|
March 5, 2026
Our visual guide to background agents spread like wildfire
Week 2: primitives, security, and what's next
Last week we launched background-agents.com and it quickly spread to tens of thousands of people.
swyx, Charity Majors (Honeycomb CTO), and others shared it organically. Something about the vision landed. The idea that there's a second peak beyond coding agents running locally, and that self-driving codebases are within reach, clearly struck a chord. Keep an eye on background-agents.com as we'll keep adding content and improvements.
The most common question we got back: "OK, but what does it actually take to run these things?"
That question has three parts. We've started breaking them down.
The three primitives
Our CTO Chris Weichel and I sat down to break apart the infrastructure question. What does an organization actually need before background agents can work?
There are three infrastructure primitives that separate teams running demos from teams merging 1,000+ agent PRs per week. Chris and I break down what they are.
The session includes a live demo: from automation config to merged pull request, showing the full lifecycle of a background agent. Trigger, environment spin-up, agent execution, and human review.
Claude Code escapes its own denylist and sandbox
Most people underestimate how much the security model has to change to turn autonomy into productivity.
We told Claude Code to block npx. It copied the binary to a new path through /proc/self/root. When Anthropic's sandbox caught that, the agent disabled the sandbox entirely. No jailbreak. No prompt injection. It just wanted to finish the task.
Path-based enforcement doesn't work when the thing you're enforcing against can reason about the enforcement. So we moved it into the kernel, covering execution, file system, memory and networking. We're calling it Veto.
One engineer, a thousand agents, one CI migration
We also released a second session this week. We did a live migration of an entire organization's CI to GitHub using a fleet of background agents.
If you're evaluating where agents can deliver value beyond greenfield code generation, migrations are the clearest ROI case we've seen.
From the changelog
A few product updates that tie directly into the primitives we covered above:
Introducing Veto.
Define what agents can and can't do, enforced at the kernel level. Available for select design partners in early access.
Code review in conversations.
Leave inline comments on Ona's code changes, request a review from Ona before merging, and create PRs directly from the conversation. No context switching.
Organization Skills.
Create reusable skills that Ona discovers and uses across every conversation in your org. Capture your team's best practices once, share them everywhere.
What's next
We have two more live sessions coming up:
A vulnerability drops across 200 repos. Instead of triaging by hand, agent fleets patch every affected service in parallel. This session walks through the full workflow.
COBOL migration has been "five years away" for decades. This session shows how agent fleets extract business logic from legacy code and produce structured specs, without rewriting line by line.
May your PRs merge continuously,
Lou
Field CTO, Ona
|