Agents, tools & MCP
When to let the model act — and when not to.
Agents let a model plan, call tools, observe results and loop. They're powerful and over-hyped. Your job is to know when an agent is the right tool, how to build one safely, and how to keep it bounded.
Key ideas
- 1
The agent loop: plan → act (call a tool) → observe → repeat until done. Tools are how the model affects the world.
- 2
Prefer the simplest thing that works: a single well-prompted call or a fixed workflow often beats a free-roaming agent. Reach for agents when the path is genuinely dynamic.
- 3
MCP (Model Context Protocol) is the emerging standard for exposing tools/data to models — learn it; it's how you'll integrate enterprise systems.
- 4
Bound your agents: limited tool scope, allow-lists, sandboxing, step/time/cost limits, and human-in-the-loop for risky actions.
- 5
Agents amplify failure modes: prompt injection via tool output, runaway loops, and cost blowups. Observability and guardrails are mandatory.
Workflow vs agent
- Workflow: you orchestrate fixed steps (predictable, testable, cheaper) — default choice.
- Agent: the model decides the steps (flexible, needed for open-ended tasks) — use when the task space is dynamic.
- Many 'agents' should be workflows with one or two tool calls.
Building them safely
- Scope tools tightly; treat every tool as an attack surface.
- Sandbox side-effects; require approval for irreversible/expensive actions.
- Cap steps, time and spend; trace every tool call for debugging and audit.
- Treat tool outputs as untrusted input (indirect prompt injection).
Watch
Do the work
0/4 · 0%Test yourself
What is the agent loop?
27 chapters · progress saves automatically