Research

From Agent Demo to Production Controls

The jump from demo to production happens when a tool can mutate money, data, records, infrastructure, or messages. A sourced research brief for teams moving agents from demo to production.

Veto EditorialMay 27, 2026Updated May 27, 20268 min

Page audit

  • Cited source ledger with May 27, 2026 access dates.
  • Action-time policy, approval, and evidence model.
  • Primary conversion path points to a demo; developer pages also point to install.

The jump from demo to production happens when a tool can mutate money, data, records, infrastructure, or messages.

What changed

The old guardrail conversation centered on prompts, filters, and model behavior. Production agents have a second problem: they can call tools that move money, expose data, update records, deploy code, and message customers.

Old questionBetter production question
Will the model say the right thing?Can the proposed action run under policy?
Did we log the chat?Did we record the decision before execution?
Can a human review the output?Can a human stop the side effect before it happens?

Practical takeaway

Pick one protected action, wrap it, define allow and review thresholds, and export the decision record. That is a better comeback than publishing generic thought leadership.

first-protected-action.yaml
protected_action:
  tool: release_payment
  allow_when:
    amount_usd: "<= 500"
  require_approval_when:
    amount_usd: "> 500"
  deny_when:
    tenant_mismatch: true

Sources

AI RMF Generative AI Profile

NIST. Accessed May 27, 2026.

Agents best practices

OpenAI. Accessed May 27, 2026.

SOC 2

AICPA & CIMA. Accessed May 27, 2026.

FAQ

What should a team authorize before production agent actions?

Authorize the exact tool name, arguments, actor, tenant, environment, and review requirement before the side effect reaches the upstream system.

Why not rely on prompts for this?

Prompts guide model behavior, but they do not reliably stop a tool dispatch. Runtime authorization sits after the model proposes an action and before the tool executes.

What evidence should the page produce?

Keep a decision record with the actor, tool, arguments summary, policy version, verdict, reviewer when required, timestamp, and source system context.

Related paths

Blog

Research briefs on agent authority, MCP security, and production governance.

Install Veto

Wrap one protected tool call and test allow, deny, and review decisions.

Book a demo

Map your first protected agent action to policy, approval, and evidence.

Govern the next agent action

Book a callSign up