Skip to content
AI Primer
release

Anthropic releases Claude Managed Agents patterns for long-running agents

Anthropic published Claude Managed Agents examples for long-running production agents. The patterns cover outcome rubrics, self-correction, and sharing sandbox context between agents.

5 min read
Anthropic releases Claude Managed Agents patterns for long-running agents
Anthropic releases Claude Managed Agents patterns for long-running agents

TL;DR

  • Anthropic is framing six months of Claude Platform work as agent infrastructure: ClaudeDevs said the Platform added APIs for building and deploying agents, with production patterns now visible.
  • Outcomes are a rubric-driven self-correction loop: ClaudeDevs' outcomes clip says Claude can keep working until a completion rubric is satisfied.
  • Multi-agent support is now an explicit Managed Agents pattern: ClaudeDevs' multi-agent clip says agents can use different models, prompts, and tools while sharing sandboxes or vault credentials.
  • The Console surface is catching up to operations: testingcatalog's Workbench screenshot shows a Build-section Workbench with a fallback model beta, while testingcatalog says Managed Agents has an Observability tab for token usage and error rates.
  • The adoption bottleneck is shifting from model access to verification and guardrails, according to bcherny's guardrails thread.

Christmas come early for agent-infra nerds: the Outcomes notebook creates a second grader in its own context window, fetches cited URLs, checks quote strings, and returns per-criterion gaps. The multiagent notebook scopes a web researcher, file-reading librarian, and pricing modeler into one coordinator; Anthropic's Managed Agents architecture post explains why it split sessions, harnesses, and sandboxes, including a claimed p50 TTFT drop of roughly 60% and p95 drop over 90%. The June 30 release notes add event deltas, per-session agent overrides, vault injection locations, and broader webhooks.

Outcome rubrics

Managed Agents Outcomes gives a session a second agent whose only job is to check, according to Anthropic's Outcomes cookbook.

The core loop is short:

  • user.define_outcome sends a deliverable description to the writer and a rubric to the grader.
  • The grader starts with an independent context window after each writer turn.
  • The grader either passes the artifact or returns per-criterion gaps.
  • The writer revises until the rubric passes, the run is interrupted, or max_iterations is hit.
  • max_iterations defaults to 3 and maxes at 20; Anthropic's notebook sets it to 5 for a strict rubric.

The example is a cited brief on EV fast-charging economics. Its rubric checks seven coverage items: capex range, demand charges, utilization breakeven, subsidy programs, named-operator economics, a skeptical source, and hardware versus install cost split. It also checks each citation for three statuses: LIVE, QUOTE_MATCH, and SUPPORTS_CLAIM.

Multi-agent rosters

ClaudeDevs described the second pattern as agent-to-agent communication, with different models, prompts, tools, sandboxes, and vault credentials available per agent.

Anthropic's multiagent cookbook turns that into a coordinator plus three specialists:

  • prospect_researcher: uses web_search and web_fetch for segment priorities.
  • case_study_picker: reads only the mounted case-study library.
  • pricing_modeler: sees pricing_rules.md and the seat count.
  • Proposal Writer: sequences the specialists and writes /mnt/session/outputs/proposal.md.

The runtime events are also named: the stream prints session.thread_created when a subagent starts and agent.thread_message_received when one reports back. In the notebook run, the coordinator spawns research and pricing in parallel, then starts case-study selection after research returns.

Sessions, sandboxes, and vaults

Anthropic's architecture post says Managed Agents virtualizes three components:

  • session: the append-only log of what happened.
  • harness: the loop that calls Claude and routes tool calls.
  • sandbox: the execution environment where Claude runs code and edits files.

The important boundary is credentials. The same post says Git tokens can be wired into the local remote during sandbox initialization, while MCP OAuth tokens live in a secure vault and are fetched by a proxy. Claude's generated code runs in the sandbox without direct access to those secrets.

The latency claim is concrete: moving the harness out of the container let sessions start inference before sandbox provisioning, which Anthropic says cut p50 time-to-first-token by roughly 60% and p95 by over 90%.

Workbench and observability

Testingcatalog spotted the product surface moving in the same direction as the API surface.

The Workbench screenshot shows the Console's new Build section, a request builder for Messages API calls, and a beta fallback-model dropdown. The Managed Agents Observability tab tracks token usage and error rates, per testingcatalog.

The Claude Platform release notes add matching API plumbing:

  • Event deltas for GET /v1/sessions/{session_id}/events/stream.
  • Backward pagination for GET /v1/sessions.
  • Per-session overrides for model, system prompt, tools, MCP servers, or skills.
  • Vault injection_location for environment-variable credentials, covering request headers, request body, or both.
  • Webhooks for agent, deployment, and deployment-run lifecycle events.

Guardrail bottlenecks

bcherny framed the org problem as uneven adoption: one engineer can 10x output with Claude while the rest of the organization lags behind.

The follow-up thread says tokens alone do not move teams up the adoption curve. The missing pieces are bottleneck removal and guardrails.

For higher levels, the thread listed concrete mechanisms:

  • End-to-end verification.
  • Auto mode for permissions.
  • Automated code review and security review.
  • Interfaces for managing multiple agents at once, including Agent view in CLI, Desktop, mobile apps, and Tag.
  • /loop, /batch, dynamic workflows, and worktree isolation for subagents.

A separate code migration starter kit uses the same exit-condition framing for migrations: if the existing test suite cannot judge parity, build a portable parity harness before translation.

Automation failures

steipete sharpened the local-context failure mode with code review examples: a PR rejected for using the wrong iOS framework, or a designer-built feature rejected for violating architectural patterns.

The quote calls those rejections “failures of automation.” In Managed Agents terms, the missing artifact is not more tokens; it is the repo-specific framework, architecture, and review policy becoming part of the agent's executable context.

Further reading

Discussion across the web

Where this story is being discussed, in original context.

On X· 2 threads
TL;DR1 post
Sessions, sandboxes, and vaults1 post
Share on X