Vercel used its Ship 2026 conference in London to launch three production-ready agent infrastructure products: Vercel Connect, a credential system that issues temporary scoped tokens instead of storing long-lived secrets in environment variables; eve, an open-source agent framework that puts instructions in markdown and tools in TypeScript inside a single directory with durable execution and evals already wired in; and Vercel Services, available July 1, making microservices a first-class deployment target with private inter-service networking and full preview environments on backend-only changes.
The most technically specific thing worth reading is the permissions model behind Vercel Agent, now in private beta. Instead of asking developers to approve actions one at a time, it runs a plan step first, declares every permission it will need to complete the task, and asks for approval once. It runs as its own identity, is read-only by default, and requests narrow temporary permissions before touching production. That architecture, not the product itself, is the blueprint other teams will copy.
The conference drew 2,500 attendees and included a 200-person hackathon with OpenAI, a panel of CTOs from Marks and Spencer, Currys, and Cursor, and a fireside with 20VC's Harry Stebbings. The panel highlight: Shopify and Amplitude already auto-merge 60 to 70 percent of low-risk PRs with zero developer review, while two-line auth changes still route to a human. The full recap covers the panel framework for autonomy, reversibility, and blast radius that those teams actually use.
[READ ORIGINAL →]