GitHub - shenli/awesome-agent-infra: Curated infrastructure resources for building production AI agents: runtimes, sandboxes, workspaces, tool protocols, security, observability, and evaluation.

20 min read Original article ↗

A curated collection of infrastructure resources for building production AI agents: runtimes, workspaces, sandboxes, tool protocols, context systems, security, observability, and evaluation.

Last reviewed: 2026-07

This list focuses on the systems layer below agent products and above foundation models.

It is not a general "awesome AI agents" list. It is focused on the infrastructure needed to run agents safely and reliably in production.

Organized around one question, asked of every component: what state is this, and where does it belong?

Contents

Scope

Included:

  • Agent runtimes and control planes
  • Durable execution
  • Workspace and runtime state
  • Sandbox and execution environments
  • Tool protocols such as MCP
  • Context files and repo-level guidance
  • Security, permissions, and policy
  • Observability, tracing, and evaluation
  • Coding-agent workflows
  • Relevant systems books and videos

Not included:

  • Prompt collections
  • General AI app directories
  • Chatbot UI tools
  • Generic RAG tools unless they are directly relevant to agent infrastructure
  • End-user agent products without clear infrastructure lessons

Core Concepts

Concept Meaning
Agent runtime The execution layer that runs agent loops, manages state, retries, tools, and human interaction.
Harness The model-facing loop and scaffolding that turns model outputs into actions.
Workspace The durable working state an agent reads and writes during a task. Not just a folder.
Sandbox The isolated compute environment where actions execute.
Session / run The ordered record of an agent execution attempt.
Tool protocol The interface by which agents discover and call external tools or resources.
Policy Runtime constraints over tools, data, paths, permissions, and publish actions.
Publish lifecycle The process of promoting candidate agent output into source-of-truth systems.
Observability Traces, logs, metrics, costs, evals, and replay data for agent behavior.
Storage concern The persistence needs around agent metadata, conversations, run events, workspaces, artifacts, memory, and traces.

Foundational Articles

Resource Layer Why it matters
Anthropic: Building Effective Agents Runtime Practical guide arguing for simple composable agent patterns instead of over-engineered abstractions.
Lilian Weng: Harness Engineering for Self-Improvement Harness / runtime Frames harnesses as the deployment layer around models: workflow, tools, context, persistent state, permissions, and evals.
Anthropic: Effective Context Engineering for AI Agents Context / Runtime Good framing for context as runtime design rather than prompt stuffing.
Anthropic: Writing Effective Tools for AI Agents Tooling Useful for designing tool APIs agents can actually use.
Martin Fowler: Context Engineering for Coding Agents Coding agents / Context Strong developer-facing explanation of workspace files and repo context for coding agents.
Temporal: What Is Durable Execution? Durable execution Core concept for long-running, crash-resilient workflows.
DBOS: Durable Execution for Crashproof AI Agents Durable execution Applies durable execution ideas directly to AI agents.
GitHub Blog: A practical guide on how to use the GitHub MCP server Tool protocol / GitHub workflow Practical reference for MCP + GitHub integration.
Anthropic: Building with Claude Managed Agents Runtime Defines the brain/hand/session split, vault-brokered credentials, and session-derived memory in a first-party production agent runtime note.
OpenAI: Sandbox Agents Runtime / sandbox Draws the harness/control-plane vs. compute/sandbox-plane line, with credentials treated as runtime configuration rather than prompt content.
OpenAI: The next evolution of the Agents SDK Runtime / SDK Official launch context for Sandbox Agents and the Agents SDK direction.
Vercel: Agentic Infrastructure Runtime Reports that over 30% of Vercel deployments are agent-triggered and maps sandboxes, workflows, gateway, and observability into shipped infrastructure.
HumanLayer: 12-Factor Agents Runtime The stateless-reducer framing: agent execution as a function over an append-only event log.
Manus: Context Engineering for AI Agents Context / workspace Production note arguing for filesystem-backed context and stable append-only traces.
Microsoft Agent Framework at Build 2026 Runtime / hosted agents First-party description of Agent Harness, hosted agents, per-session VM isolation, filesystem persistence, and OpenTelemetry.
OpenRath: Session-Centered Runtime State for Agent Systems Runtime state Makes the case for session as a first-class runtime value rather than incidental chat history.

