Nitor Tech Radar

Controlled experiments allow us to make product decisions based on actual data from real users, instead of arguing about subjective opinions. With agentic development this becomes even more important, as we can develop features more quickly, but we still need a reliable way to understand what really works.

A/B testing functionality is often intertwined with feature flagging, analytics, monitoring and consent management. It can be custom built, but there are also commercial tools including Statsig (now owned by OpenAI) and LaunchDarkly.

Generative AI tools (code copilots, chat assistants, automated test generation) embedded into the day-to-day development loop for coding, debugging, documentation and refactoring. Significantly improves productivity and flow: less repetitive work, faster onboarding, faster iteration and a useful guide through unfamiliar code or APIs.

Generated code quality varies and needs review. Subtle bugs, security issues and anti-patterns slip through if accepted uncritically, and over-reliance can erode deep technical understanding over time. Governance around IP, data exposure and secure usage has to be deliberate. Mature enough to be part of every engineer’s baseline: not using AI tooling for everyday coding is now the exception, not the norm.

Design workflows are shifting away from sequential handoffs toward continuous collaboration, roles blurring and designers contributing directly in code. The design process can now start in code rather than a design tool, prototypes are built across multiple environments, and how teams document and define their work is evolving from static references into living, actionable rulesets. The human role is moving up the stack, from executing individual decisions to defining the conditions that make good output possible at scale.

We don’t have to create AI agents from scratch. An agent harness (Claude Agent SDK, OpenAI Agents SDK, LangChain DeepAgents, Mastra) gets us most of the scaffolding so we can concentrate on business value through skills and tools.

Beyond picking a harness, harness engineering enables teams to turn AI capabilities into reliable, repeatable workflows by structuring prompts, tools, context and evaluation into a coherent system.

Reusable, documented workflows that encode how to automate non-trivial tasks for AI agents – complex migrations, recurring delivery patterns, project-setup sequences – written once and reused across projects. The cost of authoring a skill is amortised every time the same pattern surfaces in another engagement.

We place this at Trial: the pattern is clearly valuable and Nitor teams have early practical experience, but authoring conventions and a shared skills library are still taking shape. Building one internal (or public) skills repository so this work compounds across engagements is the logical next step.

AI agents that discover, evaluate and purchase on behalf of consumers are becoming real, but the ecosystem is still being wired up. Competing open standards are emerging fast: ACP (Agentic Commerce Protocol) defines how AI agents interact with businesses to complete purchases on behalf of buyers, while Google’s UCP (Universal Commerce Protocol) is an open standard covering the entire shopping journey from discovery to post-purchase support. UCP is compatible with MCP (Model Context Protocol), A2A and Agent Payments Protocol, showing how these standards are converging into an emerging stack.

Early implementations are live, but trust, liability and consumer readiness gaps remain. It is worth getting hands-on now to understand both the opportunity and the disintermediation risk before clients start asking.

AI agents paired with browser automation and accessibility engines turn auditing from a periodic specialist activity into a continuous, repeatable workflow. The agents drive a real browser through MCP-connected tools: injecting axe-core, reading the rendered accessibility tree, running Lighthouse, walking user flows across state changes. The results are synthesised into a single report against a specific standard (e.g. WCAG 2.2 AA).

A well-crafted playbook is what makes this reliable. It encodes the expert knowledge the agent would otherwise get subtly wrong (WCAG version deltas, rule scope, criteria, severity definitions) and pins the workflow so every run produces a comparable, auditable result. The technique suits pre-release conformance checks, scheduled regression runs and broad-pass audits that scope where deeper specialist review is actually needed, without replacing the human judgement that accessibility work fundamentally requires.

Automatically spinning up a fresh preview environment for every PR gives designers, product owners and reviewers (and AI agents) a live version of the feature that they can test and give feedback on. This speeds up the feedback loop significantly. No need to demo over screen share, and no need for reviewers to check out the branch locally.

Providers that have built-in support for this include Vercel, Cloudflare, AWS Amplify and Azure Static Web Apps. For frontend-only services on these providers, it is always worth enabling. For providers without built-in support or for services with stateful infra, it takes more work, which is why this is in Trial and not Adopt.

Designing and managing the information, memory and retrieval flows that let models operate and reason in the right context. Covers prompt structure, retrieval-augmented generation, working memory, summarisation and compaction, instruction files like CLAUDE.md and AGENTS.md and MCP-based tool access. This is not a solved problem yet at team, project and organisation level, where both explicit and tacit knowledge are in play.

Agents, pipelines and workloads increasingly act on their own – calling APIs and touching data without a human in the loop – yet most still authenticate with a shared secret pasted into a .env file or a long-lived PAT inherited from the engineer who set them up. Non-human identity treats each of these actors as a first-class principal: short-lived credentials, narrowly scoped permissions and an audit trail that ties every call back to the workload that made it.

The building blocks are in place: AWS IAM Roles Anywhere and Azure Workload Identity Federation remove static keys from CI and cross-cloud workloads, and GitHub fine-grained PATs and OIDC trust scope CI credentials per repository. Worth getting hands-on with now – retrofitting proper identity onto agents that already have wide access is more expensive than building it in from day one.

