How do I pick between ReAct, Plan-and-execute, and Tree of Thoughts agent styles?

Match style to task shape. ReAct (reasoning + tool use interleaved) fits search/code tasks where you read tool results and decide the next step. Plan-and-execute (plan first, then execute) suits longer tasks — committing to a plan upfront stays more stable than re-deciding every ReAct step. Tree of Thoughts / Reflexion fits tasks needing multi-option exploration + self-critique + best-pick (puzzles, complex math). Router agents dispatch requests by intent/domain to specialized sub-agents, saving tokens.

How do I stop an Agent from looping or calling tools forever?

Through stop conditions — at least three caps: max steps (e.g., 10), max tool calls (e.g., 20), max time (e.g., 60s); any trigger breaks. Loop detection can hash the last N (tool, args) pairs and abort on repeats. The chapter pseudocode is the standard pattern: `while not done: ... if stop_condition(): break`. In production, also add: distinct exit codes for completion vs timeout vs kill (upstream needs to know), cancel-rate monitoring, and routing loop cases to a trace store for post-mortem.

What's dual-model verification, and why use cheap-model + expensive-model review?

Dual-model verification: a cheap model (e.g., GPT-4o-mini) runs the agent's main loop and tool calls; an expensive model (e.g., Claude Sonnet 4.5 / GPT-5) only reviews at the end — checks whether the answer cites tool outputs, follows instructions, and contains no hallucinations. The rationale: 80% of steps don't need top-tier reasoning, so the most expensive compute lands at the highest-ROI "quality gate." Combined with self-critique (agent verifies its own answer vs instructions/citations), this lifts production quality measurably while adding only 10-20% cost.

How do I add human approval for Agent's high-risk actions (sending emails, prod changes)?

Three layers: (1) tool-level allowlist for external domains/APIs, blockwrites by default unless explicitly permitted; (2) guardrails run PII / dangerous-action checks before and after tool calls; (3) human approval steps gate risky actions (emails, transactions, prod changes) behind a node that requires user confirmation. Frameworks supporting human-in-the-loop (like LangGraph) can pause at an approval node and wait for the user. OpenAI Agent Mode follows the same logic — deliver to the final channel and wait for confirmation before sensitive/irreversible steps.

What fields must Agent observability logs at least capture?

Per-run trace must capture: step index, chosen tool, inputs/outputs, duration, errors (code + message), tokens consumed. At the metrics layer, at least four: success rate, avg steps, tool error rate, cancel rate. Replay is critical — store deterministic inputs (same input reproduces) plus same seed/config for offline reproduction. Running a production Agent without traces is flying blind — when bugs hit, you can't tell whether the plan was wrong, the tool died, or the model hallucinated.

Advanced Agent Topics

⏱️ 45 min

Agent advanced: design multi-tool, multi-step agents with planning, safety, and stability.

1) Agent Styles

ReAct: interleave reasoning + tool use, good for search/code tasks.
Plan-and-execute: plan first, then execute steps; stable for longer tasks.
Tree of Thoughts / Reflexion: explore multiple options, self-critique, pick best.
Router agents: choose specialized sub-agents by intent/domain.

2) Tooling Strategy

Tool schema: explicit params, types, constraints; prevent free-text tool calls.
Tool selection: require rationale; limit tool list per task to reduce mistakes.
Sandboxing: code exec/search in isolated env; resource/time limits.
Idempotent tools where possible; otherwise guard with locks.

3) Planning & Memory

Short-term: keep recent steps concise; prune verbose logs.
Long-term: store key facts/decisions; retrieve by intent or doc ID.
Checkpoints: allow resume after failure; persist plan + progress.

4) Safety & Policy

Guardrails before/after tool calls (PII, dangerous actions).
Allowlist external domains/APIs; block writes unless explicitly permitted.
Human approval steps for risky actions (emails, transactions, prod changes).