Runtime and Control Plane

Projects

Project Type Why it matters
LangGraph Runtime framework Stateful graph runtime for long-running agents, persistence, human-in-the-loop, and durable execution.
OpenAI Agents SDK Python SDK Lightweight SDK for building agentic apps. Useful baseline for minimal abstractions.
OpenAI Agents SDK TypeScript SDK TypeScript version, useful for JS/TS infrastructure builders.
Omnigent Meta-harness / control plane Common orchestration layer over coding agents and custom agents, with policies, sandboxing, shared sessions, and multi-device collaboration.
LiteLLM Agent Platform Agent platform Self-hostable control plane for calling and managing coding agents with per-session isolation and shared proxy infrastructure.
LiteLLM Agent Runtime Runtime Coding-agent daemon designed to run inside per-session VMs, with customization layered through repo, team, and session config.
Microsoft Foundry Agent Service Hosted runtime Framework-agnostic hosted agent service with session isolation, durable state, tracing, evaluation, and production deployment hooks.
OpenHands Agent platform Full open-source software-agent platform with sandboxed execution and developer workflows.
OpenHands Software Agent SDK SDK Composable SDK for building software-development agents.
SWE-agent Coding-agent scaffold Simple and influential coding-agent scaffold for GitHub issue solving.
mini-SWE-agent Minimal agent Small baseline for understanding the minimal loop needed to solve coding tasks.
Goose Local agent runtime General-purpose open-source agent with CLI, desktop, API, and MCP extension ecosystem.
Semantic Kernel Enterprise SDK Enterprise-oriented orchestration and agent framework from Microsoft.
CrewAI Multi-agent framework Popular multi-agent orchestration framework.
AutoGen Multi-agent framework Influential multi-agent framework. Useful historically and architecturally.
Letta Stateful agents / memory Platform for stateful agents with advanced memory. Useful for understanding memory-first agent design.
Letta Code Coding agent / memory Memory-first coding agent. Useful contrast with workspace-first designs.

Papers

Paper Why it matters
Infrastructure for AI Agents Defines agent infrastructure as external technical systems and protocols that mediate agent interaction.
AI Runtime Infrastructure Proposes runtime infrastructure between model and application. Useful for control-plane framing.
OpenHands: An Open Platform for AI Software Developers as Generalist Agents Important system paper for software agents.
The OpenHands Software Agent SDK Architecture of a composable SDK for production software agents.
Agents Learn Their Runtime Shows that runtime persistence semantics affect agent behavior.

Tool Protocols and Context Interfaces

MCP

Resource Type Why it matters
Model Context Protocol official docs Docs Main entry point for MCP.
MCP specification Spec Protocol details.
MCP TypeScript SDK SDK Official TypeScript SDK.
MCP servers repository Repo Reference and community MCP server directory.
GitHub MCP Server MCP server Important integration for coding-agent workflows.
MCP security best practices Security docs Required reading for secure MCP host/server design.
MCP Safety Audit Paper Demonstrates real security failures enabled by MCP-style tool integration.
MCPSafetyScanner Tool Scanner for MCP server security issues.
NSA: Model Context Protocol Security Security guidance Government security guidance for MCP adoption.

Context and Repo Guidance

Resource Type Why it matters
AGENTS.md Open format Simple repo-level instruction format for coding agents.
AGENTS.md GitHub repo Repo Source for AGENTS.md examples and adoption.
Evaluating AGENTS.md Paper Important empirical warning: repo context files can reduce task success when overloaded.
Configuring Agentic AI Coding Tools Paper Analyzes configuration mechanisms across Claude Code, Copilot, Cursor, Gemini, and Codex.
OpenAI Codex AGENTS.md example Example Real-world AGENTS.md usage in a coding-agent repo.

Workspace and Runtime State

Resource Type Why it matters
Resilient Write paper Paper Durable write surface for coding agents. Very relevant to workspace design.
Resilient Write blog Blog More engineering-oriented explanation of durable write paths.
BranchFS Filesystem project FUSE-based copy-on-write branching workspace. Useful for fork/snapshot semantics.
TClone Paper Low-latency forking of live GUI workspaces for computer-use agents.
Git worktree docs Git docs Basic primitive for isolated local candidate workspaces.
Git apply docs Git docs Basis for patch-based publish.
Git format-patch docs Git docs Basis for exporting deltas and patch bundles.
GitHub Pull Requests docs Workflow docs Publish target for coding-agent output.
GitHub Actions docs CI docs Common validation stage for agent-produced changes.

Sandbox and Execution

The useful first question is not "which provider?", but "what boundary protects the host?". Agent sandboxes also need a state model, because long-running agents often need files, snapshots, or branches to survive beyond one process.

