Article

Architecting AI agents with execution loops

Param HarrisonParam HarrisonChief mentor
8 min read
AI EngineeringSystem DesignAI AgentsMulti-Agent Systems

Share this post

Want to build AI Agent Design Patterns hands-on? Try the AI Agent Design Patterns

What challenges do AI agents face?

You built a chatbot that can call tools. Now product asks it to autonomously plan multi-step tasks (book travel, update tickets, triage incident).

Suddenly:

  • The agent loops forever on ambiguous goals
  • External APIs get spammed by repeated calls
  • One bad plan causes high cost and data leaks

Discussion: How do you make an autonomous agent that is useful, safe, and predictable under load?

What agent types should you use and when?

Agent Type Behavior Use Case
Reactive Single step decisions, no planning Chat replies, simple tool calls
Deliberative Plan then execute multiple steps Complex workflows, multi-call orchestration
Hybrid Mix planning and reactive fallback Most production agents

Rule: Start with reactive or guided agents. Add autonomy only when you can observe and control every action.

How does the agent's execution loop work?

An agent is an execution loop: observe → plan → act → observe.

sequenceDiagram
    participant User
    participant Agent
    participant Planner
    participant Executor
    participant Tool
    
    User->>Agent: Goal
    Agent->>Planner: Create plan
    Planner-->>Agent: Plan steps
    Agent->>Executor: Execute step 1
    Executor->>Tool: Call external api
    Tool-->>Executor: Result
    Executor-->>Agent: Step result
    Agent->>Planner: Feedback for replanning
    Agent-->>User: Final result

Key decisions: step granularity, synchronous vs asynchronous execution, and whether to checkpoint state after each step.

What does 3. planner vs executor separation look like?

Keep planning and execution separate.

flowchart TD
    A[Input Goal] --> B[Planner]
    B --> C[Plan Store]
    C --> D[Executor]
    D --> E[Tool Calls]
    E --> F[Results Store]
    F --> G[Replanner]

Why:

  • Observability: trace planning decisions separately
  • Safety: validate plans before execution
  • Retry and resume: checkpoint plans so restarts are bounded

4. Tool interface design (define contracts)

Treat each external tool like a strict API you control.

Tool contract fields:

  • name
  • arguments schema
  • idempotency key requirement
  • required auth scope
  • cost estimate per call

Example tool spec (conceptual):

tool sendEmail
args { to string, subject string, body string }
idempotency required true
auth scope email_send
estimated cost small

Enforce contracts with runtime validation and dry-run mode from the planner.

5. Safety patterns for agents

Dry run / plan approval

Always present plan summary for human approval for high risk tasks.

Idempotency keys

Require idempotency for any effectful tool call.

Rate limits and quotas

Enforce per-agent and per-user quotas to stop runaway costs.

Policy engine

Pre-validate plans against guardrails (data exfiltration, PII, forbidden actions).

Sandboxing tools

Run dangerous tools in limited environments and require extra verification.

6. State, checkpointing, and resume

Design state so agents can resume after failure without redoing external effects.

Patterns:

  • Checkpoint after each step: persist step index, intermediate artifacts, and partial outputs
  • Two-phase commit for multi-step transactions: prepare → commit (use sparingly and only when all tools support rollback)
  • Compensating actions: for non-rollbackable steps, register compensator tasks
flowchart TD
    A[Plan] --> B[Step 1]
    B --> C[Checkpoint 1]
    C --> D[Step 2]
    D --> E[Checkpoint 2]
    E --> F[Complete]

7. Observability and explainability for agents

Trace and expose:

  • Plan version and rationale for each step
  • Tool call arguments and responses (masked for PII)
  • Decision provenance (which prompt and context produced each plan)
  • Resource usage per step (tokens, time, cost)
flowchart LR
    Agent --> Trace
    Trace --> Dashboard
    Trace --> Alerting

Explainability reduces debugging time and supports audit requirements.

8. Testing agents: unit, integration, chaos

Test tiers:

  • Unit: planner heuristics and prompt outputs using deterministic model settings
  • Integration: execution with stubbed tools
  • Contract tests: tool schemas and idempotency keys
  • Chaos tests: simulate tool failures, network partitions, and partial responses
  • Cost tests: estimate tokens and calls for representative workloads

Tip: Use deterministic model settings for repeatable tests (temperature 0 and fixed seeds).

