tanjilahmed87@gmail.com

AI Engineering7 min read

Building AI Agents with Tool Use: Lessons from Production

An agent that can call tools is powerful and genuinely unpredictable. The engineering that makes it safe in production isn't glamorous.

Tanjil Ahmed

Lead Software Engineer · Notionhive

Giving a model the ability to call tools — search, database queries, sending an email — turns it from a text generator into something that takes real actions with real consequences. That shift is where most of the actual engineering effort in agent systems lives, and it's rarely the part that gets demoed.

Constrain what the agent can actually do

The instinct is to give an agent broad tool access so it can handle more requests. The production-safe instinct is the opposite: scope each tool as narrowly as the task allows, add explicit confirmation steps for anything irreversible, and log every tool call with its full arguments before execution, not after.

  • Every tool needs its own permission boundary — an agent that can read a database shouldn't automatically be able to write to it.
  • Irreversible actions (sending an email, charging a card) need an explicit human-in-the-loop step, no exceptions for convenience.
  • Log the full reasoning trace and tool calls, not just the final answer — debugging an agent without this is nearly impossible.
  • Set a hard step limit — an agent that can loop indefinitely on tool calls will eventually find a way to.
The interesting part of an AI agent is the reasoning. The part that actually needs engineering discipline is everything around the reasoning.