5) Quality Controls

Stop conditions: max steps/tool calls/time; detect loops.
Self-critique: ask agent to verify outputs vs. instructions and citations.
Dual-model verification: cheap model executes, stronger model reviews.

6) Observability

Trace per run: steps, chosen tools, inputs/outputs, duration, errors.
Metrics: success rate, avg steps, tool error rate, cancel rate.
Replay: store deterministic inputs; enable re-run with same seed/config.

7) Minimal Skeleton (pseudo)

while not done:
  plan = agent.decide(observation, tools)
  if plan.type == "tool":
    result = run_tool(plan.tool, plan.args, sandbox=true)
  else:
    result = agent.respond()
  observation.append(result)
  if stop_condition(): break

8) Practice

Build a ReAct agent with 2 tools (search + calculator); add max-steps + timeout.
Add a self-critique step: verify answer cites the tool outputs.
Log each step to a trace store (time, tool, args, tokens) and surface a run report.

📚 相关资源

Claude API Guide

❓ 常见问题

关于本章主题最常被搜索的问题，点击展开答案

ReAct、Plan-and-execute、Tree of Thoughts 这几种 agent 风格怎么选？

按任务形态选。ReAct（reasoning + tool use 交替）适合 search / code 这种需要边查边想的任务，每步看 tool result 再决定下一步。Plan-and-execute（先规划再执行）适合较长任务 —— 一次性出 plan 比 ReAct 每步重新决策更稳，少跑偏。Tree of Thoughts / Reflexion 适合需要探索多条方案、自我批评、择优的任务（比如解谜、复杂数学）。Router agents 适合按 intent / domain 把请求分发给专门的 sub-agent，节省 token。

Agent 怎么防止陷入死循环或无限调 tool？

靠 stop conditions —— 至少三个上限：max steps（如最多 10 步）、max tool calls（如最多 20 次）、max time（如 60 秒），任何一个触发就 break。loop detection 可以记录最近 N 步的 (tool, args) hash，重复就停。本章伪代码就是标准模式：`while not done: ... if stop_condition(): break`。生产场景再加：异常 / 超时退出码区分（让上游知道是任务完成还是被 kill）、cancel rate 监控、把死循环 case 记入 trace store 做 post-mortem。

什么是 dual-model verification？为什么用便宜模型 + 贵模型 review？

Dual-model verification：便宜模型（如 GPT-4o-mini）执行 agent 主循环跑 tool 调用，贵模型（如 Claude Sonnet 4.5 / GPT-5）只在最后做 review，验证答案是否引用了 tool outputs、是否符合指令、有没有 hallucination。理由是 80% 的执行步骤不需要顶级推理力，最贵的算力放在最关键的 "质量门禁" 上 ROI 最高。配合 self-critique（让 agent 自己核对答案 vs. instructions / citations），生产质量提升明显但成本只增加 10-20%。

Agent 的高风险操作（发邮件、改生产）该怎么加 human approval？

三层防护：(1) 工具层 allowlist 外部域名 / API，blockwrites 默认禁止写操作除非明确允许；(2) Guardrails 在 tool call 前后跑 PII / dangerous-action 检查；(3) Human approval steps 把 risky actions（emails、transactions、prod changes）做成必须用户确认才执行的 node。LangGraph 这种支持 human-in-the-loop 的框架可以暂停在 approval node 等用户回复。OpenAI Agent Mode 也是这套思路 —— sensitive / irreversible 步骤前 deliver 到 final channel 等确认。

Agent observability 至少要 log 哪些字段？

Trace per run 必须有：steps（第几步）、chosen tool（用了哪个）、inputs / outputs（参数和返回）、duration（耗时）、errors（错误码 + 信息）、tokens（消耗）。指标层至少四个：success rate、avg steps、tool error rate、cancel rate。Replay 能力关键：存 deterministic inputs（同样输入能复现），加上 same seed / config 让线下 reproduce 一致。生产 agent 不加 trace 等于裸奔 —— 出 bug 你完全不知道是 plan 错了、tool 挂了、还是模型自己幻觉。