Agentic Annotated Bibliography

February 17, 2026

I was asked for some reading on the current agentic stuff. Here we go.

AI #

Keep Sutton's The Bitter Lesson in mind when you sprinkle in domain-knowledge into your systems. It's pragmatic in the short term, but may not work in the medium term. (I'd say longer, but the last 12 months have been fast.)

LLMs #

models.dev is the ec2instances.info of LLMs, in that it has a table of all the LLMs available to you.

Agents #

If you assume an llm: string -> string, agents are a really simple ~10-line for loop. My blog post, The Unreasonable Effectiveness of an LLM Agent Loop with Tool Use or Amp's or Fly's are all excellent. Write your own.

An agent is a model, a harness, and UX. Most coding agents' harnesses most important tool is the "shell tool." But other formulations exist; e.g., Itsy Bitsy Bookmarklet (also on this blog) puts the agent in a bookmarklet, and it can modify the page it's on.

If you want to look at a good agent's implementation, https://github.com/badlogic/pi-mono is excellent, and Mario Zechner's opinionated write-up is spot on. I found myself nodding along the entire time.

The coding-agent-loop-spec.md from StrongDM (see Software Factories, below) is a cheeky way to "open source" an agent, but it's got good detail.

Security #

The Lethal Trifecta is Simon Willison's formulation of the dangers of prompt injection. If your agent has access to secrets, can communicate out, and sees untrusted content, it can lose your secrets. As a practical example, running an agent to fix bugs reported in Github Issues might let an attacker create an issue that sends them your secrets.

Using proxies is one way to inject secrets; see Tokenized Tokens.

Using Agents for Coding #

You could do worse than peruse The 7 Prompting Habits of Highly Effective Engineers* for some techniques on how to use agents. It's 8 months old, and some of it is already dated. Josh Bleecher Snyder's blog also has lots of useful tips.

Software Factories #

We went from auto-complete to "not looking at the code at all" (sometimes, sorta) in the last year. Simon Willison's The Five Levels and Software Factory are must reads on the topic of Software Factories.

The Ralph Wiggum Loop is a name for

while :; do
  cat PROMPT.md | claude-code
done

Huntley is prolific and perhaps prolix, but there are other nuggets in his posts.

Another name for this is "orchestrating agents."

Context Length, Cost #

Rescursive Language Models are an encouraging approach to tackle large context windows.

Expensively Quadratic: the LLM Agent Cost Curve by yours truly on the exe.dev covers how cache reads dominate your LLM costs. RLM, above, is interesting in this context.

Not MCP #

MCP was a short-lived fad for defining RPC interfaces that agents can call. It might stick around as a thing, but the lingua franca of agents is bash and wrappers are popping up left and right.

Worktrees and Containerizing Agents #

If you go in for parallel work, you'll quickly find that you'll want to use some form of isolation between your tasks. Git worktrees (Julia Evans always has the best docs) are the same-host solution to multiple checkouts. The VM route is best for isolation. It seems like everyone has written a wrapper for starting agents in a container. (I blogged about mine. See also caic-xyz/md.)

"Famous" people discover vibe coding #

A genre in and of itself.

Wes McKinney (pandas)
Salvatore Sanfilippo (Redis)
David Crawshaw (Tailscale)
Mitchell Hashimoto (Hashicorp/Terraform, Ghostty)