AI Agents in Action, Second Edition you own this product

Intelligent workflows with LLMs, MCP, A2A, and more

Micheal Lanham

MEAP began November 2025
Last updated March 2026
Publication in July 2026 (estimated)

ISBN 9781633434530
325 pages (estimated)

Included with a Manning Online subscription

printed in black & white

available in Complex Chinese

resources: Source code Book forum Source code on Github

table of content

1 The rise of AI agents

1.1 Defining agents and agentic thinking

1.1.1 Understanding agent/assistant and LLM patterns

1.1.2 Thinking like agents

1.1.3 Agents act with tools

1.2 Introducing the Model Context Protocol (MCP)

1.3 Understanding the functional layers of an agent

1.3.1 The Agent Persona

1.3.2 Agent Actions & Tools

1.3.3 Agent Reasoning & Planning

1.3.4 Agent Knowledge & Memory

1.3.5 Agent Evaluation & Feedback

1.4 Advancing onto multi-agent systems

1.4.1 The agent-flow assembly line

1.4.2 Agent orchestrations (hub-and-spoke)

1.4.3 Agent collaboration (teams of agents)

1.5 Summary

2 Core components: Large Language Models, prompting, and agents

2.1 Understanding Large Language Models

2.1.1 LLMs: Probabilistic Token Machines

2.1.2 What is a token?

2.1.3 Tuning Temperature, Top P, and more

2.2 Controlling LLMs with prompt engineering (Agent Persona)

2.2.1 Applying core prompt techniques

2.2.2 Thinking like an LLM

2.2.3 Avoiding common prompt pitfalls

2.3 Building an agent with OpenAI Agents

2.3.1 Building a minimal agent

2.3.2 Setting the Agent Model and other parameters

2.3.3 Controlling inputs and typed outputs

2.3.4 Tracing agents

2.4 Enhancing agents through tool integration

2.4.1 Providing agents with tools

2.4.2 Tracing agentic tool use

2.5 Exercises

2.6 Summary

3 Actions with Model Context Protocol for AI agents

3.1 Understanding MCP fundamentals for agent development

3.1.1 The standardization problem MCP solves

3.1.2 MCP architecture: Clients, servers, and services

3.1.3 Core components: Tools, resources, and prompts

3.1.4 MCP deployment patterns for agents

3.1.5 MCP powers the functional agent layers

3.2 Getting started with MCP Servers

3.2.1 Coding up an MCP Server for Claude

3.2.2 Using the MCP inspector

3.2.3 Understanding MCP transport types

3.2.4 From desktop to agents: the key differences

3.3 Actioning MCP servers for Agents

3.3.1 Actioning local MCP servers over STDIO with agents

3.3.2 Actioning local MCP servers over SSE with agents

3.3.3 Connecting to the standard MCP servers

3.4 Building MCP servers for agents

3.4.1 Converting tools to an MCP server

3.4.2 Consuming MCP servers locally or remotely

3.5 Exercises

3.6 Summary

4 Architecting and building multi-agent systems

4.1 Architecting multi-agent systems

4.1.1 Decision-making for agent systems

4.1.2 Communicating with shared-memory, message-passing, and MCP

4.1.3 Channeling multi-agent coordination strategies

4.2 Balancing agents with agentic flows

4.2.1 Transforming agents to agent flows

4.2.2 Building an Agent-to-Agent flow

4.2.3 Agency and decision making in agent flows

4.3 Understanding handoffs in aAgent flows

4.3.1 Agent-to-agent flow with handoffs

4.3.2 Visualizing agent flows

4.3.3 Monitoring the handoff

4.4 Validating agent flows with guardrails

4.4.1 Implementing input and output guardrails

4.4.2 Using agents as guardrails

4.4.3 Adding guardrails to pass off agent flows

4.5 Exercises

4.6 Summary

5 Agent Reasoning and Planning

5.1 Understanding LLM Reasoning and Planning

5.1.1 Chain of Thought Reasoning

5.1.2 ReAct Paradigm (Reasoning + Acting + Observing)

5.1.3 Planning with LLMs

5.2 Instructing agents to reason and plan

5.2.1 Applying CoT to an Agent

5.2.2 Implementing ReAct with Agents

5.3 Advanced reasoning with agents

5.3.1 Tree of Thought

5.3.2 Reflexion

5.3.3 Selecting the right pattern for your agents

5.4 Utilizing the Sequential Thinking MCP Server

5.4.1 Unchaining the Sequential Thinking Server

5.4.2 Revisiting time travel problems with Sequential Thinking

5.4.3 Advanced reasoning with sequential thinking

5.5 Exercises

5.6 Summary

6 Working with memory and knowledge RAG for agents

6.1 Understanding retrieval in AI applications

6.1.1 The basics of retrieval augmented generation (RAG)

6.1.2 Delving into semantic search and document indexing

6.1.3 Applying vector similarity search

6.2 Vector databases and similarity search

