Every conference talk, vendor deck, and LinkedIn post in 2026 mentions "agents," and most of them mean something slightly different. Strip away the marketing and an AI agent is a small, unglamorous control loop: a model that reads some context, decides on an action, calls a tool, observes the result, and repeats until the goal is met or a budget runs out. This guide is the no-hype version what an agent really is, the moving parts you have to build or buy, and the failure modes that separate a demo from something you can put in front of customers.
What you will understand by the end
- The agent loop: perception, planning, tool calls, and termination
- Where tools, memory, and MCP fit in a real architecture
- Why evaluation and guardrails matter more than the model choice
- The cost and latency traps that kill agent projects in week three
- A pragmatic checklist for shipping your first production agent
Info
Who this is for
Developers who can call an LLM API and now have to turn that into something autonomous. You do not need an ML background you need good software engineering instincts and a healthy distrust of magic.
What an agent actually is
A chatbot answers one question. An agent pursues a goal across multiple steps, deciding for itself which tools to call and when it is done. The difference is the loop. You give the model a goal, a set of tools it is allowed to call, and a budget (in tokens, time, or dollars). It thinks, acts, observes, and loops. That is the entire idea everything else is engineering around making that loop reliable, observable, and safe.
GOAL ──▶ ┌─────────────────────────────────────────┐
│ 1. Model reads context + tool results │
│ 2. Model decides: respond OR call a tool │
│ 3. Runtime executes the tool │
│ 4. Result is appended to context │
└──────────────┬──────────────────────────────┘
│ repeat until done / budget hit
▼
FINAL ANSWERThe four parts you will build
Whatever framework you pick LangGraph, the OpenAI Agents SDK, the Claude Agent SDK, or your own loop you are assembling the same four parts. Understanding them as separate concerns is what keeps the system maintainable.
1. The model and the loop
The model is the reasoning engine, but the loop is yours. You decide the maximum number of steps, what happens on a tool error, and how the agent signals completion. Keep the loop boringly explicit. A clever framework that hides the loop will eventually do something surprising in production, and you will wish you could see every iteration. Stripped to its essence, the entire pattern is about thirty lines:
def run_agent(goal: str, tools: dict, max_steps: int = 8) -> str:
messages = [{"role": "system", "content": SYSTEM_PROMPT},
{"role": "user", "content": goal}]
for step in range(max_steps): # the hard budget — never loop forever
reply = model.chat(messages, tools=tool_specs(tools))
log.info("agent.step", step=step, tokens=reply.tokens) # trace every iteration
if not reply.tool_calls: # model is done → it answered
return reply.text
messages.append(reply.as_message())
for call in reply.tool_calls:
try:
result = dispatch(tools, call.name, call.arguments) # validate + execute
except ToolError as e:
result = {"error": str(e)} # feed errors back; let the model recover
messages.append({"role": "tool", "tool_call_id": call.id,
"content": json.dumps(result)})
return "I couldn't complete this within the step budget." # graceful giving-upThat loop is the whole game: the for with a hard max_steps stops runaway cost, every step is logged so you can replay it, tool errors are fed back instead of crashing, and the agent ends either by answering or by admitting defeat. Frameworks add ergonomics on top — but if you cannot describe your agent in terms of this loop, you do not yet understand what it will do in production.
2. Tools
Tools are typed functions the model can call: search_orders, send_email, query_database. The model never touches your systems directly — it emits a structured request, your runtime validates and executes it, and you return the result. This indirection is your single most important safety boundary. Treat every tool argument as untrusted user input, because functionally it is.
tools = [
{
"name": "get_order_status",
"description": "Look up the current status of a customer order by ID.",
"input_schema": {
"type": "object",
"properties": {
"order_id": {"type": "string", "pattern": "^ORD-[0-9]{6}$"},
},
"required": ["order_id"],
},
}
]
# Your runtime validates order_id against the schema BEFORE touching the DB.
def execute_tool(name, args):
if name == "get_order_status":
order = Order.query.filter_by(id=args["order_id"]).first()
return {"status": order.status} if order else {"error": "not found"}3. Memory
Context windows are large in 2026, but they are not infinite and they are not free. Memory is how an agent remembers across steps and sessions: short-term (the running transcript), and long-term (a vector store or database it can query). The mistake beginners make is dumping everything into the prompt. The discipline is retrieving only what the current step needs.
4. MCP — the connective tissue
The Model Context Protocol has become the standard way to expose tools and data to agents without hand-writing an integration for every model. Instead of bespoke glue, you run an MCP server that advertises its tools, and any MCP-aware client can use them. If you are building more than one agent, learning MCP early saves you from re-implementing the same connectors five times.
Tip
Start with one tool
The instinct is to give an agent twenty tools on day one. Resist it. A reliable agent with three well-described tools beats a flaky one with twenty. Add tools only when the agent demonstrably needs them and you have an eval that proves the addition helped.
