Production AI agents fail. APIs timeout, rate limits hit, models hallucinate, and networks drop connections. The difference between a toy demo and a production system is how gracefully it handles these failures. This guide covers the essential error handling patterns that keep your AI agents running when things break.
Why Error Handling Matters for AI Agents
AI agents face unique failure modes that traditional software doesn't:
- Non-deterministic responses: The same input can produce different outputs, making debugging harder
- Rate limits: API providers throttle requests, requiring intelligent backoff strategies
- High latency variance: Response times range from 100ms to 30+ seconds
- Cost per error: Each failed API call costs money (token usage accumulates)
- Context sensitivity: Errors in multi-turn conversations corrupt the entire session
Without proper error handling, these issues cascade. One timeout becomes ten retries, exhausting your rate limit. One corrupted context forces users to restart conversations. One unhandled exception crashes your entire agent.
The Five Core Patterns
Production AI agents need five interconnected error handling patterns:
- Retry with Exponential Backoff — Handle transient failures automatically
- Circuit Breaker — Prevent cascade failures when APIs degrade
- Graceful Degradation — Continue operating with reduced functionality
- Output Validation — Catch hallucinations and malformed responses
- Context Recovery — Restore conversation state after errors
Pattern 1: Retry with Exponential Backoff
When an API call fails, retrying immediately usually fails again (the server is still overloaded). Exponential backoff adds increasing delays between retries, giving the system time to recover.
Implementation
async function callWithRetry(fn, maxRetries = 3) {
const baseDelay = 1000; // 1 second
const maxDelay = 60000; // 60 seconds
for (let attempt = 0; attempt < maxRetries; attempt++) {
try {
return await fn();
} catch (error) {
if (attempt === maxRetries - 1) throw error;
// Exponential backoff with jitter
const delay = Math.min(
baseDelay * Math.pow(2, attempt),
maxDelay
);
const jitter = delay * (0.75 + Math.random() * 0.5);
await sleep(jitter);
}
}
}When to Use
- Network timeouts (5xx errors, ECONNRESET)
- Rate limit errors (429 Too Many Requests)
- Temporary service unavailability
When NOT to Use
- Authentication errors (401/403) — retrying won't help
- Validation errors (400) — the request is malformed
- Business logic errors — retries may cause duplicates
Configuration Guidelines
| Scenario | Max Retries | Base Delay | Max Delay |
|---|---|---|---|
| User-facing chat | 2-3 | 500ms | 10s |
| Background processing | 5-10 | 1s | 60s |
| Real-time applications | 1-2 | 100ms | 2s |
| Batch jobs | 10+ | 2s | 300s |
Pattern 2: Circuit Breaker
The circuit breaker pattern prevents cascade failures by temporarily stopping requests when error rates exceed a threshold. Think of it like an electrical circuit breaker: when too much current flows, it trips to protect the system.
Three States
- Closed (normal): Requests flow through normally
- Open (tripped): Requests fail immediately without calling the API
- Half-Open (testing): Limited requests test if the API has recovered
Implementation
class CircuitBreaker {
constructor(threshold = 5, timeout = 60000) {
this.failures = 0;
this.threshold = threshold;
this.timeout = timeout;
this.state = 'CLOSED';
this.lastFailure = null;
}
async call(fn) {
if (this.state === 'OPEN') {
if (Date.now() - this.lastFailure > this.timeout) {
this.state = 'HALF-OPEN';
} else {
throw new Error('Circuit breaker is OPEN');
}
}
try {
const result = await fn();
this.onSuccess();
return result;
} catch (error) {
this.onFailure();
throw error;
}
}
onSuccess() {
this.failures = 0;
this.state = 'CLOSED';
}
onFailure() {
this.failures++;
this.lastFailure = Date.now();
if (this.failures >= this.threshold) {
this.state = 'OPEN';
}
}
}Configuration by Use Case
| Use Case | Failure Threshold | Timeout | Half-Open Requests |
|---|---|---|---|
| Primary AI API | 5 failures | 60s | 3 |
| Fallback AI API | 3 failures | 30s | 1 |
| Database | 10 failures | 120s | 5 |
| External APIs | 3 failures | 60s | 2 |
Pattern 3: Graceful Degradation
When components fail, the system should continue operating with reduced functionality rather than failing completely. This requires identifying which features are critical vs. optional.
