Agents need a floor, not a ceiling

Give agents a floor—what they must never do—before you debate how clever they can be.

The agent hype cycle wants ceilings: more tools, longer context, more autonomy. Operations wants floors: no PII in logs, no refunds above $200 without a human, no write access to production without a ticket.

I design agent systems inside-out:

1. Allow-list tools — If it is not explicitly permitted, it does not exist.
2. Human gates on irreversible actions — Send, charge, delete, publish—all async approval with timeout.
3. Structured outputs — JSON schema or function calls; prose is for humans, not for downstream systems.
4. Escalation paths — When confidence is low, the success case is “hand to a person with context,” not “try harder.”

The best agent deployments I have seen look like junior staff with a good manager: narrow remit, clear SOP, audit trail. The worst look like an intern with root access and a poetry degree.

Measure agents on containment—how often they finish inside policy—not on how impressive the transcript reads. A glowing conversation that triggered three side effects is a failure mode wearing a success costume.

Autonomy is not the goal. Reliable partial automation is. Build the floor first. Raise the ceiling only when the floor has not moved in a month.