Agents and workflows

Use this page when the main problem is routing, controller loops, tool execution, memory boundaries, or orchestration.

Use this page when the issue is how an agent system is put together: who decides the next step, which tools it can call, how memory moves across steps, and how to review the design and code.

Prerequisites

Before you start

• Know whether you are reviewing a single-step assistant flow or a true agent loop.
• Identify the controller, the model, the tools, and the trust boundaries before reviewing implementation details.
• Know whether the next question is about system design, code, or evaluation.

Scope

When to use agents and workflows

• Use this page when the main problem is agent structure, controller flow, tool use, memory across steps, or orchestration.
• Use it when behavior depends on how context, tools, and state move from one step to the next.
• Use it when you need to separate controller logic, model behavior, tool behavior, and state ownership.
• Use it when the task is about a multi-step AI system, not just a single prompt inside one chat turn.

Use another topic when the main problem is elsewhere:

• Prompt engineering — The main problem is how to write the prompt, not how a multi-step system is built.
• AI assistants — The main problem is how a chat assistant product behaves.
• API integrations and tools — The main problem is connecting the model to tools, APIs, or other external systems.

Continue with the right resource

Choose the resource that matches the next action, not just the content type.

Guides

Use this when the system design is already clear and the next step is to check the implementation against the vendor docs.

• Check an agent implementation against the vendor docs Use this when an agent system already has a defined design and the next step is to compare the implementation to the provider documentation.

Policies

Use these when an agent system needs fixed rules for system review, code review, and factual technical analysis.

• Require a system-boundary review Use this when the system must be checked for boundaries, dependencies, layering, and state ownership.
• Require an implementation review against the vendor docs Use this when implementation decisions must be checked against provider or standards documentation.
• Require the right review path for an agent change Use this when the team must choose the correct review mode before changing the system.
• Require a factual, technical review with no made-up claims Use this when the review must stay evidence-based, technical, and free of invented claims.

Prompts

Use these reusable prompts when you want to run system review and implementation review through the prompt layer.

• System prompt: review the system boundaries Use this to enforce a boundary-focused system review in the system layer.
• Workflow prompt: review the system design Use this when you want a guided review of boundaries, layering, and ownership.
• System prompt: check the implementation against the vendor docs Use this to enforce provider-doc checks during implementation review.
• Workflow prompt: run a vendor-doc implementation review Use this when you want a structured implementation review tied to provider documentation.
• System prompt: keep the review factual and technical Use this when the output must stay technical, objective, and free of invented claims.

Reference

Use these when you want the background behind controller boundaries, request assembly, privilege flow, and replay risk in agent systems.

• Reference: how prompt layers and policy layers interact Use this to understand how instruction layers and policy layers interact in agent systems.
• Reference: how request assembly can create attack surface Use this to reason about context selection, assembly failures, and pre-generation risk.
• Reference: how privilege carryover and replay failures happen Use this to analyze privilege carryover, provenance loss, and replay-related failure modes.

Articles

Use these when you need deeper analysis of trust boundaries, orchestration loops, and tool-execution control patterns.

• Read 8 trust-boundary checks for agent systems Long-form audit model for reviewing trust boundaries in agent systems.
• Read why the orchestration loop is the real attack surface Long-form analysis of orchestration-loop risk and why the model is not the whole attack surface.
• Read the tradeoff between LLM-led and orchestrator-led tool execution Long-form comparison of tool-execution control patterns and their tradeoffs.