Six months ago I was ready to blame the model. The agents I had running in production would drift off-task, loop on tool calls, or return outputs that looked right but were quietly wrong in ways that only surfaced downstream.
I tried swapping models. I rewrote prompts. I added more detailed instructions about what the agent should do if X, Y, or Z happened.
None of it held.
The question of why AI agents fail in production is something I’ve spent more time on than I’d like to admit. A thread on r/LangChain this week captured it well: a developer shipping real agents described the moment he stopped blaming GPT-4 and started auditing his own pipeline.
The failures he described, including tool call drift, unvalidated outputs, and zero visibility into what the agent had done, are the same ones I’ve watched sink otherwise promising projects. The fix is not a better model. It is better scaffolding.
Here is what I changed.
Stop Blaming the Model for Why AI Agents Fail in Production
AI agents fail in production because of infrastructure failures, not model failures. Routing logic, tool call validation, output verification, and execution tracing account for the vast majority of production failures in real deployments.
This is the single hardest lesson to accept because the model is the visible thing. When an agent does something unexpected, the natural instinct is to fix the prompt or upgrade the model tier. That impulse is almost always wrong.
What I’ve noticed is that the model is often doing exactly what you asked it to do.
The problem is that what you asked was underspecified, and the model filled the gap in a way you didn’t anticipate. That is not a model failure. That is a contract failure between your agent’s instructions and its execution environment.
The four failure modes I see consistently across production agent work:
- Routing decisions made by the LLM based on free-form interpretation
- Tool calls with no schema enforcement on what gets passed in
- Outputs returned without verification that they match the expected format or state
- No execution trace, only the final result, with no record of how the agent got there
Fix all four of these and the agent starts behaving predictably. Not perfectly, but predictably. That is what production requires.
Pull Routing Logic Out of the LLM
Routing belongs in your code, not in your prompt. LLM-based routing creates non-deterministic behavior that is hard to reproduce and nearly impossible to debug in production.
The classic mistake is writing a system prompt like “If the user’s request is about billing, use the billing tool. If it’s about account settings, use the account tool.”
Then you wonder why the agent occasionally routes a billing question to account settings.
The way I’d think about this: the LLM is not a good switch statement. It is a good text processor. Use it for the text processing. Write the switch statement yourself.
Here is a concrete example of the difference:
LLM routing (fragile): “` System prompt: “Analyze the user’s intent and select the appropriate tool. If they’re asking about payments, call payment_tool. If they’re asking about their account, call account_tool.” “`
Rule-based routing (stable): “`python def routerequest(usermessage: str) -> str: keywords = { “payment_tool”: [“invoice”, “billing”, “charge”, “refund”, “payment”], “account_tool”: [“password”, “email”, “profile”, “settings”, “login”] } for tool, triggers in keywords.items(): if any(word in user_message.lower() for word in triggers): return tool return “general_tool” “`
The LLM still handles the response. It just does not handle the routing decision anymore. In my experience, this alone eliminates 40 to 50 percent of the “why did it do that” failures in production.
For more complex routing where keyword matching is too coarse, use structured classification: ask the LLM to output a JSON object with an `intent` field constrained to a predefined enum, then route in code based on that value.
The LLM handles ambiguity classification. Your code handles the branching.
Lock Down Tool Calls with Typed Contracts
Tool call failures in production agents come from unvalidated inputs. Typed schemas with Pydantic or JSON Schema enforce contracts on every call and catch failures before they propagate downstream.
The mistake I made early on was defining tool schemas loosely. “A string representing the user’s query” sounds fine until your agent passes in a 4000-token conversation dump where you expected a 50-word search string, and the tool silently truncates it.
Every tool call should have an explicit contract. Here is what I use for a typical search tool:
“`python from pydantic import BaseModel, Field, validator
class SearchInput(BaseModel): query: str = Field(…, minlength=2, maxlength=200) max_results: int = Field(default=5, ge=1, le=20)
@validator(‘query’) def querymustnotbeconversation(cls, v): if len(v.split()) > 40: raise ValueError(“Query too long – summarize to a search phrase”) return v.strip() “`
When the schema validation fails, you catch a `ValidationError` at the tool boundary, not a silent bad result downstream. The agent knows the call failed and can retry with a corrected input, or escalate to a human review step.
The same principle applies to tool outputs. Define what a valid tool response looks like and validate it before returning it to the agent.
A tool that returns `None` silently because something went wrong internally is far more dangerous than one that raises an explicit error.
A simple output contract:
“`python class SearchOutput(BaseModel): results: list[str] = Field(…, minitems=0, maxitems=20) total_found: int = Field(…, ge=0) query_used: str # reflects back what was searched
def search_tool(input: SearchInput) -> SearchOutput:
… your search logic …
return SearchOutput(results=results, totalfound=len(results), queryused=input.query) “`
This approach works regardless of which orchestration framework you’re using. The schemas are framework-agnostic and port directly between LangChain, LlamaIndex, and direct API calls.
