AI Agents in Action, Second Edition you own this product

Intelligent workflows with LLMs, MCP, A2A, and more

Micheal Lanham

June 2026
ISBN 9781633434530
392 pages

Included with a Manning Online subscription

printed in black & white

available in Complex Chinese

catalog / Data Science / AI / AI Agents

print book available Jun 21, 2026

ePub + liveBook available Jun 21, 2026

resources: Source code Book forum Source code on Github Register your pBook for a free eBook

table of content

1 The rise of AI agents

1.1 Defining agents and agentic thinking

1.1.1 Defining agents and agentic thinking

1.1.2 Understanding agent/assistant and LLM patterns

1.1.3 Thinking like agents: sense, plan, act, learn

1.1.4 Agents act with tools

1.2 Introducing the Model Context Protocol (MCP)

1.3 Understanding the five functional layers of an agent

1.3.1 The Agent Persona

1.3.2 Agent Actions & Tools

1.3.3 Agent Reasoning & Planning

1.3.4 Agent Knowledge & Memory

1.3.5 Agent Evaluation & Feedback

1.4 Advancing onto multi-agent systems

1.4.1 The agent-flow assembly line

1.4.2 Agent orchestrations (hub-and-spoke)

1.4.3 Agent collaboration (teams of agents)

1.5 Next steps

1.6 Summary

2 Core components: Large Language Models, prompting, and agents

2.1 Understanding Large Language Models

2.1.1 LLMs: Probabilistic Token Machines

2.1.2 What is a token?

2.1.3 Tuning Temperature, Top P, and more

2.2 Controlling LLMs with prompt engineering (Agent Persona)

2.2.1 Applying core prompt techniques

2.2.2 Thinking like an LLM

2.2.3 Avoiding common prompt pitfalls

2.3 Building an agent with OpenAI Agents

2.3.1 Building a minimal agent

2.3.2 Setting the Agent Model and other parameters

2.3.3 Controlling inputs and typed outputs

2.3.4 Tracing agents

2.4 Enhancing agents through tool integration

2.4.1 Providing agents with tools

2.4.2 Tracing agentic tool use

2.5 Exercises

2.6 Summary

3 Actions with Model Context Protocol for AI agents

3.1 Understanding MCP fundamentals for agent development

3.1.1 The standardization problem MCP solves

3.1.2 MCP architecture: Clients, servers, and services

3.1.3 Core components: Tools, resources, and prompts

3.1.4 MCP deployment patterns for agents

3.1.5 MCP powers the functional agent layers

3.2 Getting started with MCP Servers

3.2.1 Coding up an MCP Server for Claude

3.2.2 Using the MCP inspector

3.2.3 Understanding MCP transport types

3.2.4 From desktop to agents: the key differences

3.3 Actioning MCP servers for Agents

3.3.1 Actioning local MCP servers over STDIO with agents

3.3.2 Actioning local MCP servers over SSE with agents

3.3.3 Connecting to the standard MCP servers

3.4 Building MCP servers for agents

3.4.1 Converting tools to an MCP server

3.4.2 Consuming MCP servers locally or remotely

3.5 Exercises

3.6 Summary

4 Architecting and building multi-agent systems

4.1 Architecting multi-agent systems

4.1.1 Decision-making for agent systems

4.1.2 Communicating with shared-memory, message-passing, and MCP

4.1.3 Channeling multi-agent coordination strategies

4.2 Balancing agents with agentic flows

4.2.1 Transforming agents to agent flows

4.2.2 Building an Agent-to-Agent flow

4.2.3 Agency and decision making in agent flows

4.3 Understanding handoffs in aAgent flows

4.3.1 Agent-to-agent flow with handoffs

4.3.2 Visualizing agent flows

4.3.3 Monitoring the handoff

4.4 Validating agent flows with guardrails

4.4.1 Implementing input and output guardrails

4.4.2 Using agents as guardrails

4.4.3 Adding guardrails to pass off agent flows

4.5 Exercises

4.6 Summary

5 Agent reasoning and planning

5.1 Understanding LLM Reasoning and Planning

5.1.1 Chain of Thought Reasoning

5.1.2 ReAct Paradigm (Reasoning + Acting + Observing)

5.1.3 Planning with LLMs

5.2 Instructing agents to reason and plan

5.2.1 Applying CoT to an Agent

5.2.2 Implementing ReAct with Agents

5.3 Advanced reasoning with agents

