Engineering deep dives, security research, customer stories, design notes. No press releases.
Most agent turns don't need Opus. The problem is figuring out which ones do — at runtime, before you've spent the money. Here's how Tutti's SmartProvider does it, what we got wrong on the first try, and where it still falls short.
An honest comparison. Each framework gets something right that Tutti doesn't, and vice versa. Here's where we differ, and where we'd recommend using something else.
If you can't explain what an agent did six hours after it did it, you can't operate it. Tutti emits OTEL spans for every run, LLM call, and tool invocation — and you wire it into whatever you already use.
Most frameworks make human-in-the-loop something you wire in. By the time you remember to add it, the agent has already shipped a tweet. Tutti gates destructive operations by default — the wiring is the runtime.
Every framework eventually needs to talk to every other tool. Re-implementing every integration as a first-party voice is the wrong move. The MCP voice means any MCP server is one install away.
If you wait until the model has seen the malicious string, you've already lost. The defence has to be in the architecture: typed tool outputs, sanitised content, boundary markers, runtime isolation.
Most frameworks document a permission model. Tutti enforces one. The difference is the runtime refuses to start when an agent has voices it didn't grant.
Most frameworks treat tools as a flat list. Every team rebuilds the same GitHub wrapper, the same Slack wrapper, the same Stripe wrapper. Voices are how Tutti stops that.
Agent systems aren't general programs. They're a small set of repeating patterns. When you write them as code, the configuration disappears. When you write them as config, the system shape is the file.
I spent early 2026 trying to ship a real multi-agent workflow on top of every framework that almost worked. Each had a different deal-breaker. So I started writing the one I wished existed.
No posts in this category yet.