The idea
A hybrid system splits responsibility:
- The agent decides which safe option to take next.
- The Workflow executes side effects (writes, notifications, irreversible actions).
This keeps autonomy where it helps (uncertainty) and determinism where it matters (state changes).
Why it works in production
Hybrid is the default pattern when:
- you can’t enumerate all paths upfront,
- but you still need predictable cost, latency, and write behavior.
It also makes debugging sane: you can trace “what the agent chose” separately from “what the Workflow executed”.
Diagram (Workflow owns side effects)
Guardrails checklist (minimum)
- Budgets: max steps + wall-clock + $ per run
- Tool policy: allowlist, default-deny, scoped credentials
- Stop reasons: always return why the run stopped
- Approvals for writes: human-in-the-loop for irreversible actions
- Traces: log every decision, tool call, and state transition
When not to use hybrid
- If the steps are deterministic → build a Workflow.
- If you truly need open-ended exploration → use a read-only agent first, then add writes one tool at a time.