Building AI Agents Without the Plumbing Nightmare
Anthropic's Isabella He walked developers through shipping a production incident-response agent in six functions. Here's what the architecture actually reveals.
Written by AI. Marcus Chen-Ramirez

Photo: AI. Mika Sørensen
There's a particular kind of misery that software engineers know intimately: the 3 a.m. PagerDuty alert. Your phone screams. You're on call. Somewhere, a service is on fire, and it's your job to find out why—half-asleep, fumbling through logs and dashboards and deployment histories while some on-call rotation clock ticks in the background.
It's this specific human suffering that Anthropic's Isabella He used as her workshop framing at Code with Claude London, and it's a smarter choice than it might first appear. By rooting a technical demonstration in something engineers viscerally recognize, she sidesteps the usual trap of agent demos: showing a thing that's impressive but feels untethered from actual work.
Her session—walking a room of developers through building a functional incident-response agent on Claude Managed Agents in roughly six functions—doubles as a pretty clean articulation of what Anthropic is actually selling with its managed infrastructure layer. The pitch isn't "Claude is smart." It's "you shouldn't have to build all this scaffolding yourself."
The Plumbing Problem
To understand what Managed Agents is solving, it helps to trace the progression He laid out. When Anthropic released the Messages API in 2023, developers got raw model access—tokens in, tokens out. Powerful, but everything else was your problem. Context management, the agent loop, compaction, caching: all DIY.
This was fine when models were less capable. Simple models meant simpler tasks meant simpler scaffolding. But as Claude got better at complex, multi-step work, the scaffolding required to keep it running reliably got correspondingly gnarly. Enter the Agent SDK, which gave developers a harness for running Claude Code—the version of Claude that can access a file system and take real actions. But the SDK still left hosting and scaling entirely in your hands.
Managed Agents is the next step: Anthropic handles the infrastructure, you handle the domain logic. The three core primitives are an Agent (the brain—model, system prompt, tools, MCP servers), an Environment (the hands—the sandboxed container where actions actually execute), and a Session (the connective tissue that binds agent and environment and maintains state).
The architectural decision that He spends the most time on is the deliberate decoupling of the agent loop from tool execution. Previously, these ran in the same container. Now they're separate. She cites two concrete benefits: security (credentials can be encrypted and stored separately from the execution environment, rather than being accessible to whatever's running the agent loop) and latency (spinning up containers per-session was a major source of lag; decoupling it produced, per He, "over 90% reduction in TTFT for our P95 metrics on latency").
That's a real number, and it's the kind of thing that matters when you're trying to get a developer to trust a managed platform with their production workloads.
Watching the Agent Work
The workshop demo is a simulated incident: P99 latency is running 10x above baseline, and the agent needs to figure out why. He walks through wiring up tools—get_metrics, get_recent_deploys, get_diff, log fetching—and attaching them locally while the agent loop runs server-side on Anthropic's infrastructure. The split is intentional and instructive: your business logic lives with you, the heavy lifting lives with Anthropic.
When the agent runs, it works through the tools methodically—checks logs, pulls recent deployments, diffs commits—and surfaces a diagnosis: database pool exhaustion traced to a specific commit by a developer named Alice, who refactored an order summary builder in a way that introduced a query that exhausted pool resources. Recommended actions follow.
What's notable about the demo isn't the answer (it's a toy dataset, the answer is predetermined). It's the process visibility. He makes a point of emphasizing that sessions communicate in events, not request-response cycles. Every tool call, every agent response, every user message gets appended to a session log. If a container goes down mid-run, you don't lose the session—you spin the container back up and resume from the log. This is the thing that tends to bite teams when they try to run agents in production on their own: failures are catastrophic because state lives in memory. Here, state lives in the cloud.
"When you close your laptop or you hit hard refresh on your agent," He notes, "everything is maintained and you don't have to worry about durability, reliability, all these various aspects that usually come to bite you when you're trying to turn your agent from a prototype into production."
The session persistence demo—she literally hits hard refresh, and all the previous sessions are still there—is more persuasive than any slide could be.
The Honest Tension
The 10-15x faster to production claim Anthropic makes for Managed Agents deserves a raised eyebrow, not because it's implausible but because "production ready" is doing a lot of work in that sentence. The workshop agent is pulling from local JSON files. Actual incident response means connecting to Datadog, your internal deployment system, your alerting infrastructure—none of which are turnkey integrations. He acknowledges this directly: "everything that you see here that is currently local can be something that's easily movable into infrastructure as well." That's true, and it's also where most of the real engineering time goes.
