Agent Design

The definitive guide for designing reliable, production-grade AI agents in the AIWG framework.

Agent Design Bible

The definitive guide for designing reliable, production-grade AI agents in the AIWG framework.

Research Foundation

This guide synthesizes empirical findings from:

  • REF-001: Bandara et al. (2024) "Production-Grade Agentic AI Workflows" - 9 best practices for production reliability
  • REF-002: Roig (2025) "How Do LLMs Fail In Agentic Scenarios?" - 4 failure archetypes from 900 execution traces

Key Empirical Finding: Recovery capability—not model scale or initial correctness—is the dominant predictor of agentic task success. DeepSeek V3.1 achieves 92% success via post-training for verification/recovery, not architectural changes.

The 10 Golden Rules

Rule 1: Single Responsibility

Each agent does ONE thing well.

Rationale: REF-001 BP-4 establishes that agents with focused responsibilities produce more predictable outputs. Roig (2025) shows multi-purpose agents exhibit higher rates of Archetype 4 failures (coherence loss under load).

Checklist:

  • [ ] Agent purpose describable in one sentence
  • [ ] No "and" in the agent's core function
  • [ ] Clear input/output contract
  • [ ] Obvious when to use (and when NOT to use) this agent

Anti-pattern:

# BAD: Multi-purpose agent
name: Code Helper
description: Reviews code, writes tests, fixes bugs, and documents functions

Pattern:

# GOOD: Focused agent
name: Code Reviewer
description: Performs comprehensive code reviews focusing on quality, security, and maintainability

Rule 2: Minimal Tools

Assign 0-3 tools per agent. Prefer fewer.

Rationale: REF-001 BP-3 warns against tool sprawl. Each additional tool increases the agent's decision space exponentially. Roig (2025) Archetype 4 shows tool-heavy agents suffer more fragile execution.

Tool Assignment Guide:

Agent TypeRecommended ToolsRationale
Research/AnalysisRead, Grep, GlobRead-only exploration
Content CreationRead, WriteFocused output
Code ModificationRead, Edit, BashSurgical changes
OrchestrationTaskDelegation only
ValidationRead, GrepVerification only

Anti-pattern:

tools: Bash, Glob, Grep, Read, Write, Edit, MultiEdit, WebFetch, WebSearch, Task, NotebookEdit

Pattern:

tools: Read, Grep, Write

Rule 3: Explicit Inputs/Outputs

Define exactly what the agent receives and produces.

Rationale: Ambiguous contracts cause Roig Archetype 2 failures (over-helpfulness). When agents don't know what they're supposed to produce, they substitute plausible alternatives.

Contract Template:

## Inputs
- **Required**: [What MUST be provided]
- **Optional**: [What MAY be provided]
- **Context**: [What ambient information is available]

## Outputs
- **Primary**: [The main deliverable]
- **Secondary**: [Supporting artifacts]
- **Format**: [Exact structure/schema]

Example:

## Inputs
- **Required**: File path(s) to review
- **Optional**: Focus areas (security, performance, style)
- **Context**: Project coding standards from CLAUDE.md

## Outputs
- **Primary**: Prioritized list of issues with file:line references
- **Secondary**: Positive observations and overall assessment
- **Format**: Markdown with Critical/High/Medium/Low sections

Rule 4: Grounding Before Action

ALWAYS verify assumptions before modifying external state.

Rationale: Roig (2025) Archetype 1 (Premature Action Without Grounding) is a leading cause of cascading failures. Agents that guess schemas instead of inspecting them produce incorrect outputs that compound downstream.

Grounding Checkpoint:

Before ANY operation touching external state (files, APIs, databases):

1. List available inspection tools (ls, head, schema, describe) 2. Execute minimum inspection to confirm assumptions 3. Document confirmed state in reasoning 4. Only then proceed with modification

Example:

## Process (Code Reviewer)

1. **Scan**: Read all specified files using Read/Grep/Glob tools
   - VERIFY files exist before analyzing
   - CONFIRM file types match expectations
2. **Analyze**: Evaluate against criteria
3. **Report**: Provide findings with exact file:line references

Anti-pattern:

# BAD: Assumes structure
"The config file has a 'database' section with 'host' and 'port' fields..."

Pattern:

# GOOD: Verifies first
"Let me read the config file to understand its structure..."
[Reads file]
"The config has sections: database, cache, logging. The database section contains..."

Rule 5: Escalate Uncertainty

NEVER silently substitute missing or ambiguous data.

Rationale: Roig (2025) Archetype 2 (Over-Helpfulness Under Uncertainty) shows models substitute plausible alternatives when data is missing, producing confidently wrong outputs.

