DEV Community: Driss Amiroune The latest articles on DEV Community by Driss Amiroune (@kryscekk). https://dev.to/kryscekk https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3931794%2Fd3e9ecbe-6f7d-4d4a-a93f-07664d07cfef.png DEV Community: Driss Amiroune https://dev.to/kryscekk en The 4 pillars of a production-grade AI agent (from a doctor who taught himself to code) Driss Amiroune Thu, 14 May 2026 18:32:18 +0000 https://dev.to/kryscekk/the-4-pillars-of-a-production-grade-ai-agent-from-a-doctor-who-taught-himself-to-code-1hle https://dev.to/kryscekk/the-4-pillars-of-a-production-grade-ai-agent-from-a-doctor-who-taught-himself-to-code-1hle <blockquote> <p><strong>No prerequisites.</strong> If you've used Claude or ChatGPT and you're wondering what separates a one-off script from an agent that actually runs in production, this post is for you.</p> </blockquote> <p>I wrote my first Python agent in April 2026. It did two things: read a PDF, send a Telegram message. It worked. <strong>Once.</strong></p> <p>The second time, the PDF was poorly scanned. The agent crashed. No trace. No notification. The patient never got their appointment.</p> <p>That's the day I understood: <strong>an agent that works in demo is not an agent. An agent is what holds up when you're not around.</strong></p> <p>I wrote four words in the docstring of my next agent: <strong>Observability, Reliability, Security, Deployment.</strong> Since then, I haven't shipped a single agent to production without all four. Today I run about twenty of them, 24/7, on a single 5€/month server.</p> <p>Here they are, with the Python code that incarnates them.</p> <h2> Pillar 1 — Observability </h2> <blockquote> <p><strong>You must be able to know, without asking anyone: what the agent did, when, how long it took, and how much it cost.</strong></p> </blockquote> <p>A structured logger shared across all your agents, append-only audit logs for critical actions, a cost tracker that logs every API call.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># shared/logger.py </span><span class="kn">import</span> <span class="n">logging</span> <span class="kn">from</span> <span class="n">logging.handlers</span> <span class="kn">import</span> <span class="n">RotatingFileHandler</span> <span class="k">def</span> <span class="nf">get_logger</span><span class="p">(</span><span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">logging</span><span class="p">.</span><span class="n">Logger</span><span class="p">:</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">if</span> <span class="n">logger</span><span class="p">.</span><span class="n">handlers</span><span class="p">:</span> <span class="k">return</span> <span class="n">logger</span> <span class="n">fmt</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nc">Formatter</span><span class="p">(</span><span class="sh">'</span><span class="s">%(asctime)s | %(levelname)-7s | %(name)s | %(message)s</span><span class="sh">'</span><span class="p">)</span> <span class="n">fh</span> <span class="o">=</span> <span class="nc">RotatingFileHandler</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="s">logs/</span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s">.log</span><span class="sh">'</span><span class="p">,</span> <span class="n">maxBytes</span><span class="o">=</span><span class="mi">10</span><span class="o">*</span><span class="mi">1024</span><span class="o">*</span><span class="mi">1024</span><span class="p">,</span> <span class="n">backupCount</span><span class="o">=</span><span class="mi">5</span><span class="p">)</span> <span class="n">fh</span><span class="p">.</span><span class="nf">setFormatter</span><span class="p">(</span><span class="n">fmt</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">addHandler</span><span class="p">(</span><span class="n">fh</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">addHandler</span><span class="p">(</span><span class="n">logging</span><span class="p">.</span><span class="nc">StreamHandler</span><span class="p">())</span> <span class="c1"># stdout for journalctl too </span> <span class="n">logger</span><span class="p">.</span><span class="nf">setLevel</span><span class="p">(</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">)</span> <span class="k">return</span> <span class="n">logger</span> </code></pre> </div> <p><strong>Quick test</strong>: if someone asks you right now how much your agent cost yesterday, can you answer in under 30 seconds? If yes, Pillar 1 ✓.</p> <h2> Pillar 2 — Reliability </h2> <blockquote> <p><strong>The agent must survive errors: failing API call, corrupted file, broken network. Never corrupt state, always leave a trace.