Elevator Pitch
Every enterprise wants AI agents, but tutorials skip the hard part: getting from demo to production. Building the agent is straightforward—navigating organizational constraints, earning trust incrementally, and deciding how much rigor is actually necessary? That's where projects stall. MyCoCo's platform team built their first agentic workflow—a Platform Infrastructure Agent that interprets developer requests and generates Terraform PRs—and discovered that their rollout approach mattered more than their prompt engineering.
TL;DR
The Problem: AI agents work great in demos but most never reach production due to organizational friction, unclear rollout paths, and over-engineered guardrails for low-risk use cases
The Solution: A progressive trust-building approach—dev environment validation, staged production rollout, and right-sized rigor based on actual risk
The Impact: MyCoCo deployed their first production agent in 6 weeks while establishing patterns for future agentic workflows
Key Implementation: Sandbox environment mirroring production, AI-assisted development, programmatic test management, and cost attribution from day one
Bottom Line: Your first agent is also your template—invest in reusable rollout patterns, not just the agent itself
Match guardrails to actual risk—a PR-generating agent has a fundamentally different blast radius than one with direct infrastructure access
The Challenge: Why Most AI Agents Never Leave the Demo
Jordan (Platform Engineer) had seen the pattern before. Someone builds an impressive AI demo, leadership gets excited, and then... nothing. The project dies in the gap between "it works on my laptop" and "it runs in production."
MyCoCo's platform team was drowning in vague infrastructure requests. Developers would ask things like "I need a database for the recommendation service—read-heavy, maybe 500GB" or "somewhere to store images for our mobile app." Each request required back-and-forth clarification, reasoning about architectural options, and eventually manual Terraform code. Jordan saw an opportunity: a Platform Infrastructure Agent that could interpret these requests, ask clarifying questions, and generate Terraform PRs for human review.
The technical implementation wasn't the blocker. The real challenges emerged immediately.
Organizational constraints shaped every decision. MyCoCo's approved AI tooling meant Gemini models only. Jordan initially considered AWS Bedrock, but it doesn't support Gemini—a critical consideration for teams whose cloud provider and AI provider don't align. The agent framework choice (Google ADK over n8n) came down to what wouldn't become a bottleneck at scale.
No internal reference existed. Every decision—authentication patterns, error handling, cost tracking—would become the template for future agents. This wasn't just about handling infrastructure requests; it was about proving agentic workflows could work at MyCoCo.
Nobody knew what it would cost. Token consumption was a complete unknown. Without visibility into per-run costs, there was no way to assess whether this approach made economic sense for other use cases.
Alex (VP of Engineering) asked the right question: "How do we get this to production without spending three months on guardrails?"
The Solution: Progressive Trust, Right-Sized Rigor
The Dev Environment is Everything
The single most critical requirement was a sandbox environment that behaved like production. Jordan created test requests mirroring actual infrastructure asks—covering the full range of request types the agent would encounter. Scripts automated test case creation and cleanup—no manual setup, fresh slate whenever needed.
This wasn't just good practice. It was the only way to validate agent behavior without risking real infrastructure. The team could iterate aggressively in dev precisely because failure there was free.
AI-Assisted Development Was Essential
Building agents from scratch isn't feasible for most teams—the patterns are too new. Jordan used Claude Code throughout development: planning the architecture, debugging unexpected behaviors, and refining prompts based on actual output. The key was maintaining a mental model of what was happening rather than blindly accepting suggestions.
"You can't just prompt your way to a production agent," Jordan noted. "You need to understand why the agent is making each decision, or you can't debug it when it goes wrong."
The Rollout Ladder
Rather than a big-bang production launch, Jordan defined explicit stages with clear graduation criteria:
Rung 1 — Dev environment only. Agent generates PRs against sandbox repo. No real infrastructure impact. Jordan reviews every output before it reaches developers. Blast radius: a bad test case.
Rung 2 — Production target, manual trigger. One real request at a time. Jordan reviews every output before it reaches developers. This is the critical trust-building stage—the agent proves it can handle real requests before the team reduces oversight.
Rung 3 — Semi-automated flow. Agent responds to requests in the platform channel, generates PRs, notifies developers directly. Jordan spot-checks rather than reviews everything. The team has built enough context to trust the output patterns.
Rung 4 — Expanded scope. More complex request types, approval workflow integration, higher-stakes infrastructure decisions.
Before graduating between rungs, Jordan demoed current behavior to the team. Stakeholders onboarded, but broad org buy-in wasn't required upfront—the platform team would mitigate issues. This kept the rollout moving without waiting for committee approval at every stage.
Right-Sizing Rigor
Maya (Security Engineer) pushed for comprehensive audit logging from day one. Jordan pushed back: "This agent generates PRs for human review. It can't provision infrastructure directly, access sensitive data, or cause outages. The blast radius is a rejected pull request."
Not every agent needs enterprise-grade guardrails. The team deferred heavy metrics investment for higher-stakes agents—the ones that would eventually take direct action rather than generating PRs for human approval. Rigor should match risk, not perception of risk.
Cost Attribution From Day One
Jordan tracked token consumption and estimated cost per agent run from the first week. Within two weeks, the team had a rough cost-per-request figure they could defend in any business case.
When Alex asked about cost tracking across future agents, research led to a CloudYali article on AI inference cost attribution. The spend-based framework resonated: Crawl (under $20k/month)—project isolation and basic tracking. Walk ($20k–$200k/month)—invest in tagging taxonomy. Run (over $200k/month)—consider gateway infrastructure.
MyCoCo was firmly in "crawl." This validated avoiding over-engineering. Jordan documented a simple attribution structure—team, product, environment—consistent enough for future agents to inherit.
Results: MyCoCo's Transformation
Template established. Future agents have a reference implementation—auth patterns, error handling, cost attribution, rollout stages. The second agent took half the time to reach production.
Organizational constraints documented. Gemini required. ADK over workflow tools. GitHub Actions for orchestration. Bedrock not viable for Gemini. These decisions are now written down, not re-litigated for each new agent.
Trust earned for bigger bets. Alex approved higher-stakes agent exploration—agents that would eventually take direct action rather than generating PRs. That approval was built on six weeks of demonstrated reliability at lower stakes.
Cost model validated. Token costs are now a line item in project proposals. Teams can estimate agent economics before building, not after deploying.
Key Takeaways
Your first agent is your template. The rollout patterns, auth decisions, and cost attribution structure you establish will be inherited by every subsequent agent. Invest in getting these right.
Organizational constraints are design inputs, not obstacles. Discovering early that Bedrock doesn't support Gemini saved MyCoCo weeks of rework. Surface these constraints in week one.
Dev environment mirroring production is non-negotiable. Scripts for test data management multiply velocity. Manual test setup is a tax that compounds with every iteration.
AI-assisted development is essential—but keep the mental model. You can't debug an agent you don't understand. Use AI tools to accelerate, not to abdicate understanding.
Right-size your rigor. Human review as the final gate dramatically reduces the blast radius of agent errors. Match your guardrail investment to actual risk, not theoretical risk.
Build cost visibility from day one with a spend-appropriate approach. You don't need a gateway on day one—you need a tag structure that scales to one.