6.2.1 Demystifying document embeddings

6.2.2 Querying document embeddings from Chroma

6.3 Building practical RAG knowledge agents

6.3.1 Everything begins with search and relevance

6.3.2 Building a vector search RAG agent

6.3.3 Building a hybrid search RAG agent

6.4 Adding memory to agents with MCP

6.4.1 Understanding memory form and agent function

6.4.2 Implementing a graph database for memory using MCP

6.4.3 Creating hybrid memory systems with MCP

6.4.4 Semantic augmented memory and applications to semantic, episodic, and procedural memory

6.4.5 Uncluttering memory with compression and forgetting

6.5 Exercises

6.6 Summary

7 Building robust agents with evaluation and feedback

7.1 Introducing agent evaluation and feedback

7.2 Implementing test-driven agent development

7.2.1 Exploring TDAD in practice

7.2.2 Coding and testing the RAG agent

7.2.3 Refactoring the agent

7.2.4 Extending evaluation with an agent evaluator

7.3 Employing grounding, critic, and evaluation agents

7.3.1 Reviewing the grounding agent

7.3.2 Grounding the RAG agent

7.3.3 Implementing grounding agents as guardrails

7.3.4 Understanding the role of rubrics in evaluation

7.3.5 Building a rubric critic agent

7.4 Phoenix for evaluation and feedback

7.4.1 Connecting to Phoenix

7.4.2 Adding metadata and session tracking

7.4.3 Experimenting with evaluators

7.4.4 Providing feedback with Annotations

7.5 Exercises

7.6 Summary

8 Deploying agents and agentic systems

8.1 Strategies for consuming agents

8.1.1 Embedding real-time voice agents into web applications

8.1.2 Hosting agents through an API

8.1.3 Consuming an agent web service in a web application

8.2 Dockerizing agent systems

8.2.1 Containerizing an agent microservice

8.2.2 Orchestrating agentic systems with Docker Compose

8.2.3 Externalizing local agent microservices

8.3 Considering advanced deployment strategies

8.3.1 Choosing a runtime: edge, API, or event-driven

8.3.2 The three “wires” of communication

8.3.3 Practical multi-agent topologies that adapt well

8.3.4 State, memory, and idempotency

8.3.5 Release engineering for agents (prompts, tools, models)

8.3.6 Observability matters

8.3.7 Reliability patterns: timeouts, fallbacks, and budgets

8.3.8 Cost control and model routing

8.4 Security, safety, and governance in production

8.4.1 A quick threat model for agentic systems

8.4.2 Identity and access—for people, services, and agents

8.4.3 Secrets and configuration management

8.4.4 Tool safety: sandboxing and egress control

8.4.5 Prompt-injection and data-exfiltration defenses

8.4.6 Safety and policy enforcement

8.5 Exercises

8.6 Summary

9 Engaging GPT Assistants

10 Exploring collaborative agent systems

11 Troubleshooting

Overview

8 Deploying agents and agentic systems

This chapter moves from toy examples to deployable agentic systems, focusing on how agents are consumed and where they should run. It contrasts three practical patterns—embedding agents directly in applications for low-latency experiences, hosting them as microservices behind APIs, and exposing them as tools via MCP or agent-to-agent calls—and demonstrates them with a browser-based real-time voice agent that delegates heavier work to a backend image-generation service. The examples show how to keep user experiences responsive, apply separation of concerns, and choose a pattern that fits interaction style, runtime needs, and operational control.

The deployment journey then centers on containerization and orchestration: packaging agents with Docker, running and managing them with Docker Desktop, and composing multiple services with Docker Compose to form a cohesive multi-agent stack. For quick demos, the chapter also shows how to tunnel local services externally. Architecture choices are framed by latency and workload: edge/browser runtimes for conversational and voice use, synchronous APIs for request/response tools, and event-driven workers for long or bursty jobs. Communication “wires” map to these needs—WebRTC/WebSocket for realtime, HTTP+SSE for streamed tool output, and message buses for background tasks—organized in a practical front-door topology that routes to specialized workers. State and memory are simplified with short-term chat stores, long-term knowledge via retrieval, and idempotent, cacheable tools to reduce latency and cost, complemented by intent-based model routing and trimmed context.