Third-party dependencies are a constant source of supply-chain attacks, especially in the npm ecosystem – version upgrades cause breaking changes, transitive dependencies multiply the problems, and vibe-coded packages add a new failure mode on top. The self-replicating Shai-Hulud worm compromised hundreds of npm packages in late 2025, spreading through preinstall scripts.

Blocking lifecycle scripts and setting install cooldowns are good first steps and are quickly becoming the baseline, but they don’t catch malicious code that runs at import time rather than during install. Tools like Socket.dev that actively scan dependency code go further, and SBOM generation plus trusted publishing are worth folding into the standard toolchain. The practices are still consolidating, which is why this sits at Trial rather than Adopt.

Open table formats and interoperable catalogues now let multiple engines read and write the same governed data with no copying or ETL replication. Delta UniForm generates Iceberg metadata alongside Delta on a shared Parquet base, so one table is readable from Snowflake, BigQuery, Trino and any Iceberg client. Catalogues are opening in parallel: Databricks open-sourced Unity Catalog behind the open Iceberg REST Catalog API, Snowflake ships its managed Apache Polaris on the same standard, and DuckLake 1.0 (April 2026) registers existing Parquet files without a deep copy. The net effect is zero-copy data sharing across platform boundaries.

We place this at Trial because the building blocks are production-ready and already running in the field, not a future bet, so the pattern is immediately useful wherever clients run more than one engine. It stops short of Adopt because two choices still need deliberate validation per project: which catalogue is authoritative when several can write, and how to govern cross-engine access and data lineage (Unity Catalog’s story is still maturing for external readers). The payoff reaches every role, with engineers retiring copy pipelines and analysts querying in place, and for Nitor the headline value is a credible escape from single-vendor lock-in to weigh in the next data-platform RFP.

The Agent2Agent protocol defines how independent AI agents discover each other, delegate tasks and coordinate work across vendor and framework boundaries without exposing internal logic or implementation details – complementing MCP, which handles agent-to-tool connectivity, by addressing the agent-to-agent communication layer. A2A is now governed by the Linux Foundation and is backed by over 150 organisations including Microsoft, AWS, Salesforce, SAP and ServiceNow, with Azure AI Foundry, Amazon Bedrock AgentCore and Google Cloud all having integrated A2A natively into their platform offerings.

We place this at Assess because the protocol is maturing fast and the enterprise foundation is clearly forming, but patterns for how to design agent boundaries, manage trust between agents across organisational lines and handle the operational overhead of cross-agent orchestration are still being established in practice. For Nitor, the key question to develop a view on is how A2A fits into client-facing multi-agent architectures alongside MCP and where the agent boundary design decisions lie in composable solution delivery.

Product discoverability in agentic commerce is converging on a two-layer pattern: MCP as the agent integration transport and UCP as the commerce-specific protocol layer. UCP lets agents dynamically discover merchant capabilities, query real-time catalogue and inventory, negotiate carts and route to checkout without bespoke per-platform integrations. A merchant implements the UCP standard once, and any UCP-compliant agent can discover their catalogue, negotiate a cart and execute a checkout. UCP is designed to work alongside MCP, A2A and REST as integration paths. Google shipped Cart, Catalog and Identity Linking capabilities for UCP in March 2026, with UCP-powered checkout now live for eligible US merchants on Google AI Mode and Gemini.

We place this at Assess because the pattern is directly relevant for our commerce clients, and Nitor already has a reference demo implementation. The key open question for our market is when this reaches European consumers across Google AI Mode, Gemini and other AI assistants. Current live deployments are US-only, and the timeline for European rollout will determine when this becomes an active delivery consideration for Nordic clients. Building brand-specific assistant experiences with MCP in a UCP-compatible way today means the integration path to Google and other UCP-supporting surfaces is already in place when European availability arrives.

A next step in automating the development process is giving AI agents direct access to project management tools. Beyond the codebase and the prompt, the agent then also sees the surrounding business context. For simpler tasks, it might even support one-click agent implementation from issue to PR. Tools like Linear are starting to ship built-in AI agent integration, although this can be set up with Jira as well.

Context graphs for AI agents extend beyond traditional knowledge graphs by capturing the reasoning and provenance behind facts, not only the facts themselves. They store the “why” alongside the “what”, so agents can trace decision logic, avoid treating one agent’s inference as another’s ground truth and produce explainable outputs in high-stakes scenarios. Where a knowledge graph tells an agent what something is, a context graph adds the decision layer, capturing how entities interact in real processes and preserving the exceptions, overrides and precedents behind each conclusion.

Tooling is emerging, but teams building production agents consistently discover that reasoning memory is an afterthought until it isn’t. Adding provenance retrospectively means retrofitting an existing schema, while building it in from day one is substantially cleaner. We place this at Assess because the pattern has clear relevance for agentic solutions where auditability and explainability matter, but implementation approaches and operational overhead are not yet settled enough to recommend a standard path.

The practice of treating LLM evaluation as a continuous engineering discipline rather than a one-off testing step is emerging as a critical capability for teams shipping AI features to production. As prompt changes, model upgrades and retrieval modifications can silently degrade output quality, systematic evaluation pipelines with versioned datasets, automated scoring and regression gates are becoming the quality assurance equivalent for AI systems.

