hello@krischase.com
Back to Blog
AI & AutomationAIAutomationEngineeringLeadershipFractionalCTO

AI Agent Reliability Needs an Operating Contract

A practical CTO operating contract for making AI agents observable, bounded, reversible, and safe enough for production work.

4 min read
843 words
AI Agent Reliability Needs an Operating Contract

AI Agent Reliability Needs an Operating Contract

The next AI agent advantage will not come from picking the smartest model. It will come from building systems that keep agents boring, observable, and reversible.

Most agent failures I see are not intelligence failures. The model can read the ticket, inspect the code, write a patch, and explain the result. The failure shows up somewhere else: hidden state, broad permissions, missing rollback, weak test evidence, or a handoff that makes the next person guess what happened.

That matters because founders and engineering leaders are starting to treat agents like junior teammates. A junior teammate has scope, supervision, a review path, and a way to ask for help. An agent with repo access and no operating contract has velocity without accountability.

What Most Teams Get Wrong

The common rollout pattern is seat-first. Buy Cursor, Claude Code, Copilot, or another agent tool. Encourage engineers to use it. Wait for cycle time to improve.

That works for small tasks. It breaks once agents start touching multiple files, calling tools, running commands, changing configuration, or operating across support, product, ops, and sales workflows. AI adoption cannot stay inside engineering. The whole business can benefit, but every team needs the same reliability pattern before agents handle important work.

If the only control layer is "the human watches the chat," the system will fail at scale. Humans miss context. Agents overstate success. Reviewers inherit work with no audit trail. The fix is not less AI. The fix is an operating contract.

The Agent Reliability Contract

1. Define the blast radius before work starts

Every agent run needs a scope boundary. Name the repo, files, services, data, and external systems it can touch. Name what it cannot touch.

For low-risk work, the boundary can be simple. For production data, auth, billing, infrastructure, or customer messaging, the boundary should require human approval before any write action.

2. Separate memory from evidence

Agent memory helps, but memory is not proof. Keep durable state for decisions, assumptions, and handoffs. Keep evidence for commands, tests, screenshots, API responses, and deploy checks.

This distinction matters outside code too. A support agent can remember a customer history, but it still needs source links before escalating. A sales agent can enrich an account, but it needs provenance before it writes to the CRM.

3. Require rollback for risky actions

Any workflow that changes code, data, infrastructure, or customer-facing copy needs a rollback note. The rollback can be a git revert, a database restore point, a feature flag, or a manual recovery procedure.

If nobody can explain how to undo the agent's work, the work is not ready for production.

4. Make success falsifiable

"Looks good" is not an acceptance test. A good agent run names the verification step before implementation starts, then returns evidence after it finishes.

The evidence can be a test run, a build, a lint check, a screenshot, a curl response, or a short manual QA note. The point is to give the reviewer something factual to inspect.

The Skill File

Drop this into an agent instruction file, repo workflow, or team playbook.

# Agent Reliability Contract

## Mission
Run agent work with bounded scope, durable state, human review, and evidence.

## Before Starting
- State the requested outcome in one sentence.
- List systems, files, accounts, and data in scope.
- List anything out of scope.
- Name the allowed write actions.
- Name the approval points for risky actions.
- Name the verification evidence required before completion.

## During Work
- Keep decisions in a durable note, not only in chat.
- Prefer small changes with clear review points.
- Stop before touching secrets, production data, billing, auth, infra, or external messages unless approval exists.
- Record commands, tool calls, and important outputs.

## Completion Contract
Every completion must include:
- What changed
- Files or systems touched
- Evidence collected
- Rollback path
- Known risks
- Next human decision, if any

A Real Example

In fractional CTO work, I move between product discussions, overseas engineering teams, repo-level implementation, and founder updates. The hardest part is rarely getting an agent to produce output. The harder part is making the output reviewable by the next person in the chain.

The same contract works across the business. Engineering uses it for pull requests. Support uses it for escalations. Product uses it for research synthesis. Ops uses it for process automation. Sales uses it before AI writes to a system of record.

AI adoption gets useful when the company stops asking "which model is smartest?" and starts asking "which workflows can we trust, inspect, and reverse?"

Get the Full Agent Reliability Contract

I posted a breakdown of the full agent reliability operating contract on LinkedIn. Comment "Guide" on that post and I'll DM you the skill file and review checklist directly.

Work With Me

I help engineering orgs adopt AI across their entire team - not only the code, but how product, support, and operations work too. If you want your org moving faster without growing headcount, let's talk.

Kris Chase

@krisrchase
Share:
XLinkedInFacebookRedditBluesky
Executive Tools