[!NOTE] Engineering Playbook Most AI demos work on localhost but fail in production because they lack the "boring" engineering rigour required for enterprise software. This playbook outlines the defense-in-depth strategy required to harden probabilistic agents into deterministic software.
The Agent Hardening Architecture
[!TIP] The Unix Philosophy Connection Hardening implements The Rule of Robustness ("Robustness is the child of transparency and simplicity") and The Rule of Repair ("When you must fail, fail noisily and as soon as possible").
We tackle robustness across three critical layers: Transport, Integrity, and Type Safety.
graph LR
User[User] -->|POST /run| Guard[Guard]
Guard -->|Security Check| Guard
Guard -->|Check Key| DB[(Store)]
DB -->|Exists| User
DB -->|New| Agent[Continue to Agent]
style Guard stroke:#e11d48,stroke-width:2px,fill:transparent
style DB stroke:#059669,stroke-width:2px,fill:transparent
Phase 1: Operation Integrity (Idempotency)
The Problem: Double Execution
If an agent times out while placing an order, it might retry. Without idempotency, you get double orders. LLMs "retry" agressively when confused.
The Solution: Idempotency Keys
- Client Responsibility: Agent generates a deterministic UUID v5 based on the operation arguments.
- Middleware Responsibility: Checks this key before execution. If key exists, return stored result (or 409 Conflict).
Phase 2: Transport Security (Strict CORS)
The Problem: Vulnerable Transport
Browser-based agents are vulnerable to CSRF and unauthorized cross-origin access. Local dev uses *, but production must not.
The Solution: Strict Whitelisting
- Environment Awareness: Configuration that strictly whitelists origins based on
ENV(Stage vs Prod). - Wildcard Ban: Rejecting all
*wildcards in production environments.
Phase 3: Type Safety (The DTO Barrier)
graph LR
Agent[Agent] -->|Validate JSON| Agent
Agent -->|Invalid| User[User: 422 Error]
Agent -->|Valid| Logic[Run Logic]
Logic -->|Cache| DB[(Store)]
Logic -->|Response| User
style Agent stroke:#d97706,stroke-width:2px,fill:transparent
style DB stroke:#059669,stroke-width:2px,fill:transparent
The Problem: Loose Contracts
LLMs love to guess JSON structures. If your API accepts a loose Dictionary/Map, the LLM will eventually send a slightly wrong format (e.g. userId vs user_id) that breaks your backend silently.
The Solution: Strict Pydantic DTOs
- Strict DTOs: Use strict data contracts (Pydantic/Zod) at the edge.
- Fail Fast: Fail with specific validation errors so the LLM can self-correct immediately.
Phase 4: Production Failure Modes
Agents fail differently than traditional software. You must anticipate:
1. Phantom Completion
The LLM says "I have saved the file" but never actually called the tool.
- Fix: Verify state changes in the
Structural Engine. Never trust the text output.
2. Infinite Loops
The LLM decides to "think" forever or gets stuck in a retry loop.
- Fix: Hard
max_stepslimit in theStructural Engine.
3. Silent Skips
The model ignores a critical validation step because it was "distracted" by a long context window or a stronger prior instruction.
- Fix: Use Graph Gates (edges) to force the step, rather than just prompting for it.
Phase 5: Operations & Circuit Breakers
Circuit Breakers
The runtime must enforce "Circuit Breakers" that the Brain cannot override:
- Global Timeout: Hard 30s limit on the entire flow.
- Step Limit: Max 10 reasoning steps per turn.
- Cost Limit: Max $0.05 per user query.
Degraded Cognition (Fallback)
If the primary model (e.g., GPT-4o) is down or timing out:
- Middleware detects timeout/5xx.
- Swaps
model_idconfig to a fallback (e.g., GPT-4o-mini or Claude Haiku). - Retries the step transparently.
Phase 6: Observability
You cannot debug an agent with a single "Success" metric. Split your metrics:
| Metric Type | Example Metrics |
|---|---|
| Structural (The Cars) | Transitions/sec, Tool Error Rate (5xx), Graph Completion % |
| Cognitive (The Driver) | Instruction Adherence, Hallucination Rate, User Sentiment |
Debugging Strategy
- Replay: Store the exact
stateobject +promptcontext for every failed run. Replay locally to debug. - Drift Detection: Monitor pass/fail rates on a "Golden Dataset" of 50 canonical queries. If it drops, your prompt or model has drifted.
Summary Checklist
- Idempotency: Do all write operations require an
Idempotency-Keyheader? - CORS: Is
allow_originsstrictly defined for production? - Validation: Are all API payloads validated with strict schemas (no
Dict[Any]orObject)? - Timeouts: Are strict timeouts set for LLM calls to prevent hanging connections?
The Bottom Line
[!IMPORTANT] Hardening isn't about better prompts; it's about treating the LLM as an untrusted client. By enforcing strict engineering constraints (Idempotency, Types, CORS), we force the probabilistic agent to behave within deterministic guardrails.
References & Further Reading
Related Playbooks
- The Engineering Manifesto — AlphaPebble's core philosophy for building high-stakes autonomous AI systems.
- The Dual-Engine Architecture
- Zero-Trust AI Shield
- Precedent Engineering (Coming Soon)
This playbook is maintained by the AlphaPebble team. For implementation support, get in touch.