ProductOS

How do you run AI agents in production? The 2026 playbook

Shreyash Singh

Shreyash Singh · Co-founder & CTO, ProductOS

Published ·15 min read

TL;DR

  • A demo proves an agent can succeed; production requires knowing when it failed.
  • They stall because autonomy gets scoped before verification does.
  • The proven shape is orchestrator plus specialists: one agent owns routing, state, and stage transitions, while narrow specialists own domain work with small toolsets.
  • Through a shared context layer: a persistent store of decisions, constraints, and artifacts that every agent reads from and writes to, so consistency comes from shared state rather than from hoping each agent remembers.

Running AI agents in production means five disciplines working together: an orchestration architecture that routes work to specialists, a shared context layer that keeps agents consistent across steps, verification that checks output against defined criteria before users see it, failure handling that retries and self-fixes within bounds, and cost control through deliberate model routing. Miss any one and you have a demo, not a system.

The gap between the two is where most projects die. Gartner predicted in 2025 that over 40 percent of agentic AI projects would be canceled by the end of 2027, citing cost, unclear value, and inadequate risk controls. The pattern behind that number is consistent: teams ship the impressive 80 percent, then discover the remaining 20 percent, verification, recovery, and economics, is most of the engineering.

This playbook covers each discipline concretely, drawing on a pipeline we run in production: ten specialized agents that take products from idea to deployed code. You can see that roster, from Orchestrator to Deploy, on the agents page, with each agent’s real tools and inputs documented.

What separates a production agent system from a demo?

A demo proves an agent can succeed; production requires knowing when it failed. The difference is not model quality but everything wrapped around the model: defined success criteria, verification before output reaches users, bounded recovery when steps break, observability into every decision, and an economic model that survives contact with real usage.

Put side by side, the gap is structural:

Concern Demo agent Production agent system
Success definition Output looks right Output verified against explicit criteria
Failure handling Human retries the prompt Bounded automatic retry and self-fix, then escalate
Context One chat history Persistent shared state across agents and sessions
Execution environment Developer’s machine Isolated sandboxes with previews
Observability Scrollback Logs, ledgers, and artifacts for every step
Cost Ignored Measured per run, managed via model routing
Model dependency Hardcoded favorite Routable per task, swappable as models change

A useful mental model: an AI agent in production is a probabilistic component inside a deterministic system. The agent’s individual step can fail; the system’s job is to make that failure detectable, recoverable, and cheap. Everything in this playbook is a way of buying those three properties.

Why do most agent projects stall before production?

They stall because autonomy gets scoped before verification does. Teams give agents broad, open-ended goals, discover they cannot tell good runs from bad ones, and then cannot fix what they cannot measure. Costs compound quietly at the same time, and the project dies in the gap between impressive and dependable.

The recurring failure patterns:

  • No definition of done. If success is “the user seems happy”, you cannot build verification, and without verification you cannot improve. Production agents need explicit acceptance criteria per task, which is why agent reliability and spec-driven development keep converging: the spec is what verification checks against.
  • One giant agent. A single agent with thirty tools and a huge prompt degrades in ways nobody can localize. When it misbehaves, there is no seam to inspect. Specialization exists precisely to create seams.
  • Unbounded loops. An agent allowed to retry forever will spend real money doing so. Bounded retries with escalation are the difference between resilience and a bill.
  • Token economics discovered late. Anthropic’s engineering write-up on its multi-agent research system reported agents using several times the tokens of a chat interaction, and multi-agent systems using around fifteen times more. Teams that design for chat-level costs meet a very different invoice.
  • Missing risk controls. Gartner’s canceled-project analysis flags this directly: agents with production access and no guardrails are a liability the moment output stops being reviewed by a human every time.

None of these are model problems. All of them are system design problems, which is good news: system design is a solved discipline, and the rest of this playbook applies it.

What architecture do production agent systems need?

The proven shape is orchestrator plus specialists: one agent owns routing, state, and stage transitions, while narrow specialists own domain work with small toolsets. Add isolated execution environments for anything that touches code, and persistent artifacts between steps. This shape creates the seams that debugging, verification, and cost control all depend on.