To productionize, the chapter emphasizes release engineering and operability: version prompts, tools, and models; gate and canary releases; and instrument everything with traces, metrics, and structured logs. Reliability improves with explicit time budgets, fallbacks, circuit breakers, and graceful degradation to maintain stable UX. Security, safety, and governance are addressed with a concrete threat model across client, gateway, runtime, tools, model provider, and storage; least-privilege identity, ephemeral client secrets, and externalized secret/config management; sandboxed tools with egress controls and resource limits; and defenses against prompt injection and data exfiltration using instruction hierarchies, schema-first allowlisted tools, and I/O sanitation. Content safety, policy enforcement, and human-in-the-loop approvals close the loop. With these patterns, you can select the right deployment strategy, containerize and orchestrate agents, and operate them securely and cost-effectively at scale.

shows three simple patterns for deploying and consuming agents. From embedded agents, a microservice API is accessible or used as a tool through other agents.

Connecting to a real-time model using a RealTime Agent object in a web browser. Allows for vocal interaction with the agent hosted in the browser.

connecting the real-time voice agent to the API image generation agent as a tool and then generating images.

There are several ways afrontend agent may consume containerized microservice agents as tools through an API or as MCP servers.

Docker Desktop interface for managing containers, allowing a user to start/stop containers, delete containers, and images.

shows a set of containers orchestrated through a Docker Compose file.

illustrates how external tunneling options can expose locally running agent services to external users. The Actor represents an external network user accessing an agent service. First the user browses to the tunneling service address and then routed to the a developers local machine.

a helpful decision flowchart for deciding agent deployments.

The practical front-door agent deployment pattern used for user-facing agents and applications

Summary

Agent consumption drives deployment: embed for ultra‑low latency UX, wrap as a synchronous API for request/response tasks, or run as event‑driven workers for long jobs and retries.
Realtime agents in the browser (WebRTC/WebSocket) deliver barge‑in speech, token streaming, and the most responsive experiences—keep tools simple or proxy them server‑side.
Microservices + containers cleanly separate concerns; agents make ideal microservices because they’re self‑contained and easy to scale, swap, and version.
Dockerizing agent APIs standardizes runtime and dependencies; Compose lets you stand up multi‑agent stacks (UI, worker agents, tool services) with one command.
External tunneling (e.g., localtunnel) turns local prototypes into shareable demos without full cloud deployment—useful for POCs and quick pilots.
Choose the “wire” by latency and fit: WebRTC/WebSockets for realtime, HTTP+SSE for streamed request/response, and message buses for decoupled background work.
Front‑door/orchestrator patterns route user intents to specialized worker agents; keep the front‑door light and push complexity into typed, well‑scoped workers.
State and idempotency matter: store short‑term chat state separately from long‑term knowledge, and make tool calls idempotent to enable caching, replay, and resilience.
Release engineering applies to agents: version prompts, tools, and models; promote with gates; pin exact model/tool versions for reproducibility and incident debugging.
Observability is non‑negotiable: trace from UI → gateway → agent → tools → model; track latency, cost, and success metrics; prefer structured logs with PII redaction.
Reliability patterns—timeouts, fallbacks, circuit breakers, and graceful degradation—keep systems useful even when tools or models misbehave.
Cost control comes from routing by intent, trimming context, and caching deterministic results—lower tokens often means lower latency, too.
Security, safety, and governance must be built‑in: threat‑model surfaces, enforce least privilege, manage secrets correctly, sandbox tools, and defend against prompt‑injection with schema‑first tool contracts and instruction hierarchies.
With deployment patterns, observability, and safety in place, agents graduate from demos to dependable, production‑ready systems.

FAQ

What are the main ways to deploy and consume agents, and when should I use each?

Three common patterns:

Embedded in the app (edge/browser): Ultra‑low latency and great for real‑time voice/chat. Keep tools simple and stateless; avoid long‑running or multi‑agent workflows. Prompts/logic may be more exposed.
Backend API (microservice): Wrap the agent behind an HTTP API. Good separation of concerns, supports long‑running work and RAG. Add streaming for responsive UX.
Containerized microservice as a tool (API/MCP/A2A): Self‑contained agents consumed by other agents or apps. Ideal for scaling, swapping, and isolating long or heavy tasks. No built‑in UI.