Uncertainty Protocol:

When encountering entity mismatches or ambiguous references:

1. STOP - Do not proceed with assumptions 2. LIST - Show all potential matches with confidence indicators 3. REPORT - "Entity 'X' not found. Similar candidates: [list]" 4. WAIT - Request clarification before proceeding 5. DOCUMENT - Log any assumptions in trace output

Example Escalation:

## Uncertainty Detected

Task requested: "Update the User service configuration"

Found multiple matches:
- `src/services/UserService.ts` (85% confidence - naming match)
- `src/services/AuthService.ts` (40% confidence - contains user logic)
- `config/services/user.yaml` (60% confidence - configuration file)

**Action Required**: Please specify which file(s) to modify, or confirm the primary match.

Anti-pattern:

# BAD: Silent substitution
Task: "Find revenue for Acme Corp"
[CSV contains "Acme Corporation" and "Acme Inc"]
"The revenue for Acme Corp is $1.2M" (silently used "Acme Corporation")

Rule 6: Scoped Context

Only process information relevant to the current task.

Rationale: Roig (2025) Archetype 3 (Distractor-Induced Context Pollution) shows that irrelevant but superficially similar information derails reasoning. The "Chekhov's gun" effect—if data is present, models assume it must be relevant.

Context Scoping Protocol:

1. Identify explicit task scope (time ranges, entity filters, operation type) 2. Classify context sections:

  • RELEVANT: Directly supports task
  • PERIPHERAL: May be useful for edge cases
  • DISTRACTOR: Similar but out of scope

3. Process RELEVANT first, PERIPHERAL only if needed 4. Ignore DISTRACTOR content entirely

Example:

## Task Scope Analysis

Task: "Calculate Q4 revenue for Product A"

Context Classification:
- RELEVANT: Q4 data rows, Product A entries
- PERIPHERAL: Q4 data for Products B, C (same time period)
- DISTRACTOR: Q1-Q3 data for Product A (wrong time period)

Processing: Focus on rows where quarter='Q4' AND product='A'

Rule 7: Recovery-First Design

Build agents that can diagnose and recover from failures.

Rationale: REF-002's key finding: recovery capability is THE dominant predictor of success. DeepSeek V3.1's 92% success rate comes from post-training for verification/recovery behaviors.

Recovery Protocol:

1. PAUSE   - Stop execution, preserve state
2. DIAGNOSE - Analyze error message and execution trace
   - Syntax error? → Fix formatting
   - Schema mismatch? → Re-inspect target
   - Logic error? → Decompose into smaller steps
   - Loop detected? → Change approach entirely
3. ADAPT   - Choose recovery strategy based on diagnosis
4. RETRY   - With adapted approach (max 3 attempts)
5. ESCALATE - If 3 adapted retries fail, request human intervention

Agent Template Addition:

## Error Handling

When encountering errors:
1. Capture the full error message and context
2. Analyze root cause before retrying
3. Adapt approach if same error occurs twice
4. Report blocking issues with:
   - What was attempted
   - What failed
   - What was tried to recover
   - What human input is needed

Rule 8: Appropriate Model Tier

Match model capability to task complexity.

Rationale: REF-001 BP-6 and REF-002 both show that model scale alone doesn't predict reliability. Use the right tier for the task—don't waste capacity on simple operations.

Model Selection Guide:

TierModelUse ForAvoid For
EfficiencyhaikuValidation, formatting, simple transformsComplex reasoning, architecture
BalancedsonnetMost development tasks, code reviewNovel architecture, critical decisions
ReasoningopusArchitecture, security analysis, complex trade-offsRoutine operations, high-volume tasks

Task-to-Tier Mapping:

# HAIKU (efficiency)
- Linting and formatting
- Simple file operations
- Template population
- Status checks

# SONNET (balanced)
- Code review
- Test generation
- Documentation
- Bug investigation

# OPUS (reasoning)
- Architecture design
- Security threat modeling
- Complex refactoring
- Critical decision making

Rule 9: Parallel-Ready

Design agents to run concurrently when tasks are independent.

Rationale: REF-001 BP-9 (KISS) emphasizes simple, composable agents. Independent agents can run in parallel, dramatically improving throughput.

Parallel Design Checklist:

  • [ ] Agent has no dependencies on other agents' outputs (or dependencies are explicit)
  • [ ] Agent doesn't modify shared state without coordination
  • [ ] Agent can be launched via Task tool alongside others
  • [ ] Agent's output is self-contained and mergeable

Orchestration Pattern:

## Parallel Review Pattern

For comprehensive document review, launch simultaneously:
- Security Architect → Security validation
- Test Architect → Testability review
- Technical Writer → Clarity review
- Requirements Analyst → Traceability check

All reviewers read the same input, produce independent feedback.
Synthesizer agent merges feedback afterward.

Rule 10: Observable Execution

Produce traceable outputs for debugging and improvement.

Rationale: REF-001 emphasizes observability throughout. Without traces, failures can't be diagnosed or prevented.