Why this shape wins over one large agent:

  • Focused context per agent. Each specialist carries only its own material, which keeps every context window dense with relevant signal. This is the isolate pillar of context engineering, applied as architecture.
  • Localizable failure. When output is wrong, you know which agent, which inputs, which artifact. A monolithic agent gives you one undifferentiated transcript.
  • Independent evolution. You can improve the QA specialist’s prompts or swap its model without touching the builder.

In our pipeline, the Orchestrator is the only agent the user talks to and the only path between stages. It is explicitly forbidden from doing domain work: every research question, PRD section, design decision, and line of code is delegated to one of nine specialists. It scaffolds document outlines before delegating sections, proposes stage transitions for human approval, and maintains the project wiki that every agent reads.

The second architectural requirement is isolated execution. Agents that write and run code need real environments with blast-radius limits. The Fullstack Builder runs headless inside an isolated cloud sandbox per project, editing files and running commands against a pre-installed Next.js app with a live preview. The sandbox boundary is what makes an autonomous coding agent safe to run: worst case, it breaks its own sandbox, not your infrastructure.

Third, artifacts between stages. Each stage should emit a durable, inspectable artifact, a research document, a PRD, a design brief, a QA report, rather than passing raw transcripts forward. Artifacts are simultaneously your observability layer and your context compression layer.

How do you keep agents consistent across a long pipeline?

Through a shared context layer: a persistent store of decisions, constraints, and artifacts that every agent reads from and writes to, so consistency comes from shared state rather than from hoping each agent remembers. Without it, agent three quietly contradicts what agent one agreed with the user.

The mechanics that matter in production:

  • A single source of truth per project. In ProductOS that is the project wiki the Orchestrator keeps clean, plus cross-stage memory read from every agent. A constraint locked during ideation is still binding when the builder writes code.
  • Grounding rules at the boundary. The Research Agent must attach a clickable source to every claim it logs, and the PRD Agent must ground every section in prior-stage artifacts rather than inventing. Ungrounded content is contained before it can poison downstream context.
  • Compression by artifact. Downstream agents consume the PRD and DESIGN.md, not upstream transcripts. The pipeline’s shape does the summarizing, deterministically.
  • Windows managed as budgets. Long-context behavior degrades as windows fill, so per-agent context is curated rather than accumulated. Treat the context window as a scarce resource with an attention budget, not a bucket.

This is a deep enough topic that we wrote it up separately: context engineering covers the write, select, compress, isolate framework that production pipelines apply. The one-line summary for this playbook: shared context is not a nice-to-have, it is the mechanism by which ten agents behave like one team.

How do you verify agent output before users see it?

You verify against explicit criteria in the most realistic environment available, and you make the verdict structured. For coding agents that means driving the real application in a real browser against the flows the spec defines, then emitting a machine-readable result that can trigger fixes automatically.

The verification ladder, in increasing order of confidence:

  1. Static checks. Types, lint, build. Cheap, fast, catches the mechanical failures. Necessary and wildly insufficient: code that compiles is not code that works.
  2. Deterministic tests. Unit and integration tests, ideally derived from the spec’s acceptance criteria. Catches regressions; misses everything nobody wrote a test for.
  3. Agent-driven functional testing. An agent exercises the running application the way a user would. This is the tier most teams skip and the one that actually predicts user experience.
  4. Human review at gates. Not every step, which does not scale, but at stage transitions: approve the outline, approve the spec, approve the release. Humans set direction; machines check conformance.

Tier three is worth making concrete, because it is where our pipeline earns its reliability. The QA Agent drives a real headless Chromium browser against the app’s live preview URL, screenshotting after every action. It covers four areas: critical user flows taken from the PRD, per-route visual checks, direct backend API checks, and accessibility plus console and network errors. Every run ends in a single structured verdict, pass, partial, or fail, with severity-ranked findings and suggested fixes.