How do I safely embed a real‑time voice agent in a web application?

Use a realtime model connection (e.g., OpenAI Agents SDK Realtime) in the browser.
Mint short‑lived (ephemeral) client secrets on your backend after user auth; never ship provider API keys to the browser.
Optimize for low latency: keep tools light, avoid heavy backend round‑trips, and limit capabilities when possible.
Great for conversational interfaces; not suited for long‑running/background tasks without proxying to backend tools.

When should I host an agent behind a web API, and what’s a minimal approach?

Use a backend API when you need separation, control, or long‑running operations (e.g., image generation, retrieval, analytics). A minimal pattern:

Wrap the agent with a simple POST endpoint (e.g., FastAPI) to accept inputs too large/long for GET.
Return clean payloads (e.g., image bytes or JSON) so clients don’t need to post‑process base64.
Enable streaming for partial results when desired; otherwise handle long ops asynchronously.

How do I containerize an agent microservice with Docker?

Create a Dockerfile from a slim base (e.g., python:3.11‑slim), install dependencies, copy app code, expose a PORT, and run via a production server (e.g., uvicorn).
Inject secrets (OPENAI_API_KEY) at runtime with -e or a secrets manager; don’t bake them into images.
Run locally with port mapping: docker run -p 8000:8000 -e OPENAI_API_KEY=...
Use Docker Desktop to view logs, start/stop containers, and manage versions.

How can I orchestrate multiple agent services with Docker Compose?

Define each service (web UI, voice agent, image agent, etc.) in docker-compose.yaml with build contexts, ports, env vars, and depends_on.
Share environment via .env (e.g., OPENAI_API_KEY); pin default models/voices per service.
Start everything with docker compose up --build, then access the web UI and watch logs for tool calls across services.

Can I expose local agent services to the internet without a cloud deploy?

Yes, use tunneling tools like localtunnel or ngrok to expose localhost ports quickly (e.g., npx localtunnel --port 8000).
Good for demos, POCs, and debugging; not recommended for production due to reliability, security, and performance limits.
Use authentication and understand any default passwords or access rules in the tunneling tool.

How do I choose where the agent runs: edge, API, or event‑driven workers?

Let latency drive the decision: ultra‑low latency UX → edge/browser; normal request/response → API microservice; long/bursty tasks or retries → event‑driven workers/queues.
Start simple: begin with an API, move hot paths to edge, and offload heavy tools to workers.
Plan for mixed topologies (a “front‑door” agent coordinating specialized worker agents).

What communication channels (“wires”) should I use between agents and tools?

WebRTC/WebSocket (Realtime): Full‑duplex audio/text, barge‑in, streaming TTS; best for voice/interactive UX.
HTTP + SSE (e.g., MCP): Simple request/response with streamed output; easy to proxy, log, and cache.
Message bus (Redis/NATS/Kafka): Decoupled, resilient execution for slow or concurrent tools; post results back when ready.

How should I handle state, memory, and idempotency in agent systems?

Short‑term conversation/state: store in fast stores (Redis/PostgreSQL); long‑term knowledge: vector stores via RAG.
Design tools to be idempotent and cacheable using deterministic keys (e.g., hash of inputs) for fast retries and replays.
Keep passed context minimal and role‑specific to reduce tokens, cost, and confusion.

What are the must‑have production practices: observability, reliability, cost, and security?

Observability: Trace every turn/tool call with correlation IDs; track p50/p95 latency, success rates, token/cost; keep structured logs with PII redaction. Tools like Phoenix help.
Reliability: Enforce time budgets, fallbacks, circuit breakers, and graceful degradation (e.g., text if TTS fails).
Cost control: Route by intent (small model for routing, larger for hard tasks), trim context, and cache wherever possible.
Security and safety: Threat‑model surfaces (client, API, agent, tools, model, storage), least privilege/ephemeral client secrets, secret rotation, sandbox tools with egress allowlists, defend against prompt‑injection, and add HITL/policy/content filters where needed.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$47.99 $23.99

you save $24.00 (50%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$47.99 $23.99

you save $24.00 (50%)

eBook

pdf, ePub, online

$47.99 $23.99

you save $24.00 (50%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more