Building Fault-Tolerant AI Agents with Fallback & Resilience

We design and deploy artificial intelligence systems: from prototype to production-ready solutions. Our team combines expertise in machine learning, data engineering and MLOps to make AI work not in the lab, but in real business.
Showing 1 of 1All 1564 services
Building Fault-Tolerant AI Agents with Fallback & Resilience
Complex
from 1 week to 3 months
Frequently Asked Questions

AI Development Areas

AI Solution Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1347
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    948
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

When an AI agent suddenly stops responding due to an OpenAI API outage or a local inference server crash, business processes grind to a halt. We've seen this many times: in production systems with 99.9% SLA, a 10-minute LLM downtime can mean losing thousands of orders. Recently, a fintech client's GPT-4o went down for 15 minutes due to a cloud failure—our fallback agents switched to Claude 3.5 in 400 ms, and the process never stalled. That's why we architect LLM and full-stack resilience that can take a hit: fallback providers, circuit breakers, checkpoints, and human escalation. All turnkey, with warranty and documentation.

How to make AI agents fault-tolerant?

The key is to ensure that when any component fails (LLM API, tool, orchestrator), the agent either instantly switches to a backup or degrades gracefully without losing progress. We implement four protection levels: LLM redundancy (fallback providers), circuit breaker for tools, checkpoint recovery for long-running tasks, and human escalation for unrecoverable errors. In practice, priority fallback with a circuit breaker is 2-3x more reliable than round-robin under peak load. AI agent SLA reaches 99.99% with this approach.

Why priority fallback with circuit breaker is more reliable?

The first and most common scenario is the primary model (GPT-4o) being unavailable due to rate limits or an outage. We use a fallback chain: OpenAI → Anthropic → local model (LLaMA 3 8B via vLLM). Switching happens in under 500 ms using a circuit breaker for each provider. Health checks let us detect failures early.

Let's compare popular fallback strategies:

Strategy Switch time Reliability (p99) Implementation complexity
Round-robin <50 ms 99.9% low
Priority with circuit breaker <500 ms 99.99% medium
Multi-head (all at once) <100 ms 99.95% high

We choose priority with circuit breaker: it offers the best balance of performance and resilience. MLOps fault tolerance for such systems requires monitoring and automatic recovery.

Practical implementation: code and configs

Let's examine key Python components.

Fallback LLM Provider

from tenacity import retry, stop_after_attempt, wait_exponential, retry_if_exception_type
import anthropic
import openai

class ResilientLLMClient:
    def __init__(self):
        self.providers = [
            {"name": "openai", "client": openai.AsyncOpenAI(), "model": "gpt-4o"},
            {"name": "anthropic", "client": anthropic.AsyncAnthropic(), "model": "claude-3-5-sonnet-20241022"},
            {"name": "local_vllm", "client": openai.AsyncOpenAI(base_url="http://gpu1:8000/v1"), "model": "llama-3-8b"},
        ]
        self.circuit_breakers = {p["name"]: CircuitBreaker() for p in self.providers}

    async def generate(self, messages: list, **kwargs) -> str:
        last_error = None

        for provider in self.providers:
            cb = self.circuit_breakers[provider["name"]]
            if cb.is_open():
                continue  # provider is disabled by circuit breaker

            try:
                result = await self._call_provider(provider, messages, **kwargs)
                cb.record_success()
                return result
            except Exception as e:
                cb.record_failure()
                last_error = e
                logger.warning(f"Provider {provider['name']} failed: {e}")

        raise RuntimeError(f"All LLM providers failed. Last error: {last_error}")

    @retry(
        stop=stop_after_attempt(3),
        wait=wait_exponential(multiplier=1, min=1, max=10),
        retry=retry_if_exception_type((openai.RateLimitError, openai.APIConnectionError))
    )
    async def _call_provider(self, provider: dict, messages: list, **kwargs) -> str:
        response = await provider["client"].chat.completions.create(
            model=provider["model"],
            messages=messages,
            **kwargs
        )
        return response.choices[0].message.content

Circuit Breaker Pattern

Our circuit breaker follows the classic Circuit Breaker pattern.

from enum import Enum
import time

class CircuitState(Enum):
    CLOSED = "closed"       # normal operation
    OPEN = "open"           # provider disabled
    HALF_OPEN = "half_open" # testing recovery

class CircuitBreaker:
    def __init__(self, failure_threshold=5, reset_timeout=60):
        self.failure_threshold = failure_threshold
        self.reset_timeout = reset_timeout
        self.failure_count = 0
        self.last_failure_time = 0
        self.state = CircuitState.CLOSED

    def is_open(self) -> bool:
        if self.state == CircuitState.OPEN:
            if time.time() - self.last_failure_time > self.reset_timeout:
                self.state = CircuitState.HALF_OPEN
                return False
            return True
        return False

    def record_failure(self):
        self.failure_count += 1
        self.last_failure_time = time.time()
        if self.failure_count >= self.failure_threshold:
            self.state = CircuitState.OPEN
            logger.error(f"Circuit breaker OPEN after {self.failure_count} failures")

    def record_success(self):
        if self.state == CircuitState.HALF_OPEN:
            self.state = CircuitState.CLOSED
            self.failure_count = 0
            logger.info("Circuit breaker CLOSED - provider recovered")