Observability Requirements:

## Trace Output

Every agent should log:
1. **Start**: Task received, inputs summary
2. **Plan**: Intended approach
3. **Steps**: Each significant action taken
4. **Decisions**: Why alternatives were rejected
5. **Result**: Final output summary
6. **Metrics**: Duration, tokens used, tools invoked

Example Trace:

[2025-12-10T10:30:00Z] CODE-REVIEWER started
  Input: src/api/*.ts (12 files)
  Focus: security, performance
[2025-12-10T10:30:01Z] PLAN: Scan → Analyze → Prioritize → Report
[2025-12-10T10:30:02Z] STEP: Reading src/api/auth.ts (342 lines)
[2025-12-10T10:30:05Z] FINDING: SQL injection at auth.ts:87
[2025-12-10T10:30:15Z] COMPLETE
  Duration: 15s
  Findings: 3 critical, 5 high, 12 medium
  Files reviewed: 12/12

When NOT to Use an Agent

REF-001 BP-2 explicitly identifies when to bypass agents for direct function calls.

Use Direct Functions For

OperationWhy Not Agent
File I/O (read/write)Deterministic, no reasoning needed
String formattingPure transformation
Data validation (schema)Rule-based, predictable
HTTP requestsAPI call, not decision
Math calculationsDeterministic computation

Use Agents For

OperationWhy Agent
Code reviewRequires judgment
Architecture decisionsTrade-off analysis
Content generationCreative reasoning
Error diagnosisRoot cause analysis
Multi-step workflowsCoordination needed

Decision Rule: If the operation is deterministic and requires no judgment, use a direct function. If it requires reasoning, judgment, or creativity, use an agent.

Agent Definition Template

---
name: [Agent Name]
description: [One sentence describing single responsibility]
model: [claude-haiku-4-5|claude-sonnet-4-6|claude-opus-4-7]  # Pin variant; bare aliases inherit parent context. See #1442.
tools: [Minimal tool list, 0-3 preferred]
---

# [Agent Name]

You are a [role] specializing in [specific focus].

## Inputs

- **Required**: [What must be provided]
- **Optional**: [What may be provided]
- **Context**: [Ambient information available]

## Outputs

- **Primary**: [Main deliverable]
- **Format**: [Structure/schema]

## Process

1. **Ground**: [Verification step before action]
2. **Execute**: [Core task steps]
3. **Validate**: [Output verification]

## Uncertainty Handling

When encountering ambiguity:
1. Stop and document the uncertainty
2. List potential interpretations
3. Request clarification before proceeding

## Error Recovery

When encountering errors:
1. Capture full error context
2. Diagnose root cause
3. Adapt approach (don't retry blindly)
4. Escalate if 3 adapted attempts fail

## Example Usage

[Concrete example of input → output]

Validation Checklist

Before deploying any agent, verify:

Structure

  • [ ] Single responsibility (Rule 1)
  • [ ] 0-3 tools assigned (Rule 2)
  • [ ] Explicit inputs/outputs (Rule 3)
  • [ ] Appropriate model tier (Rule 8)

Behavior

  • [ ] Grounding step included (Rule 4)
  • [ ] Uncertainty escalation defined (Rule 5)
  • [ ] Context scoping guidance (Rule 6)
  • [ ] Recovery protocol specified (Rule 7)

Operations

  • [ ] Parallel-ready design (Rule 9)
  • [ ] Observable execution (Rule 10)

Meta

  • [ ] Clear when NOT to use this agent
  • [ ] Example usage provided
  • [ ] Error scenarios documented

Failure Archetype Prevention

Quick reference for avoiding the four empirically-identified failure modes:

ArchetypePreventionRule
Premature ActionGrounding checkpointRule 4
Over-HelpfulnessUncertainty escalationRule 5
Distractor PollutionContext scopingRule 6
Fragile ExecutionRecovery-first designRule 7

Multi-Agent Patterns

Primary → Reviewers → Synthesizer

Standard pattern for artifact generation:

Primary Author (opus) → Creates draft
    ↓
Parallel Reviewers (sonnet) → Independent review
    - Security review
    - Technical review
    - Standards review
    ↓
Synthesizer (sonnet) → Merges feedback into final

Decompose → Execute → Validate

Pattern for complex tasks:

Decomposer (opus) → Breaks into ≤7 subtasks
    ↓
Executors (haiku/sonnet) → Complete subtasks in parallel
    ↓
Validator (sonnet) → Verifies completeness and consistency

Scout → Decide → Act

Pattern for uncertain operations:

Scout (haiku) → Gathers information, identifies options
    ↓
Decider (opus) → Evaluates options, chooses approach
    ↓
Actor (sonnet) → Executes chosen approach

References

Revision History

DateAuthorChanges
2025-12-10AIWGInitial version synthesizing REF-001 and REF-002 findings