Before you ship an AI agent for a client, prove these 5 controls.

If you build agents for clients, the demo is not the hard part.

The hard part is proving the agent will not act stupid at scale.

Before a workflow goes live, I want five checks.

1. Budget cap

Every agent needs a hard spend limit.

Not a dashboard number after the fact. Not a spreadsheet estimate.

A runtime cap.

If the agent crosses the line, it stops or degrades.

2. Loop detection

Agents repeat themselves.

They retry the same tool. They rewrite the same plan. They ask the same model for a slightly different answer.

Your runtime should catch repeated action patterns.

If the input is not changing and the output is not improving, stop.

3. Alert proof

An alert rule is not enough.

You need to know if the alert actually delivered.

Did the webhook return 200? Did the email provider accept it? When was the last success? When was the last failure?

If no one gets the alert, the control does not exist.

4. Remote kill

The operator needs a stop button outside the agent process.

If the only way to stop a run is to SSH into a box or close a terminal, you are not ready.

Remote kill should be boring.

Open dashboard. Send kill signal. Agent polls. Run stops.

5. Retained incident history

A client does not only need to know that something broke.

They need to know:

• what was running
• what failed
• who saw it
• what control fired
• what changed after

That history is how the next run gets safer.

The practical rule

Do not ask a client to trust an agent.

Show them the controls.

If the agent loops, what stops it? If it burns money, what caps it? If it fails at 2am, who knows? If it gets dangerous, who can kill it?

That is the real pre-ship checklist.

CTA: https://bmdpat.com/tools/agentguard