Agent Loop
The agent loop is the fundamental operating pattern of tool-using AI agents. A prompt plus settings enter the loop; the model decides whether to answer directly or call a tool; an approved tool executes and returns a result; the result re-enters the loop. This repeats until the agent produces a final output.
How it works
Prompt + Settings → Model → Needs Tool?
↑ |
| No → Final Result
| Yes → Permission Check → Tool Execution → Tool Result → (back to Model)
Every tool call is mediated by a permission check that determines whether the tool can run automatically, requires human approval, or is blocked. This is the governance boundary that transforms a capable model into a production-grade agent.
Why the loop boundary matters
- Tools convert reasoning into action — without them, the model can only produce text.
- Permissions convert action into governed operation — without them, any tool can run unchecked.
- Sessions convert one-off work into resumable continuity — session IDs and result metadata allow recovery from interruption.
The key design insight: the loop is not just the model. It includes the settings that constrain it, the hooks that intercept it, and the session that preserves its state.
Enterprise design rules
- Start with read-only tools; add write access only after logging and approval hooks are in place.
- Use hooks at every tool invocation for audit and policy.
- Track
session_id, token usage, cost, and result status for every loop run. - Validate outputs — do not assume a completed loop means a correct result.
Related
- BoundedAgent — pattern for constraining which tools the loop can reach
- AgenticGovernance — hooks, logs, and approval flows that govern the loop
- ContextBudget — the finite working memory consumed during each loop iteration
- ClaudeAgentSDK — the SDK that embeds this loop in custom applications
- MCP — protocol for exposing external tools to the loop