« All posts

Autonomous agents' two big fears: runaway loops and exposed APIs

rysh's loop engineering and Forge features address the runaway-loop and API-exposure risks that come with building autonomous agents.

Anyone building autonomous agents faces the same two recurring fears: an agent given a goal that spins endlessly until it burns through the API budget, and the access problem of exposing internal APIs so agents can do real work — something security teams rightly resist. rysh, an agentic terminal multiplexer, tackles both with concrete engineering rather than hand-waving.

The first piece is what the author calls 'loop engineering': automations are saved as reusable recipes and run under hard ceilings — token budgets, iteration caps, wall-clock limits. Rather than just counting iterations, an LLM-judged step checks whether the goal is actually met after each pass. When a budget threshold is reached, the run doesn't hit a wall; a pre-written takeover prompt finishes the work gracefully, saving partial results and reporting what's left. Runs can checkpoint, resume, fan out across targets, and be scheduled via cron.

Recipes live as version-controlled markdown files with a two-level loop structure — an inner bounded working session and an outer loop that re-iterates until an LLM-judged condition holds — putting every safety property next to the goal it protects. The core argument: the hard part of agent loops isn't the loop itself, it's the brakes — budgets, judges, takeover conditions, checkpoints.

The second part introduces Forge, a mechanism for letting agents call private internal APIs without exposing them publicly or distributing credentials — details of which continue beyond this excerpt.