agent-harness-designlisted

# Agent Harness Design Ten operational reference sheets for designing a safe, observable agent harness. They are **situational** — load only the one(s) relevant to the current task from `references/` (this is why they live in a skill rather than always-on rules: building an agent harness is occasional, so the detail should not bloat every session's context). - `references/agent-tool-design.md` — 15-class risk taxonomy, 7-type permission decision object, draft/commit naming, structured tool results, deferred tool loading, hosted vs client tools, connector code-execution pattern. - `references/context-trust-labels.md` — trusted / semi_trusted / untrusted labels + verbatim boundary statement; prompt-injection defense. - `references/agent-budgets.md` — 10 mandatory budget types every agent loop must declare. - `references/agent-evals.md` — 13 eval categories + 13 adversarial test cases + when to add regression evals. - `references/agent-observability.md` — 16 trace fields per model call, 7-question audit, 6-step incident response. - `references/agent-plan-artifact.md` — planning mode, plan artifact format (10 fields), plan-validate-execute. - `references/agent-approval-records.md` — approval request/result JSON schemas, scope/expiration, no self-approval. - `references/agent-streaming.md` — buffering for incremental tool calls when stream=True; abort handling; output guardrail modes. - `references/agent-event-model.md` — 13 typed events for harness state persistence (replay/aud