Module 7 — Guardrails & Reliability
The preceding modules assumed the agent behaves correctly. Production agents do not always do so: the model may select an incorrect tool, repeatedly invoke the same tool without progress, or — most consequentially — execute a real-world action that was not intended. Agents enter such failure modes confidently and without internal detection. The distinction between a demonstration system and one suitable for deployment lies in the guardrails wrapping the loop — the safety checks that detect failure prior to its causing damage.
Four guardrails required in any production agent
- Step limit (max-steps) — a hard upper bound on the number of iterations the agent may execute, preventing unbounded execution. The agent terminates once this limit is reached, regardless of state.
- Loop detection — identification of cases in which the agent repeats the same action with the same input and fails to make progress, with termination triggered rather than continued iteration.
- Tool validation — rejection of tool invocations whose names do not correspond to a declared, permitted tool, rather than allowing execution to proceed with undefined behavior.
- Human-in-the-loop approval — for high-risk or irreversible actions (sending email, performing financial transactions, deleting files), suspension of execution pending explicit human approval.
Demonstration: failure modes with and without guardrails
Select a failure scenario and execute it with guardrails disabled — the agent exhibits the failure unmitigated. Then enable the relevant guardrail and execute again: the trace shows the guardrail detecting the failure and terminating execution safely. The BLOCKED entries in the trace correspond to guardrail interventions.
This activity needs JavaScript. The lesson below still covers everything.
for step in range(MAX_STEPS): # 1. hard step cap action = decide(state) if action.name not in tools: # 3. tool validation break if action in already_tried: # 2. loop detection break if action.is_risky and not human_ok(action): # 4. human-in-the-loop break observation = tools[action.name](action.arg) already_tried.add(action)
None of these mechanisms increases the agent's capability — they establish its safety. A capable agent without guardrails is not deployable; the guardrails are the prerequisite for safe production deployment.
Transient failures: retry with backoff
Guardrails stop the agent doing something wrong. A different problem is a tool that fails transiently — a timeout or a rate-limit that would succeed on a second try. The fix is not a guardrail but a retry policy: wait, try again, and double the wait each time so a struggling service is not hammered. Set the failure rate and retry budget, then call the tool.
This activity needs JavaScript. The lesson below still covers everything.
Check your understanding
Answer a short set of questions on guardrails.
This activity needs JavaScript.