Feature Categorization
| Category | Examples | Failure Strategy |
|---|---|---|
| Critical | Authentication, core responses, payment processing | Fail fast, alert immediately |
| Important | Context memory, personalization, formatting | Fallback to defaults, log warning |
| Optional | Recommendations, analytics, enhanced features | Skip silently, continue execution |
Implementation
async function generateResponse(userQuery, context) {
let response = {};
// Critical: Core AI response (must succeed)
response.text = await callAI(userQuery, context)
.catch(error => {
alertTeam('Core AI failure: ' + error);
throw error; // Propagate to user
});
// Important: Personalization (fallback to defaults)
response.personalization = await personalize(response.text, context.userId)
.catch(error => {
logger.warn('Personalization failed, using defaults');
return getDefaultPersonalization();
});
// Optional: Recommendations (skip if fails)
response.recommendations = await getRecommendations(context.userId)
.catch(error => {
logger.debug('Recommendations unavailable');
return null; // Gracefully omit
});
return response;
}Degradation Levels
Define clear degradation levels so your system responds consistently:
- Level 0 (Full Service): All features operational
- Level 1 (Reduced Features): Optional features disabled, cached responses for some queries
- Level 2 (Essential Only): Only critical features, simplified responses, increased latency acceptable
- Level 3 (Maintenance Mode): Read-only operations, queue requests for later processing
Pattern 4: Output Validation
AI models can produce invalid outputs: malformed JSON, factual hallucinations, or responses that violate safety guidelines. Output validation catches these before they reach users or downstream systems.
Validation Layers
- Schema validation: Ensure structured outputs match expected format
- Confidence thresholds: Reject low-confidence responses
- Fact verification: Check factual claims against trusted sources
- Safety filters: Block harmful, biased, or inappropriate content
Implementation
async function validateAIOutput(rawOutput, context) {
const validators = [
validateSchema,
validateConfidence,
validateFacts,
validateSafety
];
for (const validator of validators) {
const result = await validator(rawOutput, context);
if (!result.valid) {
// Log the validation failure
logger.warn('Validation failed', {
validator: validator.name,
reason: result.reason,
output: rawOutput
});
// Decide: retry, fallback, or reject?
if (result.retryable) {
return { valid: false, action: 'retry', reason: result.reason };
} else if (result.fallback) {
return { valid: false, action: 'fallback', fallback: result.fallback };
} else {
return { valid: false, action: 'reject', reason: result.reason };
}
}
}
return { valid: true, output: rawOutput };
}
// Example: Schema validation
async function validateSchema(output, context) {
if (!context.expectedSchema) return { valid: true };
try {
const parsed = JSON.parse(output);
const valid = ajv.validate(context.expectedSchema, parsed);
if (!valid) {
return {
valid: false,
retryable: true,
reason: 'Schema validation failed: ' + ajv.errorsText()
};
}
return { valid: true };
} catch (error) {
return {
valid: false,
retryable: true,
reason: 'JSON parsing failed'
};
}
}Handling Hallucinations
AI hallucinations are particularly dangerous because they're confident but wrong. Mitigation strategies:
- Require citations: For factual claims, require source URLs or document references
- Self-consistency checks: Run 3-5 completions and compare; if they disagree significantly, flag for review
- Confidence thresholds: If model confidence < 0.7, route to human review or fallback
- Known fact databases: Check claims against a trusted knowledge base
- Uncertainty quantification: Ask the model to express uncertainty when appropriate
Pattern 5: Context Recovery
Multi-turn conversations accumulate context. When errors occur mid-conversation, you need strategies to recover without forcing users to restart.
Context Checkpointing
Save conversation state at key points so you can restore after failures:
class ConversationManager {
constructor() {
this.checkpoints = new Map();
}
// Save checkpoint after each successful turn
async saveCheckpoint(sessionId, context) {
const checkpoint = {
messages: context.messages,
metadata: context.metadata,
timestamp: Date.now()
};
await redis.setex(
`checkpoint:${sessionId}`,
3600, // 1 hour TTL
JSON.stringify(checkpoint)
);
}
// Restore from last good checkpoint
async recover(sessionId, currentError) {
const checkpoint = await redis.get(`checkpoint:${sessionId}`);
if (!checkpoint) {
// No recovery possible, restart conversation
return { recovered: false, action: 'restart' };
}
const restored = JSON.parse(checkpoint);
// Inform user of recovery
return {
recovered: true,
context: restored,
message: "I encountered an error but recovered our conversation. Please repeat your last message."