Isolation model Boundary Typical fit
Process policy sandbox Host process plus OS policy Local tools or helper processes with filesystem and network limits.
Shared-kernel container Namespaces, cgroups, capabilities, seccomp Dense Linux workloads where compatibility matters more than kernel separation.
Userspace-kernel container Container API with syscall mediation Stronger isolation than ordinary containers while preserving OCI-style workflows.
Language or WebAssembly runtime Engine-level isolate or capability grants Controlled plugins, edge functions, and short-lived extension code.
MicroVM Separate guest kernel per workload Untrusted Linux code, generated code, package installs, and agent execution.
VM-backed container runtime Container UX backed by lightweight VMs Kubernetes or OCI workflows that need a stronger tenant boundary.
Full VM or enclave Hypervisor VM or confidential-computing TEE Broad OS compatibility or highly sensitive secret-handling paths.
State model What persists or branches Why it matters for agents
Ephemeral runtime Nothing durable by default Good for one-shot code execution and tests.
Durable volume Files survive sandbox stop/start Useful for package caches, generated artifacts, and long tasks.
Filesystem snapshot Filesystem state can be cloned or restored Enables branch-mutate-evaluate workflows without rebuilding environments.
Memory/process snapshot Running state can resume from a checkpoint Useful for fast warm starts and long-lived interactive sessions.
Branchable backing services Databases or object state can fork cheaply Keeps agent experiments isolated beyond the filesystem.

Managed Agent Sandboxes

Resource Type Why it matters
E2B docs Cloud sandbox docs Cloud sandbox for AI agents. Useful for remote execution, code interpreter, and agent runtime patterns.
E2B GitHub Repo Open-source infrastructure for AI code execution sandboxes.
E2B coding agents docs Use-case docs Shows how secure sandboxes are exposed to coding agents with terminal, filesystem, and Git access.
Daytona docs Sandbox docs Secure sandbox runtime for AI-generated code.
Daytona sandboxes docs Sandbox docs Lifecycle and sandbox concepts.
Daytona GitHub Repo Secure and elastic runtime for AI-generated code execution and agent workflows.
Modal Serverless compute Useful reference for fast, dynamic cloud execution, even if not agent-specific.
Modal docs Docs Good reference for serverless execution, container images, sandboxes, secrets, and jobs.
Modal Sandbox docs Sandbox docs Useful example of exposing programmatic sandboxed command execution.
Modal: Code execution sandboxes for browser-use agents Scale note Public production-scale numbers for agent sandbox concurrency and session volume.
Northflank: E2B vs Modal Comparison article Helpful market and architecture comparison for AI code execution sandboxes.
Blaxel Sandboxes Sandbox docs Distinguishes snapshot-backed standby from durable-volume persistence, a useful split for agent workspace design.

Browser, GUI, and Computer-Use Sandboxes

Resource Type Why it matters
Browserbase docs Browser sandbox docs Cloud browser infrastructure for browser agents and automation.
Browserbase Browser infrastructure Useful reference for running browser sessions remotely for agents.
Stagehand docs Browser-agent framework docs Browser automation framework built around AI-assisted browser actions.
Stagehand GitHub Repo Open-source browser automation framework for AI agents.
browser-use GitHub Browser agent project Popular open-source project for browser-using agents.
browser-use docs Docs Practical browser-agent execution and automation patterns.
Microsoft Playwright MCP MCP server Browser automation through MCP using Playwright.
Playwright docs Browser automation docs Useful lower-level browser automation primitive.
Scrapybara docs Browser / computer sandbox docs Reference for hosted computer-use and browser sandboxes.
Scrapybara GitHub Repo Agent-facing computer-use sandbox project.
BrowserArena Paper / eval Live open-web agent evaluation platform; useful for understanding web-agent failure modes.
FP-Agent Paper Fingerprinting AI browsing agents; relevant for browser-agent detection and control.

MicroVM and VM Isolation

Resource Type Why it matters
Firecracker MicroVM docs Canonical microVM isolation technology.
Firecracker GitHub Repo Source and architecture reference.
Firecracker paper Paper System design behind Firecracker.
Firecracker getting started Docs Practical details of launching a microVM.
AWS Lambda MicroVMs AWS docs Shows how Firecracker-style microVMs are used in a production serverless environment.
Cloud Hypervisor VMM project Rust-based VMM focused on modern cloud workloads.
Cloud Hypervisor GitHub Repo Useful reference for VMM architecture and cloud VM lifecycle.
QEMU Emulator / VMM General-purpose virtualization and emulation baseline.
KVM docs Kernel virtualization Linux kernel virtualization foundation used by many VM and microVM systems.
Kata Containers Secure containers Combines container UX with VM isolation.
Kata Containers docs Docs Useful reference for VM-backed container isolation.
Kata Containers GitHub Repo Implementation reference for container-like VM isolation.