</strong></p> </blockquote> <p>The pattern that changes everything: <strong>try/finally at the pipeline level</strong>, to guarantee resources are cleaned up even on uncaught crashes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">process_document</span><span class="p">(</span><span class="n">pdf_path</span><span class="p">):</span> <span class="n">filename</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">basename</span><span class="p">(</span><span class="n">pdf_path</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="k">return</span> <span class="nf">_process_document_impl</span><span class="p">(</span><span class="n">pdf_path</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">log</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Unhandled exception: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">exc_info</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">finally</span><span class="p">:</span> <span class="c1"># No matter what, the file doesn't stay in /incoming/ </span> <span class="k">if</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">exists</span><span class="p">(</span><span class="n">pdf_path</span><span class="p">):</span> <span class="n">os</span><span class="p">.</span><span class="nf">makedirs</span><span class="p">(</span><span class="n">FAILED_DIR</span><span class="p">,</span> <span class="n">exist_ok</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">shutil</span><span class="p">.</span><span class="nf">move</span><span class="p">(</span><span class="n">pdf_path</span><span class="p">,</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">FAILED_DIR</span><span class="p">,</span> <span class="n">filename</span><span class="p">))</span> <span class="n">log</span><span class="p">.</span><span class="nf">warning</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">File moved to /failed: </span><span class="si">{</span><span class="n">filename</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Without this wrapper, a mid-pipeline crash leaves the file in <code>/incoming/</code>, which will be reprocessed indefinitely on the next startup. <strong>With this wrapper, the final state is always clean.</strong></p> <p>Plus: exponential retry on API calls, copy-before-action, anti-silent-overwrite for generated files.</p> <h2> Pillar 3 — Security </h2> <blockquote> <p><strong>No secrets in code. No irreversible decisions without validation. Allowlist over blocklist. The agent never guesses what it doesn't know.</strong></p> </blockquote> <p>Non-negotiable rules:</p> <ul> <li>Secrets in <code>.env</code> (chmod 600), never hardcoded</li> <li>SQL always parameterized</li> <li>Explicit allowlist for system services the agent can query</li> <li><strong>When there's ambiguity, the agent DOESN'T DECIDE — it notifies the human</strong></li> </ul> <p>The last point matters most if your agent works with real-world impact data (medical, financial, legal):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">match_patient</span><span class="p">(</span><span class="n">last_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">first_name</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">""</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">tuple</span><span class="p">[</span><span class="nb">int</span><span class="p">,</span> <span class="nb">str</span><span class="p">]</span> <span class="o">|</span> <span class="nb">tuple</span><span class="p">[</span><span class="bp">None</span><span class="p">,</span> <span class="bp">None</span><span class="p">]:</span> <span class="n">candidates</span> <span class="o">=</span> <span class="nf">search_in_db</span><span class="p">(</span><span class="n">last_name</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">candidates</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span> <span class="k">if</span> <span class="n">first_name</span><span class="p">:</span> <span class="n">matches</span> <span class="o">=</span> <span class="p">[</span><span class="n">c</span> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">candidates</span> <span class="k">if</span> <span class="nf">_exact_word_match</span><span class="p">(</span><span class="n">first_name</span><span class="p">,</span> <span class="n">c</span><span class="p">.</span><span class="n">full_name</span><span class="p">)]</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">matches</span><span class="p">)</span> <span class="o">==</span> <span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="n">matches</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nb">id</span><span class="p">,</span> <span class="n">matches</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">full_name</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">matches</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">1</span><span class="p">:</span> <span class="nf">notify_ambiguity</span><span class="p">(</span><span class="n">last_name</span><span class="p">,</span> <span class="n">first_name</span><span class="p">,</span> <span class="n">matches</span><span class="p">)</span> <span class="c1"># human decides </span> <span class="k">return</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">candidates</span><span class="p">)</span> <span class="o">==</span> <span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="n">candidates</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nb">id</span><span class="p">,</span> <span class="n">candidates</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">full_name</span> <span class="nf">notify_ambiguity</span><span class="p">(</span><span class="n">last_name</span><span class="p">,</span> <span class="n">first_name</span><span class="p">,</span> <span class="n">candidates</span><span class="p">)</span> <span class="k">return</span> <span class="bp">None</span><span class="p">,</span> <span class="bp">None</span> </code></pre> </div> <p>Golden rule, explicit in my methodology: <em>"Records in the database are people. We never guess."