Page 31
12 articlesWho Pays for the Model's Mistake: Designing Liability Into Agent Products
Agent errors are not support escalations — they are billing events with a real owner. How to design a liability model, provenance trails, reversibility tiers, and mistake-cost evals before the first angry ticket.
You Can't Email a Changelog to a Model: Why API Deprecation Breaks When the Caller Is an LLM
An LLM caller has no inbox, no stable identity, and no obligation to read your migration guide. Here is why the fifteen-year-old API deprecation playbook fails for agents — and what to change in the tool schema, error messages, and gateway instead.
The 14-Month Half-Life of Your Prompt Expert
The engineer who holds your prompt and eval knowledge is being repriced by the market faster than your comp band moves. Here is why the generic IC ladder cannot see them, and what to change before they leave.
Agent Memory Is a Cache With No Invalidation Policy
Long-term memory ships as a feature, but it is a cache of facts about a world that keeps changing. Without invalidation, provenance, and conflict rules, it becomes a slow-motion correctness bug.
The Confidence-Score Tax: Why Asking the Model How Sure It Is Costs More Than Being Wrong
Adding a confidence field to an LLM output feels free. It is not. Here is the per-request tax it imposes, why the number is rarely calibrated, and what to measure before routing production traffic on it.
Deleting an Eval Case Is a Decision, Not Cleanup
Pruning an eval suite for speed or cost looks like maintenance, but every deleted case retires a guarantee the team can no longer see. Borrow the API deprecation lifecycle to retire eval cases deliberately.
The PM-Eval Translation Gap: When Ship Decisions Outrun the Vocabulary
An eval score is a lossy compression of AI quality, and the PM who owns the launch often can't decompress it. Here is the literacy bridge that keeps ship decisions anchored to the data instead of the loudest voice.
The Retry That Changed the Answer: Idempotency Keys for Nondeterministic LLM Calls
Retrying a timed-out LLM call does not re-fetch the same answer — it samples a new one. Here is why retry-on-timeout breaks against a nondeterministic backend, and how idempotency keys make it safe again.
The Streaming Response That Returns 200 Then Fails: How Mid-Stream Errors Break Your SLOs
A streaming endpoint commits to a 200 the moment the first token flushes, so every failure after that hides from your load balancer, retry middleware, and SLO dashboard. Here is how to make the body carry the verdict the header no longer can.
The AI Feature With Two Latencies: You Measure One, Your Users Feel the Other
Streaming AI features have two latencies that diverge — time-to-first-token and time-to-completion — and most teams instrument only the one users feel least. Here is how to split the metric and the SLO.
When 'Can the Agent Do X?' Becomes a Ship Commitment
AI capability probes quietly become roadmap commitments as 'it works once' travels through standup, roadmap, and a sales call. Here is the capability-test artifact and promotion gate that stop a demo from turning into a contract.
The Agent Debugger Has No Breakpoints: Why Trace-First Workflows Replace Step-Through
Step-through debugging breaks when inputs are stochastic. The replacement is trace-first and replay-based, with four affordances — timeline scrubbing, branch comparison, replay-with-perturbation, and per-step intent recovery — that look nothing like the IDE's debug toolbar.
About Tian Pan
I'm Tian Pan, an engineer-founder focused on agentic engineering — building autonomous AI systems and scaling engineering teams. I write practical guides on system design, technical leadership, and shipping with AI agents. Previously an early engineer at Uber, Brex, and IoTeX.