What Managed Agents is genuinely compressing is the scaffolding overhead: context compaction, caching, session durability, the agent loop itself. He makes the point with a candid anecdote about what happened when Sonnet 4.5 exhibited "context anxiety"—a behavior where the model would wrap up tasks prematurely even when its context window still had room. Anthropic built mitigations into the harness. When Opus 4.5 arrived and the behavior disappeared, those mitigations became dead code. That kind of harness-maintenance cycle, she argues, is exactly what Managed Agents abstracts away.
It's a fair argument. The question is whether developers—especially those at companies with strict data governance requirements—are comfortable handing that layer to a vendor. The new "bring your own compute" capability announced at the London event (your containers, your infrastructure, Anthropic's agent loop) is clearly aimed at exactly this concern, giving teams the ability to keep tool execution within their own security perimeter.
The platform competition context matters here too. Every major AI lab is racing to own this layer. The developer who starts on a managed platform is the developer whose workflows, context, and institutional knowledge start to accumulate there. Switching costs aren't an accident.
What's Actually in the Box
Beyond the basics He walked through, the advanced features gesture at where this is heading. Sub-agents allow an orchestrator to spin up parallel agents with their own context windows, addressing the fundamental context management problem that hits complex long-running tasks. Memory and "dreaming"—where Claude periodically reviews its own memory logs and decides what to retain—is aimed at the self-improving agent use case that gets a lot of attention but has been hard to implement cleanly.
Outcomes is the one I find most conceptually interesting: you define a rubric for what a successful agent run looks like, and the agent figures out which tool calls and actions are needed to get there. It reframes the agent's task from "execute these steps" to "reach this result"—a subtle but meaningful shift in how you specify what you want.
Vaults handles credential management per-session, per-user, with encryption between storage and access—again, leaning on the brain/hands architectural separation. The always-on agent pattern, where external webhooks can wake a session and kick off a state change, points toward incident response agents that don't wait to be invoked at all.
He frames the end state clearly: "you as a human developer can just become the oversight and watch over the agents as they take action." Whether that's aspirational marketing or an accurate description of where production incident response is genuinely headed in the next 18 months is, I think, the only question that actually matters here.
The demo agent finds Alice's commit. The next version, presumably, opens the PR to fix it.
Marcus Chen-Ramirez is a senior technology correspondent at Buzzrag.
AI Moves Fast. We Keep You Current.
Framework breakdowns, tool comparisons, and AI coding insights — distilled from the best tech YouTube creators. Free, weekly.
More Like This
OpenAI's Codex Is Growing Up Fast—And Getting Weird
OpenAI's latest Codex updates add browser control, AI-reviewed approvals, and... animated pets? A look at where AI coding tools are actually heading.
Building Secure AI Agents With Bigtable and ADK
Google's Bora Beran demos a healthcare AI agent built on Bigtable and ADK—and the security layers that make it worth taking seriously.
When Your AI Agent Fails 17% of the Time
Anthropic's workshop on agent architecture drift reveals a 17% failure rate with real regulatory implications for enterprises deploying AI in supply chains.
Agent Observability: How to Monitor AI in Production
AI agents fail differently than normal software. Raindrop's framework for production observability—signals, classifiers, and self-diagnostics—explained clearly.
Claude Managed Agents: What the Infra Layer Reveals
Anthropic's Claude Managed Agents shifts the bottleneck from model intelligence to infrastructure. Here's what the technical architecture actually means for developers.
Claude Code + Better Stack: AI Debugging Without the Tab-Switching
Better Stack's MCP server lets Claude Code pull errors, fix bugs, open PRs, and resolve issues—all from the terminal. Here's what that actually looks like.
WarGames Got the Details Wrong—But the Feeling Right
How a 1983 film used real hardware and strategic Hollywood cheating to capture what early computing actually felt like—even when faking almost everything.
Ten Tools to Fix Claude Code's Terrible Design Aesthetic
Claude Code generates the same purple gradients and Inter font on every site. Here are ten plugins and skills that might actually fix its design problem.
RAG·vector embedding
2026-05-27This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.