Documentation Index
Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
Use this file to discover all available pages before exploring further.
Claude Managed Agents and LangSmith Managed Deep Agents are both strong hosted runtimes. The differences become clear when you look at how each platform handles credential management, tool governance, and model access in practice.
MCP credential management
| TrueFoundry | Claude Managed Agents | LangSmith Managed Deep Agents |
|---|
| Where credentials live | MCP Gateway — centrally managed with OAuth flows, token refresh, and user-scoped delegation | Vaults — per-user credential containers. You create a vault per user, register credentials per MCP server URL, and pass vault_ids at session creation. | MCP server registration — POST /v1/deepagents/mcp-servers with raw headers arrays containing bearer tokens. |
| Multi-user credential isolation | Built into MCP Gateway. Per-user OAuth tokens managed and refreshed automatically. | You must create and manage a separate vault per end-user programmatically. | Not supported in preview. One credential set per workspace. |
| In-app auth flow | User authenticates inline in chat (OAuth popup → continue). | Not available. Developer must handle token acquisition externally and register in vault. | Not available. Static headers only (OAuth planned for future release). |
| Credential rotation | Managed by gateway (OAuth refresh) or admin updates once centrally. | PATCH the credential per vault. Must be done per-user for user-scoped tokens. | PATCH /mcp-servers/{id} replaces entire headers array. |
| TrueFoundry | Claude Managed Agents | LangSmith Managed Deep Agents |
|---|
| Default behavior | Tools marked as destructive at MCP Gateway layer automatically require approval. No per-agent configuration needed. | MCP tools default to always_ask. You configure per-tool policies via permission_policy in the agent JSON definition. | Configure interrupt_config per tool using {mcp_server_url}::{tool_name} keys set to true/false. |
| Granularity | Gateway-level policy. Applies uniformly to all agents using that tool — set once, enforced everywhere. | Per-agent, per-tool JSON config. Each agent definition must explicitly declare policies. | Per-agent, per-tool in agent payload. Each agent must list every tool’s interrupt preference. |
| Governance scope | Policies are org-wide. Platform team configures which tools are destructive — agent builders don’t need to think about it. | Developer responsibility. If you forget to set always_ask on a sensitive tool, it runs without confirmation. | Developer responsibility. Missed interrupt_config entries mean no approval gate. |
Model access and governance
| TrueFoundry | Claude Managed Agents | LangSmith Managed Deep Agents |
|---|
| Supported models | All providers through AI Gateway | Anthropic models only (claude-opus-4-7, claude-sonnet-4-6, etc.) | Any model via {provider}:{model_id} format through init_chat_model |
| Access control | RBAC — control which teams/users can use which models. Budgets and rate limits per team. | No model-level RBAC. Any API key holder can use any model. | No model-level RBAC within the platform. |
| Cost governance | Per-user and per-team budgets, rate limits, and cost attribution enforced at gateway. | Not available at platform level. Track externally. | Not available in preview. |
| Guardrails on model calls | Gateway-level content policies, PII filters, custom guardrails applied before/after every model call. | Not available at harness level. | Not available in managed runtime. |
No vendor lock-in
Unlike Claude Managed Agents (Anthropic models only), Agent Harness is provider-agnostic:
- Use any model enabled in your AI Gateway
- Switch models without rewriting agent logic or changing credentials
- Run the same agent on different models for A/B testing or cost optimization
- Apply identical governance regardless of provider
Deployment flexibility
| TrueFoundry | Claude Managed Agents | LangSmith Managed Deep Agents |
|---|
| Deployment options | SaaS (globally distributed), self-hosted, on-prem | Managed Anthropic cloud + separate self-hosted SDK path | Managed cloud (US-only in preview) + self-host via langgraph build |
| Data residency | Deploy in your own cloud/region. Full control. | US region only during beta. EU planned post-GA. | US region only during private preview. |
| On-prem | Supported | Not supported | Not supported |