The structured verdict is the design decision that matters. Because a fail arrives as ranked findings rather than prose, it can chain directly into an automated fix run by the builder, closing the loop without a human triaging bug reports. Verification that produces machine-actionable output turns quality from a review activity into a feedback loop.

How do you handle failure, retries, and recovery?

Assume every step can fail, then make failure cheap: validate before expensive operations, retry with new information rather than blind repetition, cap retries at a small fixed number, and escalate to a human with full context when the cap is hit. Bounded self-repair is the production pattern; infinite loops and silent failures are the anti-patterns.

The retry rule that matters most is subtle. A blind retry, running the same call again and hoping, wastes tokens and rarely converges.

A useful retry changes the input. Feed the agent the exact error, the failing output, and the constraint it violated, then let it try again with that new information. If it fails three times, the problem is not transient, and a human should see it.

A simple failure taxonomy helps you decide the response before an incident, not during one:

  • Transient. A timeout or a rate limit. Retry with backoff; no human needed.
  • Correctable. A failed test or a type error the agent can read. Retry with the error as new context, capped at three.
  • Structural. A missing credential, an impossible requirement, a contradictory spec. Do not retry; escalate with full context immediately.

Most runaway-cost incidents come from treating a structural failure as a correctable one, letting the agent burn a hundred retries on a problem no retry can solve.

Our Deploy Agent is a compact case study in the pattern, because deployment is where failures are most visible and most expensive:

  • Check state first. Its mandatory first call checks the current deployment state, so it never acts on stale assumptions about what is already live.
  • Preflight before shipping. It runs the full production build inside the sandbox before anything leaves it. Failures surface in a safe environment where fixing is cheap.
  • Bounded self-fix. When a build breaks, it reads the actual build logs, applies a targeted fix, and retries, up to three times, then stops and asks the human. Each retry is informed by new evidence, not a blind rerun, and the cap converts a potential infinite loop into a bounded cost.
  • Leave an audit trail. Every release lands in a cumulative deploy ledger, and the code is pushed to the user’s own GitHub. When something goes wrong later, the history exists and the user owns it.

The generalizable rules: retries must incorporate new information, caps must be small and fixed, escalation must carry full context, and every autonomous action must leave a durable record. The full pipeline behind that flow is documented at deploy and own your code.

How do you control cost and model choice?

By routing deliberately: match each task to the cheapest model that meets its quality bar, keep contexts lean so token burn tracks value, and never hardcode a single provider. Agent economics are dominated by token volume, and volume is a design variable, not a constant.

The levers, in rough order of impact:

  • Per-task model routing. Verification sweeps, log parsing, and formatting do not need frontier reasoning; architecture and complex implementation do. A pipeline with seams can route each specialist independently. ProductOS runs BYOK multi-provider routing with no model hardcoded, which also means the platform does not silently absorb a margin on your inference.
  • Context discipline as cost control. Every technique from the consistency section, artifact compression, per-agent isolation, pruned tool output, cuts spend directly, because you pay for every token whether the model attends to it or not.
  • Provider portability as risk management. Model rankings on public benchmarks like SWE-bench have reshuffled repeatedly since 2024, and pricing moves with them. A system with no hardcoded model treats each release as an opportunity; a hardcoded system treats it as a migration project.
  • Bounded loops as budget caps. Retry caps are cost policy as much as reliability policy. Three informed attempts is an engineering budget; unlimited attempts is an incident.

Tips

  • Log every tool call and model response; a production incident you cannot replay is a production incident you cannot fix.
  • Set a hard step budget and a token ceiling per run, then alert before the run hits either.
  • Make the agent verify its own output against a real check, a test run or an assertion, not against its own confidence.
  • Cap automated retries at three, then escalate to a human; infinite self-correction burns cost and rarely converges.
  • Pin model versions in config so a provider update never silently changes behavior in production.

How ProductOS does it

ProductOS runs this playbook as a product. Ten specialized agents, Orchestrator, Ideation, Research, PRD, Architect, Design, Design System, Fullstack Builder, QA, and Deploy, share one project context across five stages: Ideate, Discover, Define, Design, and Develop. The Orchestrator routes all work and maintains the project wiki; it never writes code itself.

