--- title: "Agent Stack — June 7, 2026" description: "LangChain ships `create_agent` primitive with composable middleware for production harnesses; Google Managed Agents API provisions remote sandbox and st…" canonical_url: "https://artificialcuriositylabs.ai/daily/agent-stack/2026-06-07/" md_url: "https://artificialcuriositylabs.ai/daily/agent-stack/2026-06-07.md" published_at: "2026-06-07T00:00:00.000Z" beat: "agent-stack" topics: - "langchain" - "sdk" - "middleware" - "harness" - "create_agent" - "production" --- ## The read The harness, tool surface, and delegation topology are commoditizing together. When every vendor ships MCP and orchestration, the moat is how humans wire judgment, guardrails, and institutional context into the agent loop — not whether agents can run. ## What moved - **LangChain ships `create_agent` primitive with composable middleware for production harnesses** — [LangChain Blog](https://www.langchain.com/blog/how-to-build-a-custom-agent-harness) LangChain published `create_agent`, a minimalist three-parameter primitive (model, tools, system prompt) that exposes a middleware layer as the main customization surface. Middleware slots cover context-overflow summarization, filesystem/memory persistence, shell and code-interpreter access, retry and fallback logic, PII/policy enforcement, and human-in-the-loop approval gates. The design lets teams build these production behaviors once and reuse them across multiple agents. **Builder angle:** Replaces ad-hoc harness scaffolding with a composable middleware stack you can test and reuse — directly changes how you wire context management, approvals, and retry into any agent loop. - **Google Managed Agents API provisions remote sandbox and stateful harness via single REST call** — [Google Cloud Blog](https://cloud.google.com/blog/products/ai-machine-learning/what-google-cloud-announced-in-ai-this-month) Announced at Google I/O 2026, the Gemini Enterprise Agent Platform Managed Agents API (pre-GA) lets developers POST to the Interactions endpoint to provision a Google-hosted remote sandbox and agent harness in one call. An `environment_id` parameter reuses a persistent container — preserving libraries, scripts, files, and state — across multi-turn runs; `previous_interaction_id` continues conversation history. Agents can execute code, manage files, and call backend systems without the developer managing underlying compute or security. **Builder angle:** Offloads sandbox lifecycle and state management to Google infrastructure — you get a durable, multi-turn agent execution environment without running your own harness server. - **NVIDIA NemoClaw open blueprint ships OpenShell secure runtime for long-running industrial agents** — [NVIDIA Blog](https://blogs.nvidia.com/blog/industrial-software-leaders-secure-autonomous-ai-engineers-nemoclaw/) NVIDIA published NemoClaw, an open blueprint for building specialized, long-running agents that combines a choice of orchestration harness (OpenClaw or Hermes), a model router, and NeMo customization libraries. The open-source OpenShell runtime core governs per-agent access to files, networks, and tools with policy-based security at every layer. Early industrial adopters include Cadence, Dassault Systèmes, Siemens, and Synopsys, compressing weeks of simulation workflows into hours. **Builder angle:** NemoClaw's pluggable harness + OpenShell security layer provides a concrete reference architecture for domain-specific long-running agents where tool access must be policy-governed. ## Also tracking - **Glean launches enterprise MCP Gateway with precomputed knowledge-graph context layer** — [source](https://www.glean.com/blog/introducing-glean-mcp-gateway) — Routing agent tool calls through a precomputed knowledge graph gateway reduces context tokens ~30% and offloads permission enforcement to the connector layer—eliminating per-source OAuth wiring at agent build time. - **Noma releases Agent Access Control with real-time MCP server registry and per-tool 3-state gating** — [source](https://www.helpnetsecurity.com/2026/06/02/noma-brings-visibility-and-access-governance-to-ai-agents-and-mcp-servers/) — Per-tool 3-state gating scopes agent permissions to individual MCP operations rather than granting or denying entire server access—enabling narrow least-privilege without manual per-connection policies.