Container Isolation and Runtime Hardening

Resource Type Why it matters
Docker Engine docs Runtime docs Container execution basics.
Docker security docs Security docs Container security baseline: namespaces, capabilities, seccomp, rootless mode, daemon risks.
Docker seccomp docs Security docs Default seccomp profile and syscall restrictions.
Docker rootless mode Security docs Useful for reducing daemon and root risk in local sandboxes.
Docker AppArmor docs Security docs AppArmor profile support for Docker containers.
containerd Runtime Core container runtime used by many systems.
containerd GitHub Repo Implementation reference for container lifecycle.
runc OCI runtime Low-level OCI container runtime used by Docker and containerd.
OCI Runtime Spec Spec Standard interface for container runtimes.
Podman Container runtime Daemonless container engine, useful for rootless and local execution models.
Podman docs Docs Rootless container and pod execution patterns.

Linux Kernel and Process Confinement

Resource Type Why it matters
Linux namespaces man page Kernel docs Foundation for container isolation.
Linux cgroups v2 docs Kernel docs CPU, memory, IO, and process resource control.
seccomp kernel docs Kernel docs Syscall filtering primitive.
AppArmor docs LSM docs Mandatory access-control profiles for process confinement.
SELinux project LSM project Mandatory access-control system; important conceptually for strong policy enforcement.
gVisor docs Container sandbox docs Userspace kernel that provides an additional isolation boundary for containers.
gVisor GitHub Repo Implementation of a sandboxed container runtime.
gVisor architecture guide Architecture docs Explains how gVisor interposes between application and host kernel.
nsjail Process sandbox Linux namespaces, cgroups, seccomp-bpf, and resource limits in one tool.
bubblewrap Unprivileged sandbox Commonly used by Flatpak; useful for lightweight local process isolation.
Firejail Linux sandbox SUID sandbox using namespaces and seccomp.
Landlock LSM docs Kernel docs Unprivileged access-control mechanism for sandboxing.
Sandlock paper Paper Confines AI agent code using unprivileged Linux primitives. Highly relevant to local-agent execution.
Sandlock GitHub Repo Companion implementation for the Sandlock paper.

Kubernetes and Cluster Execution

Resource Type Why it matters
Kubernetes Pods Execution primitive Smallest deployable unit in Kubernetes.
Kubernetes Jobs Execution primitive Useful for batch agent runs and retryable executions.
Kubernetes Pod lifecycle Lifecycle docs Useful for mapping agent run state to pod states.
Kubernetes securityContext Security docs Per-pod and per-container privilege, user, group, and capability settings.
Kubernetes seccomp Security docs Applying seccomp profiles to pods.
Pod Security Admission Security docs Cluster-level pod security policy baseline.
Kubernetes NetworkPolicy Network policy Useful for sandbox egress control.
Kubernetes Resource Management Resource limits CPU and memory quotas for sandbox runs.
Kueue Batch scheduler Useful for queued agent jobs and batch sandbox execution.
Argo Workflows Workflow engine Kubernetes-native workflow execution; useful for multi-step sandbox jobs.

Sandbox Security Papers and Measurement

Resource Type Why it matters
AI Code Sandboxes: Comparative Security Study Paper Compares engine-level properties such as attack surface, leakage, stackability, CVE history, patch cadence, and fuzzing.
AI Sandboxes: Threat Model, Taxonomy, and Measurement Framework Paper Gives a broad sandbox taxonomy and measurement framework for fidelity, controllability, observability, containment, reproducibility, and governance artifacts.
Fault-Tolerant Sandboxing for AI Coding Agents Paper Transactional sandboxing approach with policy interception and filesystem rollback.
ceLLMate: Sandboxing Browser AI Agents Paper Browser-level sandboxing framework for reducing prompt-injection blast radius.
AgentBay Paper Hybrid interaction sandbox for agent and human takeover across Linux, Windows, Android, browser, and code-interpreter environments.