Checkpoint and task recovery

For long-running tasks (>1 min), we save progress in Redis:

@dataclass
class AgentCheckpoint:
    task_id: str
    step_index: int
    completed_steps: list[StepResult]
    state: dict             # arbitrary agent state
    saved_at: datetime

class CheckpointManager:
    def __init__(self, storage: Redis):
        self.storage = storage

    async def save(self, checkpoint: AgentCheckpoint):
        key = f"checkpoint:{checkpoint.task_id}"
        await self.storage.setex(
            key,
            3600,  # 1 hour TTL
            pickle.dumps(checkpoint)
        )

    async def load(self, task_id: str) -> AgentCheckpoint | None:
        key = f"checkpoint:{task_id}"
        data = await self.storage.get(key)
        return pickle.loads(data) if data else None

    async def resume_or_start(self, task: AgentTask) -> AgentCheckpoint:
        existing = await self.load(task.id)
        if existing:
            logger.info(f"Resuming task {task.id} from step {existing.step_index}")
            return existing
        return AgentCheckpoint(task_id=task.id, step_index=0, completed_steps=[], state={}, saved_at=datetime.utcnow())

Human escalation for unrecoverable errors

class EscalationPolicy:
    MAX_RETRIES = 3
    MAX_FALLBACK_ATTEMPTS = 2

    async def handle_failure(
        self,
        task: AgentTask,
        error: Exception,
        retry_count: int
    ) -> EscalationDecision:

        if retry_count < self.MAX_RETRIES and self._is_retriable(error):
            return EscalationDecision(action="retry", delay_seconds=2 ** retry_count)

        if isinstance(error, ToolUnavailableError):
            return EscalationDecision(action="use_fallback_tool", tool=self._get_fallback_tool(error.tool))

        # Escalate to human
        await self.notify_human(task, error, retry_count)
        return EscalationDecision(
            action="escalate",
            message=f"Task {task.id} requires human intervention after {retry_count} retries: {error}"
        )

Steps to implement fault tolerance

We follow a proven process:

  1. Analyze (1-2 days): audit current architecture, identify single points of failure, gather RTO/RPO requirements. For multi-agent redundancy, critical scenarios must be defined.
  2. Design (3-5 days): select patterns (retry, circuit breaker, checkpoint), prototype provider integrations.
  3. Implement (2-4 weeks): write code, configure circuit breakers, deploy checkpoint storage, set up escalation.
  4. Test (1 week): chaos testing—emulate LLM API failures, tool crashes, overloads. Measure p99 latency and successful recovery rate.
  5. Deploy and document (2-3 days): canary rollout, monitor all layers, write runbooks.

We also conduct load testing with simulated failures in each layer. This uncovers hidden issues like asymmetric timeouts between different providers.

Fault tolerance layer comparison

Layer Component Pattern Recovery time
LLM Providers Fallback + circuit breaker <500 ms
Tools API calls Retry + exponential backoff <10 s
Agent Task logic Checkpoint + resume <100 ms
Orchestrator Distribution Health check + reassign <1 s

Timelines and what's included

Estimated timelines: 2 to 6 weeks depending on system complexity and number of providers. Pricing is determined after an audit.

Deliverables:

  • Deployed fallback LLM client with circuit breaker
  • Checkpoint system on Redis (or another storage)
  • Human escalation policy integrated with a messenger
  • Chaos testing scenario
  • Documentation (runbook, architecture diagram)
  • Team training (1 hour)
  • 3-month warranty on implemented components
Example circuit breaker configuration for production
circuit_breaker:
  failure_threshold: 5
  reset_timeout: 60
  half_open_max_requests: 1
  monitor_interval: 10

Adjust settings based on provider p99 latency. For OpenAI with typical 2-3 second latency, use reset_timeout 60 seconds; for a local model, 10-15 seconds.

Common design mistakes

  • Same timeout for all providers. Different LLM APIs have different p99 latency. Tune individual timeouts.
  • Resetting circuit breaker on every success. After opening, make only one trial request per reset_timeout, otherwise the provider will be hammered with errors.
  • No graceful degradation. If all providers fail, the agent should report it, not spin in an infinite loop.