We place this at Assess because tooling and methodology are still consolidating and team patterns for integrating evaluation into CI/CD are not yet standardised across the industry.

Data is stored in a local DB in the browser (SQLite via wa-sqlite, PGlite, etc.) and synced with the server in the background, instead of every read and write going over the network. This allows for instant interaction, offline support and fewer loading states in the UI.

It’s an interesting approach, but mostly applicable to complex interactive apps (like Linear and Figma). For typical content-heavy sites the overhead of the architecture, including CRDT conflict resolution, is not worth it.

Using multiple agents together is the logical next step of using agents, but it’s far from a solved problem. The standard single-agent / single-prompt loop is one option, but tools like Pi let you build project-specific multi-agent workflows tuned to how a particular team actually delivers. How do you coordinate agents efficiently? How do you prevent the context-switching between them from degrading output and thinking quality?

The patterns – orchestrator agents, swarm models, handoff protocols – are still being worked out in practice. Experimentation is cheap (the cost of trying a workflow has dropped to a couple of hours) and the patterns that stick will shape how we work for years. We place this at Assess because the upside is real but the operational shape of “a multi-agent workflow that actually works in production” hasn’t settled yet.

Code quality and maintainability matter as much as ever. The question is how we reach them. With agentic coding now producing solid, reviewable code quickly, defaulting to hand-writing every line is increasingly hard to justify on commercial work. This is not a verdict on hand-written code, which still earns its place in tricky, high-stakes or token-constrained work.

The craft moves up a level: framing the problem, shaping the architecture, reviewing critically and owning the outcome. Engineers are responsible for every line they ship, whether typed or generated, so the human judgement that defined good hand-written code matters more than ever. We place this at Caution to flag the reflex of reaching for the keyboard first, not to retire the skills behind it.

AI coding allows doing multiple tasks in parallel, with multiple agents running at once, each working on a different task. While this might increase productivity, supervising the work can also lead to excessive context switching. This in turn can decrease the quality of human oversight, and lead to cognitive load and even burnout in the long run. It is important to consider not just the amount of code written, but how quality and sustainability are maintained with the new agentic ways of working.

Most applications don’t need the few things that SPA offers over MPA (e.g. offline mode, reacting to mouse-move events). Their cost is having to reimplement much of the Web Platform. Lots of accidental complexity makes apps fragile and slows down development.

AWS, Azure and GCP remain essential for staying technologically relevant, offering continuously evolving platforms that underpin modern, AI-driven systems. We work across all three depending on client estate and the particular workload – there is no single right answer at the platform level any more.

At the same time, the growing focus on digital sovereignty in Europe is reshaping how contracts, data residency and operational controls are negotiated. See also EU Sovereign Cloud for the sovereign-variant offerings each hyperscaler now provides.

Databricks is our default recommendation for clients who need a unified platform for data engineering, machine learning and AI workloads at scale. It has earned Adopt status through repeated production delivery across multiple client engagements, a best-in-class developer experience and a clear technology trajectory with Delta Lake, Unity Catalog and Mosaic AI forming a coherent and stable foundation.

Effective frontend monitoring has always been important, but it is increasingly critical when AI speeds up delivery. Real user monitoring (RUM) is used for catching JavaScript errors and analysing Core Web Vitals performance regressions, and session replay helps with debugging issues. We have good experiences in particular with Sentry and Datadog.

Snowflake remains the strongest choice for clients whose primary need is governed, scalable analytics with broad BI tool integration and a mature data sharing story. It has earned Adopt status through proven enterprise deployments, operational simplicity and a stable platform that consistently delivers on its core promise without requiring deep platform engineering investment.

Agents that autonomously react to alerts, correlate telemetry across services, identify root causes and propose or execute remediations. They have moved from concept to GA product within the past few months, with both AWS DevOps Agent and Azure SRE Agent reaching general availability in March 2026. AWS DevOps Agent correlates telemetry, code and deployment data to triage issues and identify patterns in past incidents, and works across AWS, Azure and on-premises environments with existing observability tooling including Datadog, Dynatrace, New Relic and Splunk.

Early production evidence is promising. We place this at Trial because the pattern is immediately relevant for clients running complex cloud estates, and the key design question of where autonomous remediation is safe to enable versus where human approval gates remain essential deserves deliberate validation before being embedded in production operations models.

In-car platforms are an important part of the mobile ecosystem for any client whose product needs to follow users into the car, covering media, navigation, messaging and increasingly brand-owned vehicle experiences. The APIs and design templates constrain what can be built, but the audience reached is non-trivial and growing as deeper in-car integrations roll out. The platforms themselves are stable to ship on. We keep this at Trial because customers still need to validate the mobile use cases that fit well in the automotive environment, which might be limited in numbers.

Centralised developer platform that reduces cognitive load by bringing services, documentation, tooling and ownership into a single, discoverable interface. Originally built at Spotify, now a CNCF incubating project. We see it in use at multiple Nitor customers as the spine of their platform engineering effort.

Google Cloud’s fully managed, serverless data warehouse for large-scale analytics – fast SQL over vast datasets without infrastructure management. High scalability and tight integration with the rest of GCP (BI tools, AI/ML services) make it a strong fit for analytics-heavy workloads in Google-centric environments.