5.3.1 Tree of Thought

5.3.2 Reflexion

5.3.3 Selecting the right pattern for your agents

5.4 Utilizing the Sequential Thinking MCP Server

5.4.1 Unchaining the Sequential Thinking Server

5.4.2 Revisiting time travel problems with Sequential Thinking

5.4.3 Advanced reasoning with sequential thinking

5.5 Exercises

5.6 Summary

6 Working with memory and knowledge RAG for agents

6.1 Understanding retrieval in AI applications

6.1.1 The basics of retrieval augmented generation (RAG)

6.1.2 Delving into semantic search and document indexing

6.1.3 Applying vector similarity search

6.2 Vector databases and similarity search

6.2.1 Demystifying document embeddings

6.2.2 Querying document embeddings from Chroma

6.3 Building practical RAG knowledge agents

6.3.1 Everything begins with search and relevance

6.3.2 Building a vector search RAG agent

6.3.3 Building a hybrid search RAG agent

6.4 Adding memory to agents with MCP

6.4.1 Understanding memory form and agent function

6.4.2 Implementing a graph database for memory using MCP

6.4.3 Creating hybrid memory systems with MCP

6.4.4 Semantic augmented memory and applications to semantic, episodic, and procedural memory

6.4.5 Uncluttering memory with compression and forgetting

6.5 Exercises

6.6 Summary

7 Building robust agents with evaluation and feedback

7.1 Introducing agent evaluation and feedback

7.2 Implementing test-driven agent development

7.2.1 Exploring TDAD in practice

7.2.2 Coding and testing the RAG agent

7.2.3 Refactoring the agent

7.2.4 Extending evaluation with an agent evaluator

7.3 Employing grounding, critic, and evaluation agents

7.3.1 Reviewing the grounding agent

7.3.2 Grounding the RAG agent

7.3.3 Implementing grounding agents as guardrails

7.3.4 Understanding the role of rubrics in evaluation

7.3.5 Building a rubric critic agent

7.4 Phoenix for evaluation and feedback

7.4.1 Connecting to Phoenix

7.4.2 Adding metadata and session tracking

7.4.3 Experimenting with evaluators

7.4.4 Providing feedback with Annotations

7.5 Exercises

7.6 Summary

8 Deploying agents and agentic systems

8.1 Strategies for consuming agents

8.1.1 Embedding real-time voice agents into web applications

8.1.2 Hosting agents through an API

8.1.3 Consuming an agent web service in a web application

8.2 Dockerizing agent systems

8.2.1 Containerizing an agent microservice

8.2.2 Orchestrating agentic systems with Docker Compose

8.2.3 Externalizing local agent microservices

8.3 Considering advanced deployment strategies

8.3.1 Choosing a runtime: edge, API, or event-driven

8.3.2 The three “wires” of communication

8.3.3 Practical multi-agent topologies that adapt well

8.3.4 State, memory, and idempotency

8.3.5 Release engineering for agents (prompts, tools, models)

8.3.6 Observability matters

8.3.7 Reliability patterns: timeouts, fallbacks, and budgets

8.3.8 Cost control and model routing

8.4 Security, safety, and governance in production

8.4.1 A quick threat model for agentic systems

8.4.2 Identity and access—for people, services, and agents

8.4.3 Secrets and configuration management

8.4.4 Tool safety: sandboxing and egress control

8.4.5 Prompt-injection and data-exfiltration defenses

8.4.6 Safety and policy enforcement

8.5 Exercises

8.6 Summary

9 Understanding the Agentic Loop

9.1 Peeling back the three agentic loop layers

9.1.1 Layer one – the inner loop (Sense-Plan-Act-Learn)

9.1.2 Layer two – the task loop

9.1.3 Layer three – the meta loop

9.2 Layer 2 - Looping with a Deep Research Agent

9.2.1 Creating the initial state and plan

9.2.2 Adding the tools

9.2.3 Understanding iteration body output

9.2.4 The termination gate

9.2.5 Coding the deep research loop

9.2.6 Synthesizing the final output

9.2.7 When to use an agentic loop

9.2.8 Building a repetitive task loop agent

9.3 Layer 3 – Multi-agent orchestration loops

9.4 Building collaboration agentic loops

9.5 Exercises