Verify Outputs Before They Leave the Agent
Output verification catches the class of failures that look correct but are not. A simple assertion layer between the agent’s response and your application prevents bad data from reaching downstream systems.
What surprised me most when I added output verification is how often the agent was generating structurally valid responses that were semantically wrong. Not hallucinations in the dramatic sense. More like: the agent was asked to extract five action items from a document and returned four. Or it summarized the wrong section. Or it formatted a date differently than the downstream system expected.
These do not throw errors. They silently corrupt your pipeline.
Here is the verification pattern I use for structured agent outputs:
“`python def verifyagentoutput(rawoutput: str, expectedschema: BaseModel) -> tuple[bool, any]: try: parsed = expectedschema.modelvalidatejson(rawoutput)
Domain-specific checks beyond schema validation
if hasattr(parsed, ‘actionitems’) and len(parsed.actionitems) == 0: return False, “Agent returned empty action items – retry with explicit count instruction” return True, parsed except ValidationError as e: return False, f”Schema mismatch: {e}”
resultvalid, resultorerror = verifyagentoutput(agentresponse, ExpectedOutput) if not result_valid:
Retry once with corrected prompt, then escalate
retryresponse = callagent(prompt + f”\n\nPrevious attempt failed: {resultorerror}. Fix this.”) “`
The retry loop with error feedback is not a hack. It is a standard pattern for production agents: the agent’s own failure message becomes part of the next prompt, giving it specific information about what went wrong.
For teams building more complex verification layers, building custom AI agents with a framework like Dynamiq handles a lot of this scaffolding.
Verification pipelines, retry logic, and multi-agent orchestration come pre-wired, so you’re not starting from scratch on the plumbing every time.
Trace Every Execution Step
Production agents require full execution traces. Without them, you cannot diagnose failures, catch drift, or prove what your agent did in a given session.
This is the infrastructure piece I put off the longest, because it felt optional. It is not optional. Without traces, you are flying blind.
What I mean by tracing is not logging the final output. I mean logging every decision node: what the agent received as input, which tool it chose, what it passed to that tool, what the tool returned, and what the agent decided to do next. Every step.
The simplest version of this uses a context object passed through each call:
“`python import uuid from datetime import datetime
class AgentTrace: def init(self, session_id: str = None): self.sessionid = sessionid or str(uuid.uuid4()) self.steps = []
def log(self, steptype: str, inputdata: dict, output_data: dict): self.steps.append({ “timestamp”: datetime.utcnow().isoformat(), “steptype”: steptype, “input”: input_data, “output”: output_data })
def export(self) -> dict: return {“sessionid”: self.sessionid, “steps”: self.steps}
Usage
trace = AgentTrace() trace.log(“routing”, {“message”: usermessage}, {“toolselected”: “payment_tool”}) trace.log(“toolcall”, {“tool”: “paymenttool”, “input”: toolinput.dict()}, {“output”: tooloutput.dict()}) “`
For drift detection, one pattern from the r/LangChain community that I’ve found useful: treat agent outputs like snapshot tests.
Run your agent on a fixed test set weekly and compare outputs to a baseline. Significant divergence in output length, structure, or content pattern is your early warning system for model behavior changes before they hit production traffic.
The Anthropic “think” tool pattern is worth knowing here. Anthropic’s documentation on extended thinking and tool use describes a pattern where you give the agent a `think` tool it can call to reason through a problem before acting.
The think output gets logged in your trace and gives you a window into the agent’s reasoning process, which makes debugging significantly faster.
Choosing Tools for Production Agent Work
The right tool choice for production agents depends on whether you need framework abstraction or direct API control. Each option trades overhead for flexibility in a different way.
Here is how I’d frame the decision:
| Use case | Tool choice | Why |
|---|---|---|
| Quick prototype or single-task agent | Direct LLM API calls | Less overhead, easier to debug, no framework lock-in |
| Multi-step pipeline with multiple tools | LangChain or LlamaIndex | Pre-built tool handling, memory, and chaining |
| Enterprise deployments with auditing needs | Dynamiq | Built-in observability, typed tool contracts, multi-agent orchestration |
| Research or local experimentation | Local models via OpenClaw | Free to run, no API costs, good for testing patterns |
For teams shipping agents to real users, the overview of how AI agents work is worth reading before committing to a framework, because the framework choice shapes how easy it is to implement the four fixes above.
What the r/LangChain thread reinforced for me: normalize your tool call format across providers. If you’re making your agent model-agnostic, the tool call format differs between OpenAI, Anthropic, and local models.
Building a translation layer means you can swap models without rewriting your tool schemas.
The OpenClaw automation examples show how the tool normalization pattern looks in practice if you’re running agents locally.