Cost management is the main thing to watch: usage-based pricing means inefficient queries get expensive fast. Data governance, access control and residency need careful configuration for enterprise and EU regulatory requirements, and lock-in implications should be weighed against multi-cloud strategies.

One of the most interesting CSS features in recent years is now widely available across modern browsers: components can adapt their styles to the size of their container rather than the viewport. This is highly useful for complex layouts or for reusable design system components.

It lets us get rid of a large category of JS-based code which uses ResizeObserver to adapt component layout, which adds complexity and does not work with server-side rendering. Style queries, which let components adapt to a container’s custom property values, also reached cross-browser support in May 2026.

Connecting MCP servers to AI chat interfaces such as ChatGPT and Gemini is rapidly becoming the standard integration layer for giving AI assistants live access to enterprise systems and data. For brand-facing use cases this is particularly compelling: a customer assistant backed by MCP-connected commerce, inventory and CRM systems can deliver personalised, transactional experiences without a bespoke agent UI, while the brand retains full control over what tools and data the assistant can reach.

The protocol has achieved broad cross-vendor adoption, the connector ecosystem is growing fast, and the pattern aligns naturally with the composable architectures we build for clients. MCP essentially extends composability from the data and service layer up into the AI interaction layer itself.

Critical for improving developer productivity, consistency and governance as systems and organisations grow in complexity. A platform team curates the paved paths (service templates, CI pipelines, deployment automation, observability defaults, internal developer portal) that product teams use every day. Backstage is the most common spine for the portal, with the rest typically built on Kubernetes, Terraform and the team’s chosen CI.

Google Cloud’s unified AI platform for building, deploying and managing ML and generative AI workloads – Gemini model access, pipelines and MLOps in a single environment. The end-to-end shape (training, deployment, monitoring) and tight integration with GCP data services make it a strong fit for organisations already aligning analytics and AI on Google. Google is rebranding the platform as the Gemini Enterprise Agent Platform.

Strong coupling to GCP means real vendor lock-in. Governance, data residency and access controls need careful configuration for enterprise and EU regulatory requirements, and cost and complexity can climb sharply as usage scales across services and model endpoints. We place this at Trial: the platform is capable, but these concerns mean validation is needed before committing at scale.

Business Orchestration and Automation Technologies – Camunda, Flowable, Appian and similar platforms for modelling and running business processes outside of hand-written application code. Useful for clients with complex, multi-step workflows where the business needs to see and adjust the flow without going through engineering for every change.

We’re tracking these because the recent generation has agent-capable hooks and integration points that change what they can do, but the maturity of those features and the lock-in trade-offs aren’t yet clear enough to recommend by default.

Infrastructure and services operated under EU jurisdiction, with EU-resident data, EU-controlled personnel and EU-law governance. The trend is being driven primarily by public sector procurement requirements and regulated industries responding to NIS2 and DORA obligations, with EUCS still in draft and its eventual high-assurance tier requirements creating forward-looking uncertainty rather than immediate compliance pressure. For Nitor’s typical private sector client base this is largely not a new technology problem: the major hyperscalers are responding with sovereign variants (AWS European Sovereign Cloud, Microsoft EU Data Boundary, Google Cloud Data Boundary) that are architecturally near-identical to their standard offerings, differing mainly in contractual structure, data processing terms and operational controls.

We place this at Assess because the area worth actively monitoring is whether DORA-driven demand from financial sector clients creates meaningful architectural work, and whether sovereign cloud requirements start appearing in Nordic enterprise RFPs beyond the public sector. Such activity would shift this from a compliance footnote to a genuine delivery consideration.

A browser API that makes it possible to animate transitions between DOM states, as well as between pages in multi-page applications (MPAs). Newly available in all modern browsers, though Firefox support for page transitions is still incomplete. Smooth route transitions have been one of the main reasons for client-side navigation and single-page applications (SPAs), so this is a significant feature for enabling architecturally simpler MPAs. React support is also coming via the experimental <ViewTransition> component.

New accessibility standard in the works, organised around outcomes rather than the pass/fail criteria of WCAG 2.x. A new colour contrast algorithm is one of the most consequential changes under consideration. The leading candidate, APCA, models perceived contrast more accurately, which is especially good for brand palettes built around oranges and reds that WCAG 2.x penalises unfairly.

It will likely still take years for WCAG 3.0 to become official and referenced in legislation. Still, it’s worth tracking to learn about new advances in accessibility.

Web components have been available for a long time, but adoption has been very slow. The main reasons have been poor developer experience (DX), lacking server-side rendering (SSR) support and the dominance of React, which often has been the default choice across entire enterprises.

Now Declarative Shadow DOM, newly available across modern browsers, makes SSR possible for web components. Frameworks like Lit also improve the DX, although it is still worse than React. But for design system component libraries and other highly reusable components, web components can now make sense, as a standard solution that works with React, Vue.js, Svelte and vanilla HTML/JS.

Microsoft’s unified analytics platform consolidating data integration, warehousing, engineering, real-time analytics and Power BI in a single SaaS-first environment. Its primary value is as a bridge between data workloads and the Microsoft business-app estate – Power BI, M365 Copilot and the AI agents being layered on top.

