Every team I talk to has shipped an agent demo. Far fewer have shipped an agent they trust on the critical path. The gap between those two states is not model quality — frontier models are remarkably capable now — it is engineering discipline. An agent is a distributed system whose most important component happens to be probabilistic, and most of the failures I see come from treating it like a magic box instead of a system to be designed.
This is a field guide to the patterns that have actually moved the needle for me: how to design tools, how to engineer context, how to measure quality, and how to keep the whole thing from doing something expensive and irreversible.
An agent is a loop, not a prompt
Strip away the framework vocabulary and an agent is a simple loop: the model receives context, decides on an action, the action runs, and its result is fed back in. Repeat until the task is done or a budget is exhausted.
async function runAgent(task, tools, { maxSteps = 12 } = {}) {
const messages = [{ role: 'user', content: task }];
for (let step = 0; step < maxSteps; step++) {
const response = await model.complete({ messages, tools });
if (!response.toolCalls?.length) {
return response.text; // model is done
}
for (const call of response.toolCalls) {
const result = await runTool(call, tools);
messages.push({ role: 'tool', toolCallId: call.id, content: result });
}
}
throw new StepBudgetExceeded(maxSteps);
}
That is the whole engine. Everything that makes an agent good lives in the details: what goes into messages, what tools can do, and what happens when runTool fails. The model is the cheap part to swap; the harness around it is where your engineering actually accrues.
Design tools for the model, not for your API
The single highest-leverage thing you can do is treat your tool definitions as a product surface for the model. A tool that mirrors an internal REST endpoint is usually a bad tool. Models reason better over a small number of task-shaped actions than over a sprawling, generic API.
- Make each tool do one obvious thing.
search_ordersbeats a genericquerytool that takes raw SQL. Fewer footguns, clearer intent. - Return what the model needs to decide, not your full database row. Trim payloads aggressively — every extra field is tokens the model has to read and a chance for it to fixate on the wrong thing.
- Write descriptions like you are onboarding a new engineer. State when not to use the tool, and what the failure modes mean.
- Make errors actionable.
"date must be ISO-8601, got 'next tuesday'"lets the model self-correct. A bare400makes it guess.
A good rule of thumb: if a competent new hire couldn't use your tool correctly from its description alone, neither can the model.
Context engineering beats prompt engineering
"Prompt engineering" undersells the real work. By the time an agent is ten steps deep, the prompt is a small fraction of the context — the rest is accumulated tool output, prior reasoning, and history. Managing that window is the job.
Three habits that pay off:
- Compact aggressively. When the conversation grows, summarize older steps into a compact running state instead of carrying every raw tool result forward. The model does not need the full 8 KB JSON blob from step two; it needs the one fact it extracted from it.
- Put durable facts in a stable place. System instructions and task constraints should live at the top and never drift. Volatile data goes near the end where it is freshest.
- Retrieve just in time. Don't pre-load everything the agent might need. Give it a retrieval tool and let it pull context on demand. This keeps the window lean and the reasoning focused.
You cannot ship what you cannot measure
The reason most agents stall before production is that the team has no honest way to answer "did that change make it better?" Vibes do not survive contact with a real workload. Evals are not optional infrastructure; they are the thing that turns agent development from guesswork into engineering.
Start smaller than you think:
- Collect 30–50 real tasks with known-good outcomes. Hand-label them. This dataset is worth more than any framework you will adopt.
- Score outcomes, not transcripts. For many tasks an LLM-as-judge with a tight rubric correlates well with human judgment — but validate the judge against human labels before you trust it.
- Track cost and step count alongside correctness. An agent that is right 95% of the time but burns 40 steps to get there is not production-ready.
- Run the suite on every prompt and tool change. Regressions in agents are silent and non-local — a tweak to one tool description can quietly break an unrelated task.
Guardrails: assume the model will be wrong
Reliability is not the absence of model errors — it is a system that stays safe when they happen. Design as if the model will eventually take every action you expose to it, at the worst possible moment.
- Gate the irreversible. Reads can be autonomous. Anything that spends money, emails a customer, or deletes data goes through a confirmation step or a typed allowlist.
- Bound the loop. Hard ceilings on steps, wall-clock time, and token spend. A runaway agent should fail loudly and cheaply, not quietly and expensively.
- Sandbox tool execution. Treat tool inputs as untrusted. The model can be steered by content it reads, so a tool that reads the web must not also be able to wire money without a human in between.
- Log the whole trajectory. When something goes wrong in production, you need the full sequence of context, decisions, and results to debug it. This is also exactly the data that grows your eval set.
Where this is heading
The frontier is moving from single agents toward small teams of specialized agents coordinating on a task, and from text-only loops toward agents that operate real software directly. Both trends raise the stakes on everything above: more autonomy multiplies the cost of weak tools, sloppy context, and missing guardrails.
The encouraging part is that none of this is exotic. It is the same discipline that makes any distributed system reliable — clear contracts, tight feedback loops, defense in depth — applied to a new and unusually capable component. The teams winning with agents in 2026 are not the ones with secret prompts. They are the ones who took the engineering seriously.
If you are building in this space, I would love to compare notes — reach out.