Security, Policy, and Governance

Resource Type Why it matters
OWASP Top 10 for LLM Applications Security checklist Main LLM app threat categories.
OWASP Agentic AI Threats and Mitigations Security guidance Agent-specific threat model.
Promptfoo docs Tool Practical eval and red-team framework.
Promptfoo OWASP Agentic AI docs Security eval Agentic application red-team presets.
Runtime Governance for Policy-Constrained Execution Paper Good argument for separating agent cognition from runtime policy enforcement.
AgentWall: A Runtime Safety Layer for Local AI Agents Paper Runtime safety layer for local agents.
Security Engineering, Ross Anderson Book Deep reference for security engineering, access control, and threat modeling.

Observability and Evaluation

Resource Type Why it matters
OpenTelemetry Observability standard Vendor-neutral traces, metrics, and logs.
OpenTelemetry Collector Collector Standard telemetry pipeline.
OpenTelemetry GenAI semantic conventions Spec Emerging schema for GenAI telemetry.
OpenTelemetry GenAI semantic conventions repo Repo GenAI-specific conventions.
Langfuse docs OSS observability Open-source LLM tracing, eval, prompt management.
Langfuse GitHub Repo Self-hostable observability platform.
LangSmith observability Observability docs Good reference for full-stack LLM/agent observability.
LangChain: Agent Evaluation Readiness Checklist Evaluation checklist Practical checklist for designing, running, and shipping agent evals.
Promptfoo Eval / red-team CLI and framework for LLM eval and red-teaming.
SWE-bench Benchmark Canonical benchmark for real GitHub issue resolution.
SWE-bench GitHub Repo Evaluation harness and datasets.
SWE-agent experiments Eval logs Open predictions, logs, trajectories, and results.
AIDev: Studying AI Coding Agents on GitHub Paper Large-scale empirical study of real coding-agent PRs.

Observability Checklist

A production agent run should record:

  • Run ID
  • Workspace ID
  • Model and harness
  • Tool calls
  • File changes
  • Command execution
  • Cost and latency
  • Policy decisions
  • Publish attempts
  • External references such as PR URLs
  • Error and retry history
  • Final outcome

Coding-Agent Workflows

Resource Type Why it matters
OpenHands GitHub Action Workflow docs Example of integrating a coding agent into GitHub workflows.
OpenHands automated code review Workflow docs Coding-agent code review flow.
GitHub Copilot: The agent awakens Product / workflow Useful view into mainstream coding-agent workflows.

Data Layer and Storage

Agent infrastructure usually combines several storage concerns: control-plane records, conversation and run history, workspace state, artifacts, memory, and observability data. This section focuses on reusable storage ideas rather than generic application frameworks.

Note: no purpose-built session-store engine exists yet. The session log's contract - idempotent append, read-your-own-tail at low latency, per-session ordered replay, and fork - fits neither OLTP nor plain append logs. Pointers welcome.

Control-Plane Metadata

Agent definitions, identity, permissions, config, source references, and low-volume control-plane state usually fit normal OLTP systems well.

Resource Why it matters
PostgreSQL Strong default metadata store for identity, config, policy, workspace specs, and source references.
PostgreSQL JSONB docs Useful when specs and policy need typed relational fields plus flexible structured payloads.
PostgreSQL advisory locks Practical primitive for workspace locks, publish locks, and idempotent control-plane operations.

Conversation and Run History

Agent runs are easiest to debug and replay when prompts, model calls, tool calls, decisions, file changes, and checkpoints are recorded as ordered history. Some frameworks implement replay and branching at the framework layer; storage choices need to preserve the semantics those features depend on.

Resource Why it matters
LangGraph persistence and time travel Framework-level checkpointing, replay, and forking show concrete requirements for durable run history.
HumanLayer: Factor 12, Stateless Reducer Frames agent execution as deterministic reduction over persisted events.
Claude Code commands: /branch Product example where branching a conversation/session is exposed as a native workflow.

Workspace and Artifact State

Coding agents and computer-use agents often need durable files, snapshots, forked workspaces, generated artifacts, and discardable candidate output. This is where storage design meets sandbox lifecycle.

Resource Why it matters
Replit snapshot engine Shows a compute-and-storage fabric where filesystem state is durable and addressable independently of any one container.
Cloudflare Sandboxes GA Sandboxes are addressed by name, sleep at zero compute cost, and wake with state intact; only compute is disposable.
MinIO docs S3-compatible object storage reference for artifacts, logs, and workspace-adjacent binary state.

Memory

Long-running agents may need memory beyond a single run. The important infrastructure questions are provenance, branching, compaction, retention, and whether memory is editable or only append-derived.

Resource Why it matters
AWS Bedrock AgentCore Memory Treats memory branching as a named capability for message edits, what-if exploration, and divergent context paths.