Where agents actually earn their keep
✓ Pros
- Multi-step research and summarisation across internal docs
- Triaging tickets, tagging them, and drafting replies for human review
- Codebase tasks: refactors, test generation, dependency upgrades
- Orchestrating slow back-office workflows that span many systems
✕ Cons
- Anything needing sub-second deterministic responses
- High-stakes irreversible actions without a human in the loop
- Tasks where a simple SQL query or script is obviously cheaper
- Workflows you cannot evaluate — if you cannot measure it, do not automate it
The failure modes nobody demos
Agent demos always work. Production agents fail in four predictable ways, and budgeting for them upfront is the difference between a project that ships and one that quietly dies.
Runaway loops
An agent that cannot reach its goal will happily burn your entire budget trying. Always set a hard step cap and a token budget, and return a graceful "I could not complete this" instead of looping forever.
Tool misuse
The model calls the right tool with subtly wrong arguments — a malformed ID, a date in the wrong format, a destructive flag. Strict input schemas and server-side validation catch most of this before it reaches your data.
Context rot
As the transcript grows, early instructions get diluted and the agent drifts off task. Summarise and prune the context between steps; do not just append forever.
Silent wrongness
The scariest failure: a confident, well-formatted answer that is simply false. This is why evaluation is not optional — you need a test set that catches regressions the way unit tests catch code bugs.
Warning
Evaluation is the real work
Choosing a model takes an afternoon. Building an eval harness — a set of representative tasks with known-good outcomes that you run on every prompt change — takes a week and is what actually makes your agent trustworthy. Budget for it.
Cost and latency: the quiet killers
A single agent run can make ten or more model calls, each consuming the growing transcript. A five-step agent does not cost five times a chat message — it can cost fifteen times, because each step re-sends everything before it. Two levers tame this: aggressive prompt caching (cache the stable system prompt and tool definitions so you pay full price only once), and routing easy steps to a smaller, cheaper model while reserving the flagship model for genuine reasoning.
model calls a single multi-step agent run can make versus one chat reply
Pro tip
Log every step of every agent run from day one — the full prompt, the tool calls, the results, the token counts. When an agent misbehaves in production, this trace is the only thing that lets you reproduce and fix it. Treat it like application logging, not an afterthought.
A pragmatic first-agent checklist
✓ Pros
- One clear goal, three tools, a hard step cap
- Strict input schemas and server-side validation on every tool
- A human-in-the-loop gate before any irreversible action
- An eval set of 20–50 real tasks you run on every change
- Full step-level tracing and a per-run cost budget
✕ Cons
- No "let the agent figure out the database schema" shortcuts
- No autonomous writes to production on day one
- No twenty-tool kitchen sink before you have one tool working
- No shipping without an eval — confidence is not coverage
Where to go next
Agents are not magic and they are not a fad — they are a genuinely useful pattern for multi-step, tool-using automation, wrapped in more failure modes than a typical CRUD app. If you internalise the loop, respect the tool boundary, and invest in evaluation before scale, you will ship something that works. The next articles in this series go deep on the pieces: MCP for connectivity, prompt-injection defence for safety, and RAG for grounding agents in your own data.
! Common mistakes to avoid
-
✕Giving the agent twenty tools on day one.
✓Start with three well-described tools and add more only when an eval proves the need.
-
✕No step or token budget, so a stuck agent burns money forever.
✓Set a hard max-steps cap and a token budget; return a graceful failure when hit.
-
✕Letting the model write to production autonomously.
✓Gate every irreversible action behind human approval until you deeply trust the flow.
-
✕Shipping without an evaluation harness.
✓Build a 20-50 task eval set and run it on every prompt or model change.
? Frequently asked questions
What is the difference between an AI agent and a chatbot? +
A chatbot answers a single prompt. An agent pursues a goal across multiple steps, deciding for itself which tools to call and when it is finished. The defining feature is the loop: think, act, observe, repeat.
Do I need a framework like LangGraph or the OpenAI/Claude Agent SDK? +
Not to start. The core loop is about thirty lines of code. Frameworks add ergonomics, memory, and tracing, but write your own simple loop first so you understand exactly what your agent does in production.
Why is my agent so much more expensive than a chat feature? +
Each step re-sends the growing transcript, so a five-step agent can cost far more than five chat messages. Use prompt caching for the stable system prompt and tools, and route easy steps to a cheaper model.
How do I stop an agent from looping forever? +
Enforce a hard maximum step count and a token/time budget in your loop, and return a clear "I could not complete this" instead of retrying endlessly.
When should I NOT use an agent? +
Anything needing deterministic sub-second responses, high-stakes irreversible actions without human review, or tasks a simple script or SQL query solves more cheaply.
Success
The mindset that ships agents
Treat the model as a fast, fallible junior engineer: brilliant at first drafts, prone to confident mistakes, in need of clear instructions, tight permissions, and review on anything that matters. Build the system around that reality and agents become an asset instead of a liability.