9.6 Summary

10 Exploring the cognitive agent that thinks, monitors, and adapts

10.1 Understanding agent cognition and metacognition as engineering concepts

10.1.1 The five failure modes of capable-but-not-cognitive agents

10.1.2 From reasoning primitives to cognitive architecture

10.1.3 Defining cognition for agents

10.1.4 Defining metacognition for agents

10.1.5 Three theoretical foundations

10.2 Mapping the mind into a cognitive agent architecture

10.2.1 Architecture overview

10.2.2 The Cognitive Workspace

10.2.3 The Perception Module

10.2.4 The Planning Module

10.2.5 The Execution Module

10.2.6 The Evaluation Module

10.2.7 The Attention Module

10.2.8 The Memory Module and the MCP memory server

10.3 Building and running the Cognitive Agent

10.3.1 The cognitive loop

10.3.2 A complete cognitive agent with MCP

10.3.3 Walkthrough: watching the cognitive cycle in action

10.3.4 Confidence-gated execution

10.3.5 Stagnation detection and strategy pivoting

10.3.6 Knowledge boundary awareness

10.3.7 Emergent behaviors

10.4 Measuring cognitive capability and looking ahead

10.4.1 Cognitive efficiency metrics

10.4.2 Before and after: measuring the impact

10.4.3 The road to more general agents

10.5 Exercises

10.6 Summary

11 Tips for building agentic systems

11.1 The core layer - persona

11.1.1 Tools and agent actions

11.1.2 Reasoning and planning

11.1.3 Knowledge and memory

11.1.4 Evaluation and feedback

11.2 Tips for building a customer support agent

11.3 Tips for building a RAG agent system

11.4 Tips for building a Deep Research agent system

11.5 Summary

Overview

3 Actions with Model Context Protocol for AI agents

This chapter introduces the Model Context Protocol (MCP) as the unifying connector that turns language models and agents into practical, tool-using systems. Framed as a remedy to fragmented tool integrations, ad‑hoc data access, brittle multi‑agent orchestration, and uneven security controls, MCP standardizes how capabilities are exposed and consumed so developers can assemble agent workflows from reusable components rather than handcrafting bespoke adapters. The result is a rapidly growing ecosystem in which almost anything an agent needs—data, applications, or even other agents—can be plugged in and reused across projects.

The chapter explains MCP’s architecture—clients, servers, and services—communicating over JSON-RPC 2.0, and the three discoverable server components agents use: tools (actionable operations), resources (external data and configuration), and prompts (interaction templates). It covers deployment patterns and transports, showing how servers can run locally via STDIO for low-latency, single-process work or remotely over HTTP using SSE to support shared, scalable access; hybrid setups are common. MCP is positioned not just as a tools layer but as infrastructure that can augment every agent layer—actions, reasoning and planning, knowledge and memory, and evaluation and feedback. Practical utilities such as Claude Desktop and the MCP Inspector demonstrate how to register servers, discover capabilities, and test calls end-to-end.

Hands-on sections show how to wrap existing functions as MCP tools, register servers from agent code using the OpenAI Agents SDK, and switch between STDIO and SSE with minimal changes. The text walks through building simple servers (for example, a research tool), consuming standard shared servers (like filesystem or third‑party service connectors), and converting in-process tools—such as a journaling “time tracker”—into reusable MCP services. Throughout, it emphasizes separation of concerns, modularity, and reuse, while underscoring key behavioral differences between assistants (human-in-the-loop approval) and autonomous agents (programmatic, multi-step tool use). The chapter closes with guidance on validation, safety, and access control so agents wield MCP-powered tools reliably and securely.

