Agentic SRE Advanced By Samson Tanimawo, PhD Published Jun 27, 2026 5 min read

The Action-Limit Pattern: Capping What an Agent Can Do

Hard caps per run, per service, per minute. The cap dimensions that matter, sensible defaults, and the dashboard that catches caps quietly hitting in production.

Cap dimensions that matter

Per-run cap: how many actions can a single agent run take? Default 5; raise only with evidence.

Per-service cap: how many actions per minute can the agent take against a single service? Prevents thundering herd.

Per-tenant cap: how many actions per hour per customer or team? Catches misconfiguration at the integration layer.

Sensible defaults to ship with

Triage agents: 0 write actions (read-only). Remediation agents: 3 actions per run, 1 per service per minute. Audit agents: 1 write per run (the report).

Defaults are conservative because raising a cap is easier than recovering from a thundering herd. Start tight; loosen when evidence justifies.

Caps are visible to operators. Each agent's caps are listed in its dashboard. Operators can request a raise; the change is reviewed and audited.

Watching the caps in production

Each cap hit is a signal. Some are correct (preventing harm); some are bugs (the agent should have completed). Distinguish in the dashboard.

Aggregate cap hit rate per agent. A spike means something changed: prompt, model, traffic, environment. Investigate immediately.

Cases where the cap repeatedly fires for the same scenario should become eval cases. The agent is consistently underestimating scope; codify the case.

What happens when a cap hits

Action cap: agent escalates to human with the actions taken so far and the action it would have taken next.

Service cap: agent waits for the rate window to reset, with a max wait. If the wait would exceed the run budget, escalate instead.

Tenant cap: agent fails the run and surfaces a clear error. Tenant should know they hit a cap; do not silently degrade.

Eval cases for caps

Cases that hit the cap on purpose. Pass if the cap fires; fail if the agent completed regardless.

Cases that should NOT hit the cap. Pass if the agent completed; fail if it triggered a cap unnecessarily.

Aggregate: cap hit rate over the eval suite should be < 5%. Higher means caps are too tight; lower means they are likely loose.