Developer experience is still rough and the platform is maturing unevenly. We place this at Caution: the integration story with the Microsoft ecosystem is genuine, but the feature surface is sprawling and quality is inconsistent. Reach for it where the Microsoft integration angle is the deciding factor, not as a default analytics platform.

Container orchestration platform for deploying, scaling and operating containerised applications across clusters. The de facto standard when you need fine-grained control over workloads, multi-tenant isolation or complex networking and storage at scale.

Kubernetes is genuinely complex, and the operational overhead slows down teams without a dedicated platform group to absorb it. We place this at Caution to push back against reflexive adoption – most product teams are better served by a simpler runtime (managed container services, PaaS). Reach for it when the complexity is justified by actual requirements, not as the default.

Some platforms are architected so that the data you put in is hard to get out on your own terms, and the agentic AI wave is sharpening the pattern. SAP’s API Policy v4/2026, enforced from June 2026, prohibits using its APIs for large-scale data extraction or for third-party autonomous and generative AI systems, steering customers towards SAP-endorsed pathways like Joule, Business Data Cloud and Agent Gateway. Forrester read it as SAP positioning itself as the gatekeeper of enterprise AI, and the German user group DSAG objected publicly. Salesforce sits at the other end: its Agentforce 360 stack leans on MCP, A2A and zero-copy access to Data 360 precisely to answer lock-in fears, though the agentic orchestration still concentrates inside its ecosystem.

We place this at Caution because committing client data and AI workflows to a suite that gates egress can quietly foreclose future options, and the cost only surfaces when a migration or a competing model is needed. Before adopting, weigh how data leaves the platform, whether open protocols and formats are genuinely supported and what an exit would actually cost. This is the defensive counterpart to the open, zero-copy interoperability covered elsewhere on this radar: treat vendor openness as a requirement to verify, not a promise to trust.

Running component tests in a real browser instead of an environment like jsdom avoids incompatibilities and makes debugging significantly easier, as tests can be run in a headed browser. This can be implemented using Playwright component testing (marked experimental, but works well in production), Vitest browser mode (stable since Vitest 4) or possibly Storybook.

We have found that browser-based component tests reduce the need for full E2E tests somewhat, as the component tests can cover more realistic scenarios. This generally speeds up the tests and makes them more reliable. E2E tests are still recommended for full user journeys though.

Anthropic’s AI development assistant, optimised for code generation, reasoning-heavy tasks and working across large codebases through chat and agent-style workflows. Excels at complex reasoning, structured multi-file changes and long-context understanding – it complements traditional copilots focused on inline completion by going deeper into refactoring, architecture exploration and orchestrated changes.

Tooling and IDE integrations have matured quickly, with native VS Code and JetBrains plugins and enterprise controls like centrally managed policy settings now in place. As with all AI-assisted development, outputs require careful validation, especially in regulated environments. We place this at Adopt: the depth of reasoning and multi-file capability provides a level of assistance copilot-style tools can’t match, and Nitor teams are already seeing meaningful productivity gains in practice.

Figma’s prompt-to-prototype tool built into the Figma platform. Turns natural language descriptions and design references into interactive, high-fidelity prototypes that can pull from your existing design system and embed into Figma Design, FigJam and Slides.

A tool for early exploration, stakeholder alignment and turning static frames into interactive prototypes and testable flows without leaving the Figma environment.

AI-powered coding assistant with real-time suggestions, explanations and generation directly in the developer workflow. What sets it apart from other coding assistants is enterprise-grade governance: tight integration with the GitHub and Microsoft ecosystem enables centralised policy control, auditability and data-protection features – particularly well-suited for EU-based organisations under strict regulatory requirements. This governance maturity is why we place this at Adopt rather than Trial.

Generated code still needs review for correctness and security, and policies, data boundaries and usage guidelines have to be configured deliberately to meet internal and regulatory standards.

LangSmith is a solid platform for LLM observability, tracing and evaluation across AI workloads. It earns Adopt status through a mature feature set that covers the full lifecycle from trace capture to prompt management and dataset-driven evaluation, straightforward integration with the major agent frameworks and LLM providers regardless of whether LangChain is in the stack and consistent use across our AI delivery work.

End-to-end and component testing framework, and our default choice for new browser-driven test work. Below the E2E level it pairs naturally with Vitest browser mode or Playwright component testing.

After achieving super speed, the new pnpm versions lean hard into supply-chain hardening. Minimum-release-age cooldowns, blocked exotic subdeps and opt-in build scripts are now on by default.

The deterministic installs, general robustness and wonderful interactive tools have been there for a long time. pnpm is the way to go in the JavaScript package manager scene.

Isolated, controlled environments where AI agents can safely execute code, access tools and interact with systems without risking production integrity or data leakage. Increasingly important for scaling agentic workflows beyond a single developer’s machine. A multitude of options available as managed services (E2B, Daytona, Vercel Sandbox) and local (container-use, Docker Sandboxes with a microVM per agent, devcontainers).