The leading challenges AI Agent developers face when building agents include fragmented tool integration, inconsistant data access, complicated multiple-agent orchestration, and security and control.

A typical problem agent/LLM developers face when connecting to multiple services and resources is the lack of standardized connections and the need to support multiple different connectors to whatever services they need access to.

Implementing MCP as a service layer abstracts access to the various services that agent may want to connect to and use.

The basic components of MCP architecture are the client, server, and services. Here you can see some common clients (agents, LLM applications, Claude desktop, and VS code) and potential services (file operations, database queries, web APIs, and other agents) that the clients might connect to.

The main components of an MCP server include prompts, specialized system instructions; resources (used for access to files), configuration, and databases; and Tools, which are extensions of an internals agent’s ability to consume and use tools

The various deployment patterns that may be used to connect MCP servers to agents. From running locally and within a child process on the same machine, running remotely and accessible over HTTP to include hybrid architectures that blend local and remote MCP servers to single agent.

MCP can be used to add functionality in the form of tools to all the functional agent layers.

Claude desktop may consume multiple MCP servers deployed locally or remotely. The LLM that powers Claude then uses the MCP components (generally tools) to enhance its capabilities.

Shows the MCP server settings for Python file

Shows the MCP hosted tool being executed within Claude desktop

Shows the MCP Inspector interface examing available tools and executing them

The key differences between MCP tool execution from an LLM application (Claude Desktop) or through using an agent include; assistants require human supervision while agents are autonomous, assistants are interactive to agents programmatic, agents perform more complex multi-step workflows and assistants typically are limited to performing simple plans.

Shows the various ways an agent may interact with and consume MCP servers

The time tracker agent will record time events using internal function tools as it processes the events in a loop. After the loop finishes the agent is asked to summarize the events and it will use the Load Journal Evants tool to load the journal of events and summarize

The separation of tools from the agent into a standalone MCP server that could be hosted locally or remotely and access through STDIO (local) or SSE (remote). Now the agent registers the MCP server instead of individual tools and then internally discovers the tools the server supports and how to use those tools.

Summary

MCP = “USB-C for LLMs & agents.” A JSON-RPC-2.0 spec that erases bespoke glue code for tools, data sources, and even other agents.
MCP solves fragmentation (multiple tool schemas), brittle data access, ad-hoc orchestration, and uneven security by giving every capability a uniform interface.
MCP supports three components: Tools (actions), Resources (data/objects), and Prompts (re-usable templates). Agents can treat any of them as callable verbs.
MCP Architecture is in 3 parts: MCP Client, Server, and the Service/Resource it fronts. An agent is just one kind of client.
STDIO – sub-process, zero-latency, single caller (great for local development).
SSE – HTTP + Server-Sent Events, multi-client, cloud-friendly. Switching is literally a constructor swap.
MCP is not just for tools/actions but can support the other functional layers (Reasoning & Planning, Knowledge & Memory, Evaluation & Feedback)
MCP can be deployed using a mixture of patterns: Local, remote, or hybrid — mix and match to keep sensitive operations local while sharing heavy APIs remotely.
The MCP Inspector gives a live, clickable view of any server—perfect for debugging tool schemas and outputs before wiring agents to them.
MCP reference servers are available for use or inspection and include: filesystem, brave-search, google-calendar, github, etc.—all installable with a single npx or mcp run.
Agents themselves can be wrapped as servers, turning an entire reasoning pipeline into a reusable, strongly typed tool.
Typed Pydantic I/O flows end-to-end, eliminating fragile string parsing in multi-agent chains.
MCP enables LEGO-style composition of agent systems—each block isolated, testable, and instantly swappable without touching the others.

FAQ

What is the Model Context Protocol (MCP) and why is it often called “USB‑C for agents”?

MCP is an open standard from Anthropic, built on JSON-RPC 2.0, that standardizes how AI agents and LLM apps connect to external tools, data sources, and services. It’s dubbed “USB‑C for agents” because, like a universal connector, one protocol lets clients plug into many servers without bespoke integrations. It solves four big problems: fragmented tool integrations across providers, inconsistent data access patterns, complex multi‑agent orchestration, and uneven security/control.

