Development Representative

Vercel's eve: an open-source agent framework built for production. Vercel just open-sourced eve, the framework it uses to run more than 100 agents internally. Its pitch is simple: an agent is a directory, tools are files, and the production plumbing comes built in. Here is what eve actually does, why it matters, and how to think about adopting it. At its Ship conference on June 17, 2026, Vercel released eve, an open-source framework for building, running, and scaling AI agents. The framing in the announcement is direct: "Agents today are where the web was before frameworks, with everyone hand-rolling the same plumbing." eve is Vercel's attempt to do for agents what Next.js did for the web, which is to standardize the repetitive infrastructure so teams can focus on what their agent actually does. That comparison is worth taking seriously, because it is the same company making it about its own most successful product. It is also worth scrutinizing, because the hardest parts of shipping an agent are rarely the parts a framework solves. This post breaks down what eve is, what comes built in, the larger bet it sits inside, and how technology leaders should think about adopting it. What eve actually is. eve is filesystem-first. An agent is a directory, and the files inside it map directly to capabilities. There is no separate wiring layer to maintain. agent/ agent.ts # model configuration instructions.md # system prompt and personality tools/ # custom capabilities (one file per tool) skills/ # markdown knowledge files subagents/ # delegated agents channels/ # Slack, Discord, HTTP, and more schedules/ # cron-style triggers The configuration surface is deliberately small. A working agent can be as little as a model declaration: import {defineAgent} from "eve"; export default defineAgent({ model: "anthropic/claude-opus-4.8",}); Tools are single TypeScript files with typed input validation and an async execute function. Skills are markdown files that teach the agent domain rules and context. Subagents are child agents the parent can delegate to, each with its own instructions and tools. The result is that an agent reads like a project rather than a tangle of glue code, and the structure is the same regardless of which team built it or what it does. eve is open source on GitHub under an Apache-2.0 license, and a project scaffolds in under a minute with npx eve@latest init. What comes built in. The configuration is the easy part. The reason eve is interesting is the set of production concerns it handles by default, the work most teams discover they need only after their prototype meets real traffic. Six capabilities stand out. * Durable execution. Conversations checkpoint at each step, so a session can survive a crash, a deploy, or a long pause and resume exactly where it stopped. This is built on Vercel's open-source Workflow SDK. * Sandboxed compute. Agent-generated code is treated as untrusted. Every agent gets its own isolated sandbox for shell commands, scripts, and file access, running on Vercel Sandbox in production and Docker locally. * Human-in-the-loop approvals. Any action can be flagged to require a human sign-off. The agent pauses there indefinitely without burning compute, which matters for anything that touches money, customer data, or production systems. * Subagents. A parent agent can hand work to specialized child agents, each scoped to its own tools and instructions, instead of stuffing every capability into one prompt. * Evals. Scored test suites validate agent behavior locally, in CI, or against a deployed agent, so a change that quietly breaks behavior gets caught before it ships. * Multi-channel deployment. One agent can run across Slack, Discord, Teams, Telegram, Twilio, GitHub, Linear, and plain HTTP without rebuilding it per surface. For observability, eve exports OpenTelemetry traces to the tools teams already run, including Datadog, Honeycomb, and Jaeger, and a local eve dev server shows every model call, tool execution, and skill load as it happens. Each of these is solvable on its own. The argument eve makes is that solving all of them, the same way, on every agent, is the part that does not carry over from one project to the next. How it connects to the rest of your Stack. An agent is only useful if it can reach real systems. eve connects through Model Context Protocol servers, any OpenAPI document, and Vercel Connect, which replaces long-lived credentials with short-lived tokens and ships with pre-built integrations for Slack, GitHub, Snowflake, Salesforce, Notion, and Linear. The model layer is configurable through Vercel's AI Gateway, with fallback providers, so the anthropic/claude-opus-4.8 in the example above is a default rather than a lock-in. The larger bet. eve did not launch alone. Vercel positioned it as the framework on top of an "Agent Stack" that bundles its existing pieces: the AI SDK, AI Gateway, Vercel Sandbox, the Workflow SDK, and the Chat SDK. CEO Guillermo Rauch used the launch to argue that the company is becoming infrastructure for the "agent era," and he brought numbers. Vercel says agent-triggered deployments grew from under 3% of commits to more than 50% in six months, and token volume through its AI Gateway rose from 2 million to 20 million. The most credible evidence is that Vercel runs eve itself. The company says it operates more than 100 agents in production on the framework, including a data analyst that fields over 30,000 Slack questions a month, a support agent it credits with resolving 92% of tickets autonomously, and a revenue-operations agent built by non-engineers in six weeks. Treat the specific figures as vendor claims, because they are. But a framework its maker depends on at that scale is a different proposition from one shipped as a demo. How to think about adopting it. eve is a strong piece of engineering, and for teams already on Vercel it lowers the cost of getting an agent to production in a real way. The decision to use it, though, sits downstream of harder questions that no framework answers for you. The first is whether the agent should exist at all. The documented failure mode for agentic AI is not bad plumbing. It is automating a workflow that was never worth automating, or handing autonomy to a process that needed