Anthropic Labs’ conversational design tool, currently in research preview for Claude subscribers. It combines a chat interface with a canvas to produce prototypes, slide decks, one-pagers and microsites. Brand consistency by default – during onboarding it reads your codebase and design files to build a design system, and then applies those colours, typography and components automatically across every subsequent project.

A tool for fast exploration of many directions and brand-aware first drafts. When a prototype is ready, it packages into a handoff bundle that Claude Code picks up, closing the loop from exploration to production code within the Anthropic ecosystem.

Often a simpler alternative to writing an MCP server. AI agents are very good at using bash, and humans can use the same tools, no separate UI layer needed.

You can generate new project-specific CLI tools in just a few hours, which makes the cost of giving an agent a new capability genuinely low. For most internal use cases this is the path of least resistance compared to a full MCP integration.

Servers like Figma MCP, Sentry MCP and Playwright MCP extend what agents can do during development, by allowing the agent to directly access designs, monitoring data and the browser. With access to the systems around the code and not just the codebase itself, agents become significantly more capable. CLI tools are sometimes a better fit for agents, but MCP is currently the most widely supported architecture for giving coding agents access to all the tools they need.

Google’s AI-native development platform designed around agentic workflows, where AI actively participates in writing, modifying and orchestrating code rather than just assisting inline. The desktop IDE represents a shift from traditional IDEs toward intent-based development with multi-file changes and autonomous tasks. The Go-based Antigravity CLI brings the same agent stack (skills, hooks, subagents, plugins) into terminal workflows, scripting and CI/CD contexts.

Google is consolidating its developer AI tooling here: Gemini CLI is discontinued in June 2026 in favour of Antigravity CLI. We place this at Assess because the platform is only weeks old and capabilities still shift from release to release. Worth watching how it matures, and how data handling and enterprise terms settle, before investing team workflows in it.

AI-native IDE built around deep LLM integration into the development workflow, enabling developers to interact with codebases through chat, inline edits and multi-file transformations. One of the more mature examples of integrating agent-like behaviour directly into the coding environment while keeping the familiarity of a traditional IDE.

The points to validate are data handling (codebase indexing happens server-side unless privacy mode is on) and how the VS Code fork keeps up with upstream over time. For regulated clients, check the data processing terms before rollout.

Pipelines and development workflows are defined as code (Go, Python, TypeScript and more) and executed in consistent, reproducible environments across machines and CI systems. This brings discipline and portability to delivery pipelines. The appeal is obvious to anyone who has debugged a YAML pipeline by pushing and waiting. The same engine powers container-use, which gives each coding agent an isolated environment and git branch for safe parallel work. It stays at Assess because the Dagger engine is one more dependency in the delivery chain, and we want more real-project experience before recommending it.

Open-source AI-native development tool built around agent-driven coding workflows, where developers express higher-level intents rather than editing line by line. Reflects the broader transition toward autonomous and semi-autonomous development environments, aiming to streamline multi-file changes, refactoring and system-wide updates through AI agents. Bring-your-own-model across Anthropic, OpenAI, Google and local inference.

A fast-moving community project with no enterprise support story, and bring-your-own-model means quality and cost depend entirely on the model behind it. Worth tracking, but not yet a default choice.

A highly customisable AI agent coding harness. It makes it easy to add your own behaviours instead of being satisfied with what Anthropic or OpenAI ship, and even allows project-specific customisations to the coding flow. A good base for experimenting with multi-agent workflows to discover new ways of working with AI.

Bun is an alternative JS runtime that provides a package manager, test runner and a bundler as an integrated experience. It was one of the most liked technologies in our recent developer survey, and a promising Node.js competitor.

In December, Bun was acquired by Anthropic, and the authors recently did a huge AI vibe coded refactor from Zig to Rust, converting roughly a million lines in about a week. Knowing how software works, we quickly moved Bun from Trial to Caution. Where it goes from here remains to be seen.

Astro is a content-focused web framework with island architecture. It ships zero JS by default and only hydrates the parts that need interactivity. You can use React, Svelte or any UI library to code your components.

Astro began as a static site generator of sorts, but has grown to the metaframework direction. It can do server side and static sites and all in between. A solid foundation for almost any web project.

EAS Update lets teams ship JavaScript and asset changes straight to production without waiting on app store review cycles. Pushing fixes through a git-based branch-and-channel workflow keeps small teams reactive: instant bug fixes, staged rollouts and one-click rollbacks across the whole React Native fleet, with no separate update infrastructure to build or maintain.

The native-code boundary is the main caveat. Anything touching native modules still needs a full build and store submission, and the stores only sanction OTA for fixes and improvements, not for changing app behaviour. For JS-layer delivery the operational story is mature enough that we keep this at Adopt.

A compiler step that takes a lot of the pain away from React memoization. It removes the need for manual useMemo/useCallback boilerplate and speeds up the app at the same time.

Main downside of React Compiler is that it needs a Babel plugin for now, and that slows things down and is extra effort in usual modern setups. No worries, a native Rust version is in the works.

React Native with Expo has become the de facto standard for building cross-platform native applications from a single TypeScript codebase. Expo brings real efficiency to the ecosystem: managed builds, OTA updates, a mature library of native modules and a tooling story that lets teams ship to iOS and Android without maintaining two native skill sets.