9. Cost and throughput controls

Agents can blow budgets quickly. Control knobs:

  • Max steps per plan (hard cap)
  • Cost budget per request (reject or degrade when exceeded)
  • Dynamic model selection per step (large model only for planning; smaller for templated text)
  • Caching of tool results and intermediate artifacts
flowchart LR
    A[Request] --> B[Budget Check]
    B -->|ok| C[Planner]
    B -->|exceed| D[Reject]

10. Example: task automation agent (booking workflow)

Scenario: Agent must book travel: check flights, reserve, charge card, send confirmation.

flowchart TD
    UserGoal[User Goal] --> Planner
    Planner --> PlanStore
    PlanStore --> Executor
    Executor --> CheckFlights
    Executor --> ReserveSeat
    Executor --> ChargeCard
    Executor --> SendConfirmation

Safety enforcement:

  • Require plan approval before ChargeCard
  • Use idempotency for ReserveSeat and ChargeCard
  • Log decisions and attach trace id to payment call

11. Dealing with ambiguity and infinite loops

Agents can loop when goals are underspecified.

Defenses:

  • Clarification step: require confirmation when plan confidence is below threshold
  • Step budget: cap maximum steps and abort with explainable reason
  • Divergence detection: monitor for repeated states and abort when seen X times

12. Metrics that matter for agents

  • Plan success rate
  • Average steps per task
  • Tool failure rate per tool
  • Cost per successful task
  • Human approval rate (if used)
  • Time to completion and first token latency

Capture these per agent version to measure regressions.

Discussion prompts for engineers

  • Where do you draw the line between autonomous action and human approval?
  • How do you design idempotency for tools that cannot be rolled back?
  • What's your preferred checkpoint frequency balancing cost and resume granularity?
  • How would you simulate a malicious planner that tries to exfiltrate data?

TL;DR, Agent design cheat sheet

  • Separate planner from executor
  • Treat tools as strict contracted services with idempotency
  • Checkpoint after steps and make resume explicit
  • Enforce safety via dry-run, policy checks, and human approval for risky actions
  • Instrument every plan and step for observability and cost tracing
  • Test with deterministic settings, integrate chaos testing, and cap budgets

Takeaway

  • Autonomy is powerful, and dangerous, when unchecked
  • Production agents are safe only when they are transparent, auditable, and bounded
  • Build slow, observe fast, and never deploy a fully autonomous agent without cost controls, human-in-the-loop options, and a thorough testing and monitoring pipeline

For more on building production AI systems, check out our AI Bootcamp for Software Engineers.

Key takeaways

  1. The pattern described above addresses a specific production failure mode that naive implementations miss.
  2. Mechanical guardrails beat heroic debugging. Ship the fix that prevents the bug class, not the bug instance.
  3. Measure before and after. If the change is not visible in metrics, it was not worth the complexity.
  4. To see this pattern wired into a full production agent stack, walk through the Build your own coding agent course, or start with the AI Agents Fundamentals primer.

Frequently asked questions

What's the difference between reactive and deliberative agents?

Reactive agents make single-step decisions without planning, ideal for simple tool calls or chat replies. Deliberative agents plan multiple steps before executing, suited for complex workflows. Start with reactive agents and add planning only when you can observe and control each step. Most production agents blend both: deliberative planning for structured goals with reactive fallbacks for ambiguous situations.

How do I prevent my AI agent from looping forever?

Agents loop when goals are underspecified. Use divergence detection to abort when the agent revisits the same state repeatedly. Hard-cap steps per plan and add a clarification step when plan confidence falls below threshold. Monitor plan success rates and execution time to catch runaway loops early. These guardrails prevent API spam and cost blowouts.

Do I need to make my agent tools idempotent?

Yes. Idempotency guarantees repeated calls produce identical results without duplicating side effects. Agents retry on network failures or plan adjustments, triggering duplicate requests. Without idempotent tools, a payment retry charges the card twice or a reservation retry books twice. Require idempotency keys in every tool contract for any state-modifying API call.

For the full reference, see the Anthropic agents guide.

Take the next step

Share this post

Continue Reading

pip vs uv vs poetry for Python AI services

9 min read
AI Engineering in Practice

Retry patterns for LLM API errors in production

8 min read
AI Engineering in Practice

Pydantic output structuring for RAG agent plans

8 min read
LLM Engineering

Weekly Bytes of AI

Technical deep-dives for engineers building production AI systems.

Architecture patterns, system design, cost optimization, and real-world case studies. No fluff, just engineering insights.

Unsubscribe anytime. We respect your inbox.

Ready to go deeper?

Go beyond articles. Build production AI systems with hands-on workshops and our intensive AI Bootcamp.

Explore AI BootcampBrowse Workshops