How does MCP’s architecture of clients, servers, and services fit together?

- MCP client: an agent or LLM app that connects to MCP servers, discovers capabilities, and invokes them.
- MCP server: exposes tools, resources, and prompts; processes requests and returns responses over JSON‑RPC 2.0.
- Service/resource: the underlying system the server wraps (files, databases, web APIs, or even other agents).
Clients connect to one or many servers and call standardized endpoints to discover and use what the server offers.

What are “tools,” “resources,” and “prompts” in an MCP server?

- Tools: actionable functions agents/LLMs invoke to perform tasks (most commonly used).
- Resources: external data or artifacts to read/consume (files, configs, databases).
- Prompts: predefined templates/instructions that standardize complex interactions.
Servers expose discovery endpoints like list_tools so clients can enumerate and use these. If a client lacks native support for resources/prompts, tools can emulate them.

Which transport types does MCP support, and when should I use each (STDIO vs SSE)?

- STDIO: client launches the server as a subprocess and exchanges JSON‑RPC over stdin/stdout. Pros: low latency, no networking, simple 1‑to‑1 link. Best for local dev, quick CLI experiments, or tightly coupled single‑machine workflows.
- SSE: server runs as an HTTP service; client sends requests via POST and receives streamed responses over text/event-stream. Pros: network-addressable, multi‑client, scales behind proxies/load balancers. Best for shared, remote, or cloud deployments and browser/front‑end integrations.

What deployment patterns can I use for MCP servers?

- Local (STDIO): run as a child process on the same machine—fast, simple, great for development and single‑host setups.
- Remote (SSE over HTTP): run on another process/host; supports many clients, load balancing, and cloud‑native scaling.
- Hybrid: combine local servers for sensitive operations (e.g., file access) with remote servers for shared or internet‑facing services.

How do agents differ from desktop assistants (e.g., Claude Desktop) when using MCP?

Desktop assistants follow a supervised pattern—tool calls generally require human approval. Agents act autonomously: they select, sequence, and execute tools programmatically and can run multi‑step plans without manual confirmation. This power increases responsibility—validate tools and add evaluation/feedback to prevent unintended actions.

How do I quickly try MCP with Claude Desktop and the MCP Inspector?

- Implement a small FastMCP server (e.g., with a get_research_sources tool).
- Install/register it via the MCP CLI so Claude Desktop can discover it.
- In Claude, enable the server and approve tool runs when prompted.
- Use mcp dev to launch the MCP Inspector, browse tools/resources/prompts, and run/test methods interactively for debugging.

How can my agent consume MCP servers locally and remotely with the OpenAI Agents SDK?

- Local (STDIO): use MCPServerStdio to launch the server as a subprocess and pass it to the agent’s mcp_servers. The agent discovers and calls tools via JSON‑RPC over stdio.
- Remote (SSE): run the MCP server as an HTTP service and use MCPServerSse with its /sse URL. Swapping STDIO↔SSE is typically a small code/config change.

What shared MCP servers are available out of the box, and what can I do with them?

Examples include: Filesystem (local file read/write within a path), Sequential Thinking (planning/decomposition), Google Drive/Calendar, Notion, Slack, Brave Search (web search), GitHub, Google Maps, and Fetch (retrieve/preprocess web pages). They cover common tasks like file ops, research, planning, collaboration, and code workflows—ready to plug into agents or LLM apps.

What security and best practices should I follow when exposing tools via MCP?

- Apply least privilege: scope file servers to safe directories; lock down credentials and API keys.
- Validate and test with the MCP Inspector before enabling autonomous use.
- Add evaluation/feedback loops to catch misuse or regressions; beware “rogue agent” behavior.
- Isolate stateful servers; remember SSE servers may be shared by multiple agents (watch in‑memory side effects).
- Prefer building your own MCP servers when you need tighter control, auditing, or custom safeguards.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$47.99 $26.39

you save $21.60 (45%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$47.99 $26.39

you save $21.60 (45%)

eBook

pdf, ePub, online

$47.99 $26.39

you save $21.60 (45%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more