mech.app
Dev Tools

VAEN: Packaging Agent Harnesses as Portable .agent Files

How VAEN bundles tools, MCP servers, and state into reusable agent modules, and the dependency isolation challenges that come with it.

Source: github.com
VAEN: Packaging Agent Harnesses as Portable .agent Files

VAEN tackles the agent reusability problem by introducing a packaging format for AI coding agents. Instead of copy-pasting instructions, tool configurations, and MCP server setups across projects, you bundle everything into a .agent file and import it wherever you need it.

The core idea: treat agent capabilities like npm packages. Define tools, MCP servers, prompts, and secrets in a structured format, then distribute and compose them without coupling to a specific framework or cloud platform.

The Portability Problem

Most agent setups live as scattered configuration files, environment variables, and README instructions. When you want to reuse an agent harness in a new repo or share it with a teammate, you face:

  • Manual recreation of tool configurations
  • Inconsistent MCP server versions across environments
  • Secret management that breaks when you move contexts
  • No clear versioning or dependency resolution

VAEN proposes a single artifact that carries the entire harness: tool definitions, MCP server references, prompt templates, and credential placeholders.

What Goes in a .agent File

A VAEN harness packages:

  • Tool boundaries: Which functions the agent can call, with schemas and execution constraints
  • MCP server configs: References to Model Context Protocol servers, including connection details and capability declarations
  • State management rules: How the harness maintains context across invocations
  • Secrets schema: Placeholder definitions for API keys, tokens, and credentials (not the secrets themselves)
  • Prompt templates: System and user prompt fragments that define agent behavior

The file format is JSON-based, making it parseable by any runtime that supports the VAEN spec.

Dependency Isolation Challenge

The hard part: what happens when two harnesses need conflicting tool versions or MCP server configurations?

VAEN’s approach is namespace isolation. Each harness gets its own tool registry and MCP client pool. When you import multiple harnesses, they don’t share tool instances by default. This prevents version conflicts but introduces coordination overhead.

Trade-off table:

Isolation ModelConflict RiskMemory OverheadCross-Harness CallsVAEN Choice
Shared registryHighLowDirectNo
Per-harness namespaceLowMediumRequires proxyYes (default)
Per-invocation sandboxNoneHighNot supportedNo

VAEN picks per-harness namespaces. If you need two harnesses to share state or call each other’s tools, you explicitly declare a bridge in the import configuration.

State Management Boundary

Each harness maintains its own context window and conversation history. When you import a harness, it starts with a clean slate unless you pass in a serialized state object.

State serialization format:

{
  "harness_id": "code-reviewer-v2",
  "context": {
    "conversation_history": [],
    "tool_call_log": [],
    "mcp_server_state": {}
  },
  "checkpoint_timestamp": "2026-05-28T08:15:00Z"
}

This means you can snapshot a harness mid-conversation, export it, and resume in a different environment. The cost: you need to manage state persistence yourself. VAEN doesn’t include a built-in state store. Common patterns include file-based snapshots for local development, Redis for distributed setups, or object storage (S3, GCS) for long-term archival.

MCP Server Packaging

VAEN treats MCP servers as first-class dependencies. When you package a harness, you reference MCP servers by URI or local path. The harness manifest includes:

  • Server connection string (HTTP, WebSocket, or stdio)
  • Required capabilities (read, write, execute)
  • Initialization parameters
  • Health check configuration

At import time, VAEN resolves the MCP server reference and spins up a client connection. If the server isn’t available, the import fails fast with a clear error.

Example manifest snippet:

{
  "mcp_servers": [
    {
      "id": "github-api",
      "uri": "mcp://registry.example.com/github-v1",
      "capabilities": ["read", "write"],
      "init_params": {
        "rate_limit": 5000
      }
    }
  ]
}

Secret Scoping

Secrets are scoped per-harness, not per-user or per-host. When you import a harness, you provide a credential map that binds secret placeholders to actual values.

The harness manifest declares required secrets:

{
  "secrets": [
    {
      "key": "GITHUB_TOKEN",
      "description": "GitHub API token with repo scope",
      "required": true
    }
  ]
}

At runtime, you inject secrets via environment variables, a secrets manager integration, or a local .env file. VAEN doesn’t store secrets in the .agent file itself.

This keeps the harness portable but pushes secret management to the import layer. You need a strategy for distributing credentials when sharing harnesses across teams.

Distribution and Versioning

VAEN doesn’t prescribe a registry or distribution mechanism. You can:

  • Commit .agent files to version control
  • Host them on a file server or CDN
  • Build a private registry with semantic versioning

The manifest includes a version field and optional dependency declarations. If you want npm-style dependency resolution, you’ll need to build or integrate a resolver on top of VAEN’s primitives.

Failure Modes

Common breakage points:

  1. MCP server unavailability: If a referenced server is down or unreachable, the harness won’t initialize. Mitigation: implement health checks in your import wrapper before attempting full harness initialization.
  2. Tool schema drift: If a tool’s signature changes between harness versions, calls fail at runtime. No compile-time validation. Mitigation: version your tool schemas and enforce strict semantic versioning in your registry.
  3. State deserialization errors: If you try to resume a harness with an incompatible state snapshot, you get undefined behavior. Mitigation: include a schema version in your state snapshots and validate on load.
  4. Secret injection failures: Missing or malformed credentials cause silent failures unless you add explicit validation. Mitigation: validate all required secrets at import time before the harness starts executing.

Technical Verdict

Use VAEN when:

  • You’re building a library of reusable agent capabilities for internal teams
  • You need to version and distribute agent configurations without vendor lock-in
  • You’re integrating multiple MCP servers and want a consistent packaging format

Avoid VAEN when:

  • You need a turnkey agent runtime with built-in orchestration and state management
  • You want automatic dependency resolution and conflict detection
  • You require production-grade observability and failure recovery out of the box

VAEN is a packaging primitive, not a full agent platform. It solves the distribution problem but leaves orchestration, monitoring, and lifecycle management to you.