Our decade of experience: we've built fault-tolerant AI agents for 20+ projects—from e-commerce chatbots to warehouse automation systems. Get a consultation on your architecture: contact us for a 1-day audit. Order fault tolerance, and your agents will stop fearing failures.

MLOps: Infrastructure for Training, Deploying, and Monitoring ML Models

The model is trained, metrics — F1 0.94 on validation. Three months later in production, quality drops by 12%. No one knows when — there is no monitoring. It's impossible to retrain quickly — the training script is in a Jupyter notebook of a data scientist who has already left. Data for retraining is collected manually from three disparate systems. About half of the projects come to us with this pain. We build a turnkey MLOps platform: from experiment tracking to automatic deployment and data drift monitoring. We will assess your infrastructure in 1–2 weeks, and in 4–6 weeks you will get a basic MLOps core running in production. Our team has 10+ years of experience in ML infrastructure, over 50 implementations.

How does MLOps infrastructure benefit your ML projects?

Experiment Tracking and Reproducibility

Without tracking, an ML project turns into chaos: it's unclear which checkpoint is better, which hyperparameters were used, which dataset. Reproducing a result a month later is a quest.

Why is experiment tracking the foundation of reproducibility?

MLflow is an open source standard for tracking. It logs parameters, metrics, artifacts (models, graphs), and code. MLflow Model Registry is a centralized model storage with versioning and lifecycle stages (Staging → Production → Archived). Deployment via MLflow Serving or integration with external systems.

Typical initialization in code:

import mlflow

mlflow.set_experiment("fraud-detection-v2")
with mlflow.start_run():
    mlflow.log_params({"learning_rate": 3e-4, "batch_size": 64, "epochs": 10})
    mlflow.log_metric("val_f1", val_f1, step=epoch)
    mlflow.pytorch.log_model(model, "model")

This is the minimum. In production, we add logging of system metrics (GPU utilization, memory), dataset (hash, version), code (git commit hash). Weights & Biases — richer UI, collaboration features, sweep for hyperparameter optimization. MLflow — for on-premise deployment without external dependencies.

DVC (Data Version Control) — versioning of data and models on top of git. Data is stored in S3/GCS/Azure Blob, only metadata (hashes) in git. dvc repro reproduces the entire pipeline from raw data to metrics.

To ensure reproducibility of training, fix random seeds (torch.manual_seed, numpy.random.seed, random.seed) and record them in experiment metadata. Without this, debugging irregular results is painful. Log the dataset version (DVC hash) and git commit — then any experiment can be reproduced down to the byte.

Pipeline Orchestration: Kubeflow, Airflow, Prefect

A pipeline orchestrator becomes necessary when: A 100-line training script in cron is fine for simple tasks. But as soon as you have a multi-step pipeline (data loading → preprocessing → feature engineering → training → validation → deployment if quality above threshold), you need an orchestrator with retry logic, visualization, and alerts.

Kubeflow — Kubernetes-native orchestrator for ML (see Kubeflow). Each step is a Docker container. Supports parallel steps, conditional branches, artifacts between steps. Integrates with Katib (AutoML), KServe (serving), Feast (feature store).

Apache Airflow — more general DAG orchestrator. Wide ecosystem of operators (S3, Spark, DBT, Kubernetes). Easier to deploy if Airflow already exists in the company.

Prefect / Metaflow — less boilerplate. Prefect 2.x with @flow and @task decorators — quick start for small teams.

Typical training pipeline architecture on Kubeflow:

  1. Data ingestion component — fetches data from S3/DB, validates schema via Great Expectations
  2. Preprocessing component — transformations, normalization, train/val/test split
  3. Training component — training on GPU, logging to MLflow
  4. Evaluation component — metric calculation, comparison with baseline in Model Registry
  5. Conditional deployment — deploy only if new model is better than current by >2% F1

Each component is a separate Docker image. Pipeline is versioned in git. Scheduled run (retraining once a week on new data) or manual.

Model Registry and Lifecycle Management

Model Registry is not just a checkpoint store. It is a centralized system that knows:

  • Which model is currently in production (and with what metrics)
  • History of all versions with training parameters
  • Metadata: dataset, git commit, validation results
  • Lifecycle stage: None → Staging → Production → Archived

MLflow Model Registry — standard. For enterprise — Vertex AI Model Registry (GCP), SageMaker Model Registry (AWS), Azure ML Model Registry.

Model promotion through stages: automatically move model to Staging after successful eval, then manual or automatic (during A/B test) promotion to Production. Rollback — switch to previous Production version in seconds.