Verification and recovery are built in. The QA Agent tests in real headless Chromium and returns a pass, partial, or fail verdict that can chain into automated fixes. The Deploy Agent preflights the production build, pushes to your own GitHub, and self-fixes up to three times before asking a human.

Builds run in isolated cloud sandboxes with live previews, and model routing is BYOK multi-provider with nothing hardcoded. The showcase products, SOLEN, Orbit, StudioFlow, Lumen Notes, Echo, and Reserva, all shipped through this pipeline. The architecture is documented on the five-stage pipeline page.

Frequently asked questions

What does it mean to run AI agents in production?

It means agents doing real work for real users without a human reviewing every step, inside a system that defines success explicitly, verifies output before it lands, recovers from failures within bounds, and tracks cost per run. The agent is a probabilistic component; production is the deterministic machinery that makes its failures detectable and cheap.

How many agents should a production system have?

As many as there are genuinely distinct jobs, and no more. The orchestrator-plus-specialists pattern works because each specialist gets a focused context and a small toolset; splitting further adds coordination cost without adding signal. ProductOS settled on ten because the product pipeline has roughly ten distinct competencies, from research to deployment. Your domain will have its own natural seams.

How do you evaluate AI agents before production?

Build task-level evals from your acceptance criteria: a set of representative tasks, each with a defined check for success. Run them on every prompt, tool, or model change, and grade outcomes rather than transcripts. Then keep verification running in production, because eval sets drift from reality. If you cannot write the check, the task is not specified well enough to automate.

What guardrails do production agents need?

Scope guardrails: least-privilege tools and sandboxed execution so the blast radius is contained. Behavior guardrails: bounded retries, spend caps, and mandatory state checks before irreversible actions. Process guardrails: human approval at high-stakes gates like deployment and outbound communication. The test is simple: enumerate the worst action each agent could take, then confirm something structural, not a prompt, prevents it.

Why do multi-agent systems cost so much more than chat?

Token volume. Anthropic’s write-up on its multi-agent research system found agents consuming several times the tokens of a chat, and multi-agent runs consuming roughly fifteen times more. Every specialist carries context, calls tools, and iterates. The costs are manageable with routing, compression, and bounded loops, but they must be designed for, not discovered on the first invoice.

Can non-engineers run production agent systems?

Yes, when the reliability engineering ships inside the platform instead of being built per team. The disciplines in this playbook do not disappear; they get productized. In ProductOS, a founder gets orchestration, sandboxed builds, real-browser QA, and bounded deploy self-fixes without assembling any of it, and human judgment stays in the loop at stage approvals.

What observability do agent systems need?

Three layers. Artifacts: every stage emits a durable output you can inspect, a spec, a report, a ledger. Decisions: which agent did what, with which inputs, and why, traceable per run. Verdicts: structured pass or fail results over time, so you see reliability trends rather than anecdotes. If a bad run cannot be reconstructed afterward, you do not have observability yet.

Should agents be allowed to deploy to production automatically?

Only with structural safeguards: a preflight build in an isolated environment, bounded self-fix attempts, an audit ledger, and code pushed to a repository the user owns. Many teams also keep a human approval on the final promote step. Autonomy is earned per action class; deployment is high-stakes enough that the bounds should be conservative and the trail complete.

Ship agents that survive contact with users

Production agents are a systems problem, and the system is buildable: orchestration, shared context, real verification, bounded recovery, deliberate economics. See how the ten specialists divide that work on the agent roster, or skip the assembly entirely and start building free on ProductOS.

Build it with ProductOS

Stop reading about it. Ship it.

Describe your idea once. AI agents research it, spec it, design it, and build real code you own, sharing one context the whole way.

Free to start · no credit card required

Shreyash Singh

Shreyash Singh

Co-founder & CTO, ProductOS

Built ProductOS's AI agent architecture, backend infrastructure, and core product engine from scratch. Deep expertise in scalable systems and applied AI. Writes about agent pipelines, codegen, and AI engineering.

Editorial policy