The New Architecture (Fabric, TurboModules, Bridgeless) together with the Hermes engine has closed most of the historical performance gap, and the escape hatch to native code is always there when a feature demands it. That is why we’re comfortable placing this at Adopt for cross-platform mobile work.

Mature, widely adopted standard for declarative provisioning and management of cloud and on-prem resources. Its cloud-agnostic model supports multi-cloud strategies while enabling strong governance through code, policy enforcement and review processes. Our default infrastructure-as-code tool for repeatable, version-controlled, auditable infrastructure.

State management and access control must be carefully secured – misconfigured state or weak role separation can let unauthorised changes propagate quickly across environments. Guardrails like policy-as-code and disciplined review practices are critical to meet enterprise and regulatory requirements.

JavaScript ecosystems are consolidating on Vite and related toolchains. Vite itself, Rolldown (Rollup re-implemented in Rust), Tsdown (Tsup reimplemented with Rolldown), Vitest for testing, Oxc toolchain for linting and formatting. Vite 8 made Rolldown the default bundler. Everyone is converging here.

Vite+, a new alpha tool built on top of all the other Vite parts, aims to bring these into a unified development experience for the web.

Framework for building, orchestrating and deploying AI agents with strong alignment to the Gemini ecosystem and GCP services. Provides structured patterns for tool use, context management and multi-step agent workflows. An opinionated, integrated approach to agent development that combines model capabilities with cloud-native scalability for organisations already on GCP.

Still evolving compared to more established ecosystems, and introduces clear vendor lock-in to Google’s AI and cloud stack. The natural deployment target is Vertex AI Agent Engine, so the EU data-residency and governance questions are the same ones noted for Vertex AI elsewhere on this radar.

Consider whether your application could be implemented using hypermedia instead of defaulting to single-page applications. The HTML and REST architecture, which enabled the explosive growth of the Web in the 1990s, has great benefits over rich-client applications: you won’t need to write a custom client (SPA) for every service, because one generic client (the web browser) works with all RESTful applications, from cat pictures to banking.

There are lots of simple libraries and frameworks, such as htmx, Datastar, Unpoly and Alpine.js, which enable partial page updates without ensnaring the whole page in JavaScript. Embrace the web platform instead of reinventing the wheel.

Build business logic once in Kotlin and share it across Android, iOS and the web – better consistency across platforms with less duplication, while reusing the Kotlin expertise teams already have. Because only the shared business layer crosses platforms, each target keeps its native UI and full platform accessibility instead of being constrained by a lowest-common denominator.

Microsoft Agent Framework reached 1.0 GA in April 2026, unifying AutoGen and Semantic Kernel into a single production-targeted SDK for building and orchestrating AI agents in .NET and Python.

It earns Trial on three counts: it is multi-provider out of the box (Azure OpenAI, Foundry, Anthropic, Bedrock, Ollama), avoiding model lock-in; it natively implements MCP, A2A and AG-UI, keeping it coherent with our composable architecture stance; and it ships with graph-based workflow orchestration, checkpointing, human-in-the-loop and built-in OpenTelemetry. A credible alternative to LangGraph or CrewAI when the client runtime is already Azure.

Open-weight LLMs from Meta (Llama), Alibaba (Qwen), Google (Gemma), DeepSeek, ZhipuAI (GLM) and Moonshot (Kimi) are increasingly credible alternatives to subscription-based inference services. Running them on owned infrastructure keeps data in-house and removes per-token billing from the cost equation.

VRAM cost is the main barrier. The hardware to serve the larger models at production latency is still expensive, which is why we keep this at Trial rather than Adopt.

Open standard and framework for collecting, processing and exporting telemetry data (traces, metrics and logs) across distributed systems, including modern AI and microservices architectures. Vendor-neutral instrumentation gives you visibility across complex environments without locking into a single observability backend.

We place this at Trial rather than Adopt because good OTel implementations require real design investment. Without careful governance, inconsistent instrumentation, runaway costs and accidental exposure of sensitive data through telemetry are practical risks, especially in regulated environments.

The new version of TypeScript, written in Go, is 10× faster than the JavaScript-based compiler while staying backwards compatible. Microsoft reported type-checking the VS Code codebase dropping from 78 to 7.5 seconds, for example. This is huge, as it speeds up both developer and agent feedback loops. TypeScript 7 also comes with better default configuration, so setting up a new project is easier.

TypeScript 7 is currently released as a beta, although it is already production-ready for most projects. Legacy module resolution modes and some other old features are no longer supported, which might make the migration tricky for some projects.

Microsoft’s stack for streamlined development of cloud-native applications, through standardised local development, orchestration and observability. Bridges the gap between local dev and deployment environments. Originally a .NET project, now also supporting Python and JavaScript. Promising, but the model is still settling, so we assess for now. The value is clearest for teams already on the Microsoft stack.

CNCF graduated sidecar framework providing standardised APIs for common concerns like state management, messaging, resiliency and observability. Enables teams to focus on business logic and stay portable across cloud providers and runtimes. Mature as a project, but the sidecar is one more runtime layer to operate. We place this at Assess: reach for it when the portability requirements are real, not by default.