Observability and Analytics Storage

Trace-shaped analytical reads are a well-understood storage problem, but they have different needs than conversation replay or workspace state.

Resource Why it matters
ClickHouse Common storage engine for high-volume analytical telemetry and trace-style reads.
ClickHouse async inserts Shows why analytics-shaped engines can fail the session-store contract: async insert defers visibility and deduplication happens later, the opposite of read-your-writes.

Books

Book Why it matters
Designing Data-Intensive Applications State, consistency, durability, lineage, logs, storage, and systems tradeoffs.
Google SRE Books Reliability, operations, incident response, SLOs, and production discipline.
Site Reliability Engineering table of contents Free online SRE book.
Operating Systems: Three Easy Pieces Processes, virtualization, concurrency, persistence, and filesystems.
Distributed Systems, Maarten van Steen Naming, replication, consistency, coordination, and fault tolerance.

Videos and Talks

MCP and Tool Protocol

Video Why watch
The Model Context Protocol Good MCP overview.
Building Agents with Model Context Protocol - Full Workshop Practical MCP workshop.
MCP 201 - Code w/ Claude More advanced MCP talk.
Why we built-and donated-the Model Context Protocol Standardization and governance context.
The Creators of Model Context Protocol Interview-style protocol background.

Runtime and Durable Execution

Video Why watch
LangGraph: Intro Intro to graph-based agent runtime.
LangGraph Essentials Higher-level overview of LangGraph.
LangGraph Crash Course Practical walkthrough.
Durable AI Agents: LangGraph.js Durable execution in LangGraph.js.
Building Durable, Long-Running Autonomous Agents Durable agent workflows.

Sandbox Videos

Video Why watch
AWS re:Invent Firecracker talk Firecracker architecture and motivation.
Firecracker: Secure and Fast microVM MicroVM isolation details.
Face off: VMs vs Containers vs Firecracker Isolation tradeoffs.
How AWS's Firecracker virtual machines work Explainer on Firecracker.
How AI Agents Execute Code Runtime environment for AI code execution.
On Stream: AI Agents Running Containers with Daytona Practical AI-agent container runtime discussion.
A cracking time: Exploring Firecracker & MicroVMs MicroVM concepts and demos.
Firecracker/microVM support for Jenkins Slaves Example of CI-style microVM worker isolation.

Observability Videos

Video Why watch
OpenTelemetry for GenAI and OpenLLMetry GenAI observability concepts.
How OpenTelemetry Helps Generative AI Practical OTel and GenAI framing.
Making GenAI Observable with OpenTelemetry GenAI telemetry talk.
How To Debug AI Agents: Tracing, Observability & Evals Debugging agent systems.
Promptfoo Red Team Tutorial Practical red-team and eval tutorial.

Coding Agents

Video Why watch
Software Development Agents: What Works and What Doesn't Practical OpenHands perspective.
OpenHands Community: Agent Control Plane Agent control-plane discussion.
Dynamic Workflows using OpenHands SDK SDK workflow concepts.
OpenAI Codex Tutorial: AGENTS.md Coding-agent repo guidance file usage.
Code w/ Claude Developer Conference playlist Claude Code, MCP, and agent workflow talks.

Related Awesome Lists

List Focus
awesome-agentic-ai Broad principles, standards, and technologies for agentic AI.
awesome-production-agentic-systems Production-oriented libraries and systems.
awesome-harness-engineering Harness engineering, tools, evals, memory, MCP, permissions.
awesome-agents General list of AI agents.
awesome-ai-agents General autonomous agent list.
awesome-ai-sandboxes AI sandbox providers and runtime environments.
awesome-agent-orchestration Agent orchestration and multi-agent systems.
awesome-ai-agent-papers Papers on AI agents.

Contributing

Contributions are welcome. Please read CONTRIBUTING.md before opening a pull request.

A resource belongs here if it helps answer at least one of these questions:

  • How should an agent runtime manage state?
  • How should tools be exposed safely?
  • How should workspace changes be isolated and published?
  • How should sandboxes execute untrusted or semi-trusted actions?
  • How should agent runs be traced, evaluated, and replayed?
  • How should secrets, permissions, and policy be enforced?
  • How should coding agents integrate with repos, issues, PRs, and CI?

A resource does not belong here if it is only:

  • A generic prompt engineering article
  • An end-user chatbot product
  • A generic AI app directory
  • A model leaderboard with no infrastructure implications
  • A shallow tutorial with no reusable systems insight