For the past year, the industry has been obsessed with model performance, operating under the assumption that if an agent fails, the model simply isn't "smart" enough. However, production teams are increasingly building for a different reality: a high-performance model trapped in a "thin wrapper" architecture is almost guaranteed to fail when faced with real-world state changes, network glitches, or edge-case reasoning.
In production, reliability isn’t solved by better prompting—it’s a systems engineering challenge. Transitioning from an experimental script to a dependable service requires rethinking what we mean by a Production Agent Stack.
A production agent stack looks less like a chatbot wrapper and more like a workflow runtime surrounded by policy, validation, execution, observability, and audit layers.
1. The LLM is a Probabilistic Reasoning Unit, Not the System
The most fundamental architectural error is treating the Large Language Model (LLM) as the platform itself. In a production stack, the LLM is a probabilistic reasoning unit—essentially a non-deterministic component that performs specific transformations on tokens.
A real system requires a control-theoretic approach where the LLM’s outputs are governed by feedback loops and architectural constraints. By interpreting agency as runtime decision authority over specific system elements rather than an open-ended command, engineers can enforce stability margins that the model cannot maintain on its own.
2. The Workflow Runtime Owns Execution State
In a production environment, state cannot be transient. The orchestrator must own the Execution State through durable execution, utilizing state machines or Directed Acyclic Graphs (DAGs).
Using frameworks like LangGraph, systems can ensure that if a network glitch occurs, the process doesn't restart from zero. These runtimes leverage explicit, reducer-driven state schemas to persist a "ledger" of facts, allowing tasks to be retried, resumed, or reverted with full context.
3. Agents are Specialized Workers, Not the Platform
In this stack, "agents" are workers with narrow, specialized roles: a Planner, a Retriever, an Executor, or a Validator.
Crucially, not every module needs to be an agent. Engineering teams should use agents where reasoning is required but rely on deterministic services where logic is fixed. This specialization enables role-based confinement, ensuring that a diagnosis worker can only read logs while only a mitigation worker is provisioned with write-access to the environment.
4. Protocols Expose Tools; Policy Governs Them
There is a growing distinction between how an agent connects to a tool and whether it is authorized to use it. Protocols like the Model Context Protocol (MCP) or Agent-to-Agent (A2A) provide the standard "plumbing"—defining how to call an API or share context.
Agent interoperability protocols such as A2A or ACP help agents delegate tasks and exchange context, but they still do not replace workflow orchestration or policy enforcement. Production stacks require a Declarative Policy Layer—utilizing a policy engine, IAM, or OPA-style rules—that sits above these protocols. Protocols expose capabilities; policy decides whether those capabilities are authorized.
5. Memory and State are Separate Concerns
One of the most frequent causes of agent drift is confusing Memory with State.
- Memory (Working, Long-term, Episodic): Helps the agent reason by providing context from previous interactions.
- State (Workflow, External Committed): Tells the system what has actually happened in the real world.
Memory helps the agent reason, but state tells the system what is true. Confusing the two leads to "hallucinated progress" where the agent believes a task is complete because it's in the context window, even if the API call failed.
6. Validation Turns Proposals into Actions
An agent should never execute model output directly. Every output must pass through a Validation Layer using typed schemas (e.g., JSON Schema).
This layer checks preconditions and validates tool arguments before they enter the execution environment. The model generates a proposal; validation decides whether it is well-formed enough to enter the system.
7. Execution Needs Isolation and Recovery
Tool execution should happen inside controlled environments, not directly on production systems. Modern stacks utilize Sandboxing to enforce permission boundaries.
Some systems implement Transactional No-Regression (TNR) or rollback-style recovery to manage the risks of autonomous action. If an agent’s action fails to improve the system's health, a rollback workflow can return the environment to a known safe state before requesting human guidance.
8. Observability and Audit are Not Optional
If you cannot replay the agent’s path, you cannot debug it, evaluate it, or govern it. A production stack requires integrated Audit Traces that are structurally coupled to the decision logic. This means logging every signal score, threshold crossed, and tool call made, preserved by the framework’s checkpointing mechanism for post-incident replay.
9. Evaluation Must Be Cross-Cutting
Evaluation is not a benchmark at the edge of the system; it is a continuous feedback loop across the stack. In practice, production evaluation usually needs three layers:
- Bottom Layer: Foundation model benchmarks (latency/quality).
- Middle Layer: Component-level performance (intent detection/tool accuracy).
- Upper Layer: Workflow trajectory evaluation (goal completion/safety).
10. Model Routing Controls Cost and Latency
A production agent should not send every request to the most expensive frontier model. Model Routing acts as a gateway that inspects request complexity before reasoning begins. Simple summarization tasks are routed to small, high-throughput models, while only complex planning steps escalate to expensive reasoning models, optimizing the latency-cost-quality tradeoff.
Conclusion: Engineering the Safety Margin
The transition from experimental scripts to robust AI services is defined by the integrity of the system architecture. The goal of production AI engineering is not to build a model that never fails. It is to build a system that can recognize when its reasoning has diverged from the mission and has the architectural "brakes" to slow down, ask for help, or roll back to a safe state.
A reliable agent is not one that never needs help. It is one that knows when to slow down, ask for confirmation, or hand control back.
- Author:Fan Luo
- URL:https://fanluo.me/article/the-production-agent-stack
- Copyright:All articles in this blog adopt BY-NC-SA agreement. Please indicate the source!
上一篇
Routing Before Reasoning
下一篇
Search Is Becoming Agent Infrastructure