Book Audit
Reference system

Production Agent

A bounded LangGraph agent with explicit state, tools, and approvals.

Book AI Engineering Audit

The problem

Open-ended agent loops wander, repeat themselves, and take actions no one signed off on. A production agent needs explicit state, bounded steps, and human approval on side-effecting actions.

System architecture

A LangGraph state machine where each node is a deliberate step: the agent reads typed state, may call a whitelisted tool, and routes to the next node. Side-effecting tools are gated behind an approval node, and a step budget bounds the loop.

Workflow

  • A request enters with typed initial state.

  • The agent plans the next step against the current state.

  • It calls a whitelisted tool, or routes to an approval node for side-effecting actions.

  • A human approves or rejects gated actions before they run.

  • Tool results are written back into typed state.

  • The loop continues until a stop condition or the step budget is reached.

Stack

  • LangGraph for the agent state machine

  • A typed state schema for each node

  • A whitelisted tool registry with input validation

  • An approval node for side-effecting actions

  • A step budget and timeout to bound the loop

What gets logged

  • The initial request and typed starting state

  • Each node entered and the transition that led there

  • Tool calls with validated inputs and returned outputs

  • Approval prompts and the human decision

  • State snapshots after each step

  • The stop condition or budget that ended the run

Where evals run

Evals run against recorded agent trajectories — scoring whether the agent reached the goal, stayed within budget, and only took approved side effects — plus regression replays when tools or prompts change.

Failure modes

  • The agent loops without progress — the step budget halts it instead of running indefinitely.

  • A tool receives malformed input — input validation rejects it before the side effect.

  • A side-effecting action runs without sign-off — the approval node blocks it by construction.

  • A tool errors mid-run — the failure is written to state and the agent routes to a recovery or stop path.

What this demo proves

That an agent can be made bounded and governable — explicit state, whitelisted tools, and approval gates instead of an unbounded autonomous loop.

Newsletter

One letter, every week. Working systems — not hot takes.

Build logs, agentic engineering decisions, agent failures, evals, and what survives real users. Sent weekly, never more.

Weekly. No spam. Unsubscribe anytime.