← All AI Agents & Tool Use modules

Module 7 — Guardrails & Reliability

Making it reliable · hands-on · about 30 minutes.

The preceding modules assumed the agent behaves correctly. Production agents do not always do so: the model may select an incorrect tool, repeatedly invoke the same tool without progress, or — most consequentially — execute a real-world action that was not intended. Agents enter such failure modes confidently and without internal detection. The distinction between a demonstration system and one suitable for deployment lies in the guardrails wrapping the loop — the safety checks that detect failure prior to its causing damage.

Four guardrails required in any production agent

Demonstration: failure modes with and without guardrails

Select a failure scenario and execute it with guardrails disabled — the agent exhibits the failure unmitigated. Then enable the relevant guardrail and execute again: the trace shows the guardrail detecting the failure and terminating execution safely. The BLOCKED entries in the trace correspond to guardrail interventions.

This activity needs JavaScript. The lesson below still covers everything.

Guardrails expressed in code
for step in range(MAX_STEPS):              # 1. hard step cap
    action = decide(state)
    if action.name not in tools:          # 3. tool validation
        break
    if action in already_tried:           # 2. loop detection
        break
    if action.is_risky and not human_ok(action):  # 4. human-in-the-loop
        break
    observation = tools[action.name](action.arg)
    already_tried.add(action)

None of these mechanisms increases the agent's capability — they establish its safety. A capable agent without guardrails is not deployable; the guardrails are the prerequisite for safe production deployment.

Transient failures: retry with backoff

Guardrails stop the agent doing something wrong. A different problem is a tool that fails transiently — a timeout or a rate-limit that would succeed on a second try. The fix is not a guardrail but a retry policy: wait, try again, and double the wait each time so a struggling service is not hammered. Set the failure rate and retry budget, then call the tool.

This activity needs JavaScript. The lesson below still covers everything.

AI anchor — guardrails as a prerequisite for deployment The reason production agents are trusted with consequential tasks is not that the model is reliable — it is that the surrounding system is engineered to assume the model is not. Step limits prevent runaway resource consumption. Loop detection prevents unproductive iteration. Tool allow-lists prevent invocation of unauthorized capabilities. Human-in-the-loop confirmation on irreversible actions — "confirm transmission of this message" — is the single most important safety pattern in agentic AI. Capability is supplied by the model; trustworthiness is supplied by the guardrails.

Check your understanding

Answer a short set of questions on guardrails.

This activity needs JavaScript.

Why this matters next You have now studied every component — the agent loop, tool invocation, ReAct, memory, planning, routing, and guardrails. Module 8 assembles these components into a complete agent applied to a real task, and addresses the corresponding engineering question: under what circumstances is an agent architecture the wrong choice for the problem at hand?
Summary: agents exhibit characteristic failure modes — non-terminating loops, routing errors, and unintended actions — so reliability is established by guardrails surrounding the loop: a hard step limit, loop detection, tool-call validation, and human-in-the-loop approval for high-risk or irreversible actions.

Next: Build an Agent — and Know When Not To →