Real-time, event-driven reactions to changes in distributed systems and data sources without requiring complex polling or custom orchestration. Originally from Microsoft, currently at CNCF sandbox maturity level. Worth tracking as an alternative to bespoke change-data-capture pipelines, but at sandbox maturity the APIs can still shift underneath you, so it is too early to build on.

To keep Java competitive in modern environments it now supports an AOT cache. Applications reach their full optimised speed within minutes instead of the hours of warm-up they used to need in production, so systems can be scaled based on their final performance, not their slow startup performance.

Unlike the regular JVM improvements that bring a free 5-10% speed-up every 6 months, the AOT cache requires investment into tooling: the AOT information has to be deployed alongside the application, and the more realistic loads you can run on the codebase the better the feature works.

Still TC39 stage 1, but might eventually be one of the critical steps in building frontend framework primitives into the browser. The proposal would make reactivity a platform feature rather than a framework feature, and lines up closely with what Preact, Solid, Vue and Svelte already do.

Realistically, one of the few ways React will ever be replaced at this point is if the essential features it supports are built into the browser, making the framework increasingly obsolete. Reactive state management is one part of this.

TypeScript-first framework for building, orchestrating and evaluating multi-agent AI systems, reducing the ad hoc complexity of agentic application development. Well-defined primitives for agentic applications: agents, memory, RAG, workflows, observability, evals. Reached 1.0 in January 2026 and is in production use at teams like Replit and PayPal. Worth a closer look for teams whose existing services are already TypeScript, where a Python-based harness would add a second runtime.

CNCF incubating project that standardises feature flagging behind a vendor-neutral API, reducing lock-in and enabling consistent practices across tools and environments. A solid choice when feature flags become part of your process. Start small with local files and expand to managed providers (LaunchDarkly, Flagsmith, Unleash, ConfigCat) as needed.

Compact open-weight models in the 1B to roughly 30B parameter range (Microsoft Phi, Google Gemma, Alibaba Qwen and Meta’s Llama) are now good enough for a growing set of narrow tasks: classification, extraction, routing, tool-calling and the cheaper steps inside agentic workflows. They run at low latency on modest hardware, increasingly on-device and at the edge, and cost a fraction of frontier inference per call. Where a general small model falls short, distillation closes the gap: use a large model to generate synthetic training data, then fine-tune the smaller one until it beats general-purpose models at that specific task. A small model you host also stays in your own service catalogue. It cannot be deprecated out from under a running solution, which removes a real source of forced migration as providers retire model versions.

We place this at Assess because, although the models and the serving stack (Ollama, vLLM, llama.cpp) are readily available, designing solutions around small models is still a practice to explore rather than adopt by default. Choosing the right model per task, deciding whether task-specific distillation is worth the data and training effort and validating accuracy against a frontier baseline all need hands-on evaluation first. For Nitor the value to assess is the resilient building block: route the bulk of traffic to a cheap, fast, self-hosted small model and reserve frontier calls for the steps that genuinely need them.

TanStack Start is a full-stack React framework from the TanStack team. It has file-based routing and server functions, and is a sharper alternative to Next.js for teams that want to avoid Vercel. Server components are supported as well, as an experimental opt-in. It’s still maturing, which is why we assess, not trial.

As a bonus, TanStack Start is built on TanStack Router and Query, which many teams already know from their stacks.

New date and time API for JavaScript that replaces the broken Date object with immutable types, durations, time zones and a better type system. It will finally standardise date and time handling in JavaScript, and remove the need for libraries like Luxon and date-fns. Temporal API is already available in the newest Chrome and Firefox versions, as well as in Node.js 26, which reaches LTS in October 2026. Only Safari support is pending.

Teams should consider which tool is best for the job, instead of automatically choosing JS/TS. In particular, they should consider the prevalence of supply-chain attacks in the npm ecosystem, and the long history of breaking version changes. Would you want to work on a 10-year-old JS/TS codebase? The code might not even compile today. What makes you think your current project will be any better in 10 years?

Also beware of frameworks which require that both the frontend and backend must be implemented in the same language. That indicates a very tight coupling, and might require a lengthy rewrite after the framework becomes outdated.

A practical vendor lock-in to Vercel. A decision to stand alone toolchain-wise (Turbopack instead of Vite). An ongoing series of serious security vulnerabilities in React Server Components, including a maximum-severity remote code execution flaw in December 2025. Constantly growing complexity and changing APIs.

Next.js is still hugely popular and a wonderful product in many ways, but it’s worth thinking through before starting a new project on it. Astro, TanStack Start and others are credible alternatives in the React metaframework space.

Open-weight LLMs combined with orchestration frameworks let organisations build and run their own AI-driven assistants with full control over infrastructure and data flows. Maximum flexibility and data sovereignty – attractive in regulated environments where data residency and isolation matter – but the trade-off is heavy: full responsibility for security, governance and operational hardening shifts onto the organisation.

The safeguards built into commercial offerings (prompt-injection mitigations, audit trails, context isolation, compliant logging) have to be designed and operated in-house, and supply-chain risks from unvetted models, dependencies or plugins add to the attack surface. Use only where there’s genuine internal capability to design, secure and run the solution end to end.