};
}
}Recovery Strategies
| Error Type | Recovery Strategy | User Communication |
|---|---|---|
| API timeout | Retry with last user message | None (automatic) |
| Context overflow | Summarize older messages, keep recent | "I've condensed our earlier conversation..." |
| Session corruption | Restore from last checkpoint | "I lost track—can you repeat that?" |
| Total failure | Start fresh session | "Something went wrong. Let's start over." |
Putting It All Together: Production Error Handler
Here's how to combine all five patterns into a cohesive system:
class ProductionErrorHandler {
constructor() {
this.circuitBreaker = new CircuitBreaker(5, 60000);
this.retryConfig = { maxRetries: 3, baseDelay: 1000 };
this.conversationManager = new ConversationManager();
}
async executeAgent(userInput, sessionId) {
// Load context with recovery
let context = await this.conversationManager.load(sessionId);
// Circuit breaker check
if (this.circuitBreaker.state === 'OPEN') {
return this.handleCircuitOpen(context);
}
// Execute with retry
const response = await this.callWithRetryAndBreaker(async () => {
const raw = await this.callAI(userInput, context);
const validated = await this.validateOutput(raw, context);
if (!validated.valid) {
throw new ValidationError(validated.reason, validated);
}
return validated.output;
});
// Save checkpoint on success
await this.conversationManager.saveCheckpoint(sessionId, context);
return response;
}
async callWithRetryAndBreaker(fn) {
return this.circuitBreaker.call(() =>
callWithRetry(fn, this.retryConfig.maxRetries)
);
}
handleCircuitOpen(context) {
// Graceful degradation
return {
text: "I'm experiencing high load. Please try again in a minute.",
degraded: true,
fallback: true
};
}
}Monitoring and Alerting
Error handling is useless if you don't know it's happening. Set up monitoring to track:
Key Metrics
- Error rate by type: Timeouts, rate limits, validation failures, hallucinations
- Retry success rate: Percentage of retries that eventually succeed
- Circuit breaker trips: Frequency and duration of open states
- Graceful degradation frequency: How often fallbacks are used
- Recovery success rate: Percentage of context recoveries that succeed
Alert Thresholds
| Metric | Warning | Critical |
|---|---|---|
| Error rate | >5% for 5 min | >15% for 2 min |
| Circuit breaker open | >5 min | >15 min |
| Retry success rate | <70% | <50% |
| Consecutive failures | >10 | >25 |
Common Mistakes to Avoid
1. Retrying Non-Retryable Errors
Mistake: Retrying 401 authentication errors or 400 validation errors.
Fix: Only retry idempotent operations and transient failures (5xx, network errors, rate limits).
2. Circuit Breaker Thresholds Too Low
Mistake: Tripping circuit breaker after 2 failures during normal traffic spikes.
Fix: Set threshold based on traffic volume. For 100 requests/minute, threshold of 5-10 is reasonable.
3. Silent Fallbacks
Mistake: Graceful degradation that returns generic responses without logging or user notification.
Fix: Always log fallback usage and, when appropriate, inform users that features are temporarily unavailable.
4. No Context Recovery
Mistake: Forcing users to restart conversations after every error.
Fix: Implement checkpointing so users can continue from the last successful turn.
5. Over-Validating
Mistake: Strict validation that rejects valid creative responses or creates false positives.
Fix: Tune validation thresholds based on actual failure rates. Aim for <5% false positive rate.
When to Get Professional Help
While this guide covers the fundamentals, production error handling can get complex quickly. Consider professional assistance if:
- Your agents handle sensitive data (healthcare, financial, legal)
- You're processing >10,000 requests/day
- Downtime costs exceed $1,000/hour
- You need 99.9%+ uptime SLAs
- Multi-region failover is required
Professional setup includes custom circuit breaker tuning, advanced monitoring dashboards, incident response runbooks, and load testing to validate your error handling under stress.
Next Steps
- Audit your current error handling: What happens when your AI API times out? When rate limits hit?
- Implement the five patterns: Start with retry logic, then add circuit breaker, then graceful degradation
- Set up monitoring: Track error rates, retry success, and circuit breaker state
- Test failure scenarios: Simulate API outages, rate limits, and context corruption
- Document degradation levels: Define what features are critical vs. optional
Production AI systems fail. The question isn't if but when. With proper error handling, your agents fail gracefully, recover quickly, and keep serving users through the chaos.
Need Help Setting Up Production Error Handling?
Our AI agent setup packages include complete error handling implementation with retry logic, circuit breakers, graceful degradation, and monitoring dashboards.
- Basic Setup ($99): Retry logic and basic error logging
- Standard Setup ($249): Circuit breakers, graceful degradation, context recovery
- Production Setup ($499): Full implementation with monitoring, alerting, and incident response runbooks