Serving: From FastAPI to Triton Inference Server

Simple case. FastAPI + PyTorch/ONNX on one server — 80% of production ML deployments are exactly that. Sufficient for most tasks with load up to 100 req/s.

from fastapi import FastAPI
import onnxruntime as ort

app = FastAPI()
session = ort.InferenceSession("model.onnx", providers=["CUDAExecutionProvider"])

@app.post("/predict")
async def predict(request: PredictRequest):
    inputs = preprocess(request.text)
    outputs = session.run(None, {"input_ids": inputs})
    return {"label": postprocess(outputs)}

Triton Inference Server — production standard for high loads (500+ req/s). Dynamic batching, concurrent model execution, model ensemble. Supports TensorRT, ONNX, PyTorch TorchScript, TensorFlow SavedModel.

KServe — Kubernetes-native ML serving with autoscaling, canary deployments, A/B testing out of the box. Scale-to-zero for inactive models — savings on infrastructure up to 40% annually for a project with 10 models.

Monitoring: Data Drift, Model Drift, Infrastructure Metrics

Monitoring — what is usually done last and regretted first. Three levels.

Infrastructure monitoring. Latency (P50/P95/P99), throughput (req/s), error rate (4xx, 5xx), GPU/CPU utilization. Prometheus + Grafana — standard. Alert when P99 latency > threshold or error rate > 1%.

Data drift monitoring. Distribution of input data changes over time. Detect via PSI (Population Stability Index) for numerical features: PSI > 0.2 — strong drift. Chi-squared test for categorical, Kolmogorov-Smirnov test for continuous. Evidently AI — open source library with ready-made drift tests.

Model drift monitoring. If ground truth is delayed (e.g., we know conversion after a week) — monitor real metrics. If not — surrogate metrics: distribution of prediction scores, proportion of confident predictions.

Alerting. Three levels: INFO (minor drift, log it), WARNING (significant, notify team), CRITICAL (quality dropped below threshold — automatic switch to fallback model).

Why is data drift monitoring important?

Without it, you learn about model degradation only from user complaints or ringing SLA. A drift alert allows you to retrain the model in advance, before errors start causing losses. In one of our projects, PSI monitoring detected drift 2 days after a data source change — this saved the campaign.

Common Mistake Consequences Solution
Lack of data versioning Irreproducible experiments Implement DVC or similar
Manual model deployment Human errors, slow rollback Automate CI/CD pipeline
Monitoring only by business metrics Late drift detection Add data drift monitoring (PSI, KS)

Feature Store

Feature Store solves the training-serving skew problem. If preprocessing during training and inference is implemented in two different places — divergence is inevitable.

A Feature Store is needed when:

  • Several models use the same features
  • Features are computed from streaming data (real-time)
  • Large team with different people on feature engineering and model training

Feast — open source Feature Store. Offline store (S3 + Parquet) for training, online store (Redis, DynamoDB) for low-latency inference. Feature definitions as code, materialization job syncs offline → online.

Tecton (commercial), Vertex AI Feature Store (GCP), SageMaker Feature Store (AWS) — managed options with less ops overhead.

CI/CD for ML

ML CI/CD is regular CI/CD plus specific ML steps.

ML-specific checks in CI:

  • Reproducibility check: run training with a fixed seed, result must match
  • Data validation: Great Expectations or Pandera on schema/distribution checks
  • Model performance check: automatic eval on holdout, block merge if degradation > threshold
  • Latency regression test: inference must meet SLA

GitOps for deployment. Merge to main → CI triggers training → eval → if passes → automatic deployment to Staging → smoke tests → manual promotion to Production or automatic upon successful canary.

Tools: GitHub Actions / GitLab CI for CI, ArgoCD for GitOps deployment on Kubernetes.

What's Included in MLOps Platform Development

We provide a full cycle of work, documentation, and team training.

Stage Duration Result
Audit of current infrastructure and data pipeline 1–2 weeks Roadmap with risks and priorities
Core deployment: MLflow, orchestrator, serving 4–6 weeks Working training and deployment pipeline
Feature Store and CI/CD for ML 2–3 months Feature Store, automatic retrain and deployment
Drift monitoring and alerting 3–4 weeks Dashboards, alerts, incident playbook
Team training and documentation 1–2 weeks Runbook, policies, training for data scientists

Total time from audit to full MLOps platform: 3–5 months. Also possible phased launch: basic level (tracking + serving) in 4–6 weeks.

Cost is calculated individually based on data volume, number of models, and infrastructure requirements. Order an MLOps infrastructure audit — get a roadmap in 1–2 weeks. Contact us for a project assessment — we will send a preliminary estimate within 2 business days.

Note: warranty on architectural solutions — 12 months. We provide integration certificates with major cloud providers (AWS, GCP, Azure). During our work, we have not lost a single client after the first implementation — the experience of 50+ successful MLOps projects speaks for itself. Get a consultation on building an MLOps platform today.