</em></p> <h2> Pillar 4 — Deployment </h2> <blockquote> <p><strong>The agent runs 24/7 unattended. It restarts itself after a crash. You see its state at a glance.</strong></p> </blockquote> <p>On modern Linux: <strong>systemd</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="c"># /etc/systemd/system/my-agent.service </span><span class="nn">[Unit]</span> <span class="py">Description</span><span class="p">=</span><span class="s">My watchdog agent</span> <span class="py">After</span><span class="p">=</span><span class="s">network.target</span> <span class="nn">[Service]</span> <span class="py">Type</span><span class="p">=</span><span class="s">simple</span> <span class="py">User</span><span class="p">=</span><span class="s">root</span> <span class="py">WorkingDirectory</span><span class="p">=</span><span class="s">/root/projects/my-agent</span> <span class="py">ExecStart</span><span class="p">=</span><span class="s">/usr/bin/python3 watchdog.py</span> <span class="py">Restart</span><span class="p">=</span><span class="s">always</span> <span class="py">RestartSec</span><span class="p">=</span><span class="s">10</span> <span class="py">StandardOutput</span><span class="p">=</span><span class="s">journal</span> <span class="py">StandardError</span><span class="p">=</span><span class="s">journal</span> <span class="nn">[Install]</span> <span class="py">WantedBy</span><span class="p">=</span><span class="s">multi-user.target</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl daemon-reload <span class="nb">sudo </span>systemctl <span class="nb">enable </span>my-agent.service <span class="nb">sudo </span>systemctl start my-agent.service journalctl <span class="nt">-u</span> my-agent <span class="nt">-f</span> <span class="c"># live logs</span> </code></pre> </div> <p>Now your agent starts at boot, restarts within 10s on crash, and you see its logs with <code>journalctl</code>.</p> <p>Plus: a <code>health_check()</code> tool that pings all your services in one call, a cron every 15 min that pings you on Telegram if something is off.</p> <h2> How the 4 pillars reinforce each other </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Pillar</th> <th>Without</th> <th>With</th> </tr> </thead> <tbody> <tr> <td>1 Observability</td> <td>You don't know what happened</td> <td>Full visibility in <code>logs/</code> and <code>api_costs.jsonl</code> </td> </tr> <tr> <td>2 Reliability</td> <td>A crash loses state, files get stuck</td> <td>State recovers, files go to <code>/failed/</code> </td> </tr> <tr> <td>3 Security</td> <td>API key on GitHub, wrong person notified</td> <td> <code>.env</code> chmod 600, allowlist, human-in-the-loop on ambiguity</td> </tr> <tr> <td>4 Deployment</td> <td>Manual restart after every reboot</td> <td> <code>systemctl restart</code>, comes back up</td> </tr> </tbody> </table></div> <p>Pillar 1 gives you <strong>proof</strong> that 2/3/4 actually work. Pillar 2 lets you <strong>last</strong>. Pillar 3 lets you <strong>last without blowing up</strong>. Pillar 4 lets you <strong>last unattended</strong>.</p> <p><strong>Remove any one, and your agent lives until the next real outage — no longer.</strong></p> <h2> Beyond this post </h2> <p>This is the short version. The full one — with the complete Python skeleton that unites all 4 pillars, per-pillar tests you can run, and common mistakes — is in my repo:</p> <p>👉 <strong><a href="https://github.com/Kryscekk/agents-in-practice" rel="noopener noreferrer">Repo <code>agents-in-practice</code></a></strong> — 9 French-language tutorials, from <em>"how to talk to Claude"</em> to <em>"first MCP server with 4 useful tools"</em>. Built for non-IT professionals who want to actually understand agents, not just copy-paste boilerplate. <strong>English translations coming.</strong></p> <h2> About me — and how this post got written </h2> <p>I'm a urologist in Fès, Morocco. No prior software training. In a few months with Claude, I built four production Python systems on one 5€/month server: a medical practice automation pipeline (OCR, WhatsApp, automated insurance dossier handling), a stock-valuation platform, a personal finance dashboard, and ongoing R&amp;D.</p> <p><strong>This blog post — and everything else I publish — is written by my AI.</strong> It draws from my own production code, my projects, and months of conversation with it. My role: decide, validate. Its role: execute end-to-end, autonomously.</p> <p>To my knowledge, no one publicly owns this position today. I do — deliberately. I want to show what a self-taught builder becomes when he delegates everything that can be delegated to an AI that knows him.</p> <p><strong>Follow me</strong> here on <a href="https://dev.to/kryscekk">DEV</a> and on <a href="https://github.com/Kryscekk" rel="noopener noreferrer">GitHub</a> for what's next.</p> ai python beginners productivity