a form. eve makes building faster, which makes building the wrong thing faster too. The second is lock-in, and it cuts both ways. The framework is open source and the model layer is portable, both genuine. But the production story, durable execution, sandboxing, and the dashboard, is most seamless on Vercel's own platform. That is a reasonable trade for many teams and a dealbreaker for a few. It is a decision to make deliberately, with eyes open, not one to back into because the scaffolding was convenient. The third is governance. The approval gates, eval suites, and OpenTelemetry traces eve provides are the right primitives. They are not a policy. Who approves what, what an agent is allowed to touch, and how you prove after the fact that it behaved are organizational decisions the framework can enforce but cannot make. How this maps to how Honra works. At Honra Honra Llc. sit on the client's side of these decisions. Honra Llc. do not resell frameworks or take a margin on the tools a client adopts, so its read on eve is the same one Honra Llc. would give privately: it is a serious option, well suited to teams already invested in Vercel, and the framework choice is the smallest of the choices in front of you. The work Honra Llc. care about is the work eve does not do. Deciding which processes deserve an agent and which deserve a fix elsewhere. Setting the governance and approval model before the first agent ships, not after an incident. Building the thing directly when that is the right call, with the same judgment Honra Llc. bring to advising on it, and working alongside the implementers a client already has when it is not. eve removes a real category of busywork from that build. It does not remove the judgment, and that is the part worth getting right. Key takeaway. eve is Vercel making a credible claim that the production infrastructure of AI agents can be standardized the way web infrastructure was, backed by a framework it runs at scale on itself. For teams building agents, especially on Vercel, it is worth a serious look. Just keep the order of operations straight: decide whether the agent should exist, how it will be governed, and what you are willing to depend on, and only then decide which framework builds it.

OpenAI, Vercel hit in dev tool supply-chain breach. Key insights. * DOGE uploaded a live Social Security database to an unsecured third-party server, potentially affecting most living Americans' Social Security numbers. * ShinyHunters breached Instructure's Canvas (30+ million students), Charter Communications (40 million records), and Carnival Cruises (6 million records) in a single campaign. * Compromised dev tools Trivy, Bitwarden, and Checkmarx served as the supply-chain route to breach OpenAI and Vercel via stolen credentials. Why this matters. The supply-chain breach reaching OpenAI and Vercel via compromised developer tools Trivy, Bitwarden, and Checkmarx shows that AI companies' attack surfaces now run through every tool in the dev workflow, not just their own perimeter. The DOGE/Social Security incident demonstrates what happens when government data initiatives operate outside standard security review: an unsecured third-party server becomes the single point of failure for most living Americans' Social Security numbers. Iranian hackers' ability to remotely wipe tens of thousands of devices at Stryker Medical in a single March operation signals that destructive attacks on enterprise infrastructure are now viable at the scale AI companies operate. Summary. Six months into 2026, the year's security incidents have crossed from embarrassing to structurally alarming. DOGE uploaded a live Social Security database to an unsecured third-party server, what two House Democrats said 'could very well be the largest data breach in its nation's history.' Attackers also compromised dev tools Trivy, Bitwarden, and Checkmarx to reach OpenAI and Vercel downstream via harvested credentials. Essentially: (DOGE, ShinyHunters, Iranian state actors) each found a different gap in 2026's first half. - ShinyHunters hit Canvas (30+ million students), Charter (40 million records), and Carnival (6 million records). - Iranian hackers remotely wiped tens of thousands of devices at Stryker Medical in March. Developer tooling is now a primary attack surface for reaching AI infrastructure, not a secondary one. Potential risks and opportunities. Risks. * OpenAI and Vercel face regulatory scrutiny and customer trust damage if the supply-chain credential exposure is confirmed to have reached customer data or internal model infrastructure. * ShinyHunters' 40 million Charter Communications records and 6 million Carnival records create a large downstream pool for phishing, SIM-swap, and identity fraud campaigns. * The DOGE/SSA database exposure may trigger congressional investigations that freeze or complicate broader government AI and data-sharing initiatives well into 2026. Opportunities. * Developer security toolchain vendors (Snyk, Chainguard, Endor Labs) stand to see budget unlocked at enterprises reassessing trust in open source security tools like Trivy and Checkmarx after this supply-chain breach. * Identity verification companies can pitch increased rigor to hotels, money transfer apps, and government visa portals following the exposure of over two million passport and driver's license scans across those channels. * Cyber insurers with AI infrastructure and developer-toolchain coverage (Coalition, At-Bay) can reprice policies upward given demonstrated supply-chain reach into major AI vendors like OpenAI and Vercel. What Aiweekly don't know yet. * Whether credentials harvested from Trivy, Bitwarden, and Checkmarx have been fully rotated across all affected downstream companies beyond OpenAI and Vercel. * What data was actually exfiltrated from OpenAI via the supply-chain route, and whether any model weights or training data were accessed. * Whether U.S. water utilities have acted on the Iranian targeting warnings, given the article mentions no enforcement mechanism tied to the advisory. Shared on Bluesky by 1 AI expert. Originally reported by techcrunch.com Original headline: TechCrunch Mid-Year Security Roundup: DOGE/SSA, Instructure Canvas (30M Students), and OpenAI Supply-Chain Compromise Among 2026's Worst Breaches