’s new chapter of Agentic Engineering Patterns — titled “How Coding Agents Work” — is the clearest technical breakdown yet of what separates a coding agent from a coding assistant, and why that distinction matters enormously for how you use and build with these tools. ...

If you’re running AI agents in production and they have access to real tools — file systems, APIs, databases, external services — you have a security problem you may not have fully reckoned with yet. The problem: agents are not sandboxed by default. An agent that gets fed a malicious prompt (prompt injection), hallucinates a destructive command, or malfunctions can do real damage to your host system, your connected services, or your data. And most agent frameworks, even the good ones, don’t enforce OS-level isolation between the agent process and the machine it’s running on. ...

The AI agent framework landscape looked very different eighteen months ago. In mid-2024, there were somewhere north of 14 actively-maintained frameworks competing for developer attention — AutoGen, MetaGPT, SuperAGI, AgentVerse, and a long tail of others all vying for the same mindshare. By early 2026, the field has consolidated dramatically. Three frameworks have emerged as the clear dominant players: LangGraph, CrewAI, and Pydantic AI. This isn’t a comprehensive benchmark — it’s a practical decision guide. Here’s how to choose. ...

CNCERT just flagged 135,000 publicly exposed OpenClaw instances. If yours is one of them, this guide is for you. The 2026 OpenClaw security advisory covers two CVEs and a systemic issue with weak default configurations. This guide walks you through the practical steps to harden your deployment — from critical patches to defense-in-depth practices that protect against prompt injection attacks. Time to complete: 30–60 minutes Applies to: All self-hosted OpenClaw deployments Urgency: High — patch the CVEs first ...

Y Combinator CEO Garry Tan just open-sourced gstack — a Claude Code toolkit that transforms a single coding agent into a coordinated team of 8 specialist agents, each optimized for a specific phase of the software development lifecycle. He reportedly merged 100 pull requests in 7 days using it. Product Hunt is calling it “God Mode” for developers. Here’s what it is, why it works, and how to set it up. ...

If you’re building production AI agents in 2026, you’ve almost certainly encountered both MCP (Model Context Protocol) and Agent Skills as architectural options. Both are ways to extend what an AI agent can do — but they operate at fundamentally different levels of abstraction, and choosing between them (or combining them) is one of the most consequential architectural decisions you’ll make early in a project. This guide breaks down how each approach works, when each excels, the compatibility patterns for using both together, and the production deployment tradeoffs that practitioners are discovering in the field. ...

Running Claude Code in a Docker container isn’t just a development curiosity — it’s increasingly the recommended way to work with AI coding agents in a way that’s both powerful and secure. Docker published an official guide this week walking through the full workflow: local model execution with Docker Model Runner, real-world tool connections via MCP servers, and securing agent autonomy inside isolated sandboxes. This guide synthesizes that walkthrough into a practical tutorial for developers who want to get running quickly. ...

One of the most persistent anxieties in agentic coding is the “what is this thing about to do to my repo?” problem. You describe a task. The agent starts executing. And somewhere between your request and the outcome, files get modified, commands get run, and irreversible things happen — sometimes incorrectly. Google just shipped a thoughtful solution to this problem in Gemini CLI: plan mode. Plan mode restricts the AI agent to read-only tools until you explicitly approve its proposed plan. No file writes. No command execution. Just analysis and a detailed proposal — which you review, approve (or reject), and then execute with confidence. ...

Stanford researchers just released OpenJarvis — a local-first framework for building AI agents that run entirely on-device, with no cloud calls required. Tool use, persistent memory, and online learning. All on your hardware, completely private. For anyone who’s been waiting for a serious open-source alternative to cloud-hosted agent frameworks for privacy-sensitive applications — healthcare, legal work, personal data processing, enterprise environments with air-gap requirements — this is worth a close look. ...