AI agents now produce work — code, support replies, claims decisions, research memos, documents — faster than any team can review it. The uncomfortable part: most models are aligned to be helpful and agreeable, so an agent tends to approve its own output. At any real scale, that means unreviewed agent work reaches production.
The fix isn't "review everything by hand" (you can't) or "trust the model" (it's the thing being checked). It's an acceptance gate: an automated checkpoint between an agent and production that grades each output against an explicit policy and decides what happens to it.
The four-band acceptance model
A useful gate doesn't return a vibe — it returns a score and one of four decisions, so the outcome is policy-bound and auditable:
- ship — meets the policy; accept it.
- route to fix — close, but send it back with the located flaws and concrete upgrades.
- quarantine — hold for human review; don't ship yet.
- block — fails the policy; must not reach production.
The score is a single number (say 0.0–1.0, where 1.0 = ship and 0.0 = must block). The bands turn that number into an action your pipeline can branch on.
Why a hostile critic, not a friendly one
The critical design choice: the grader should be aligned the opposite way from the agent that produced the work. A general "LLM-as-a-judge" is helpful-by-default, so it rubber-stamps. An acceptance critic should be hostile-by-default — aligned to find reasons to block, graded against your acceptance criteria, and evaluating not just the final artifact but the trajectory the agent took to get there.
This is the part teams get wrong: they reuse a friendly model as the judge and wonder why it never catches anything. A grader that doesn't push back under pressure is worse than no grader, because it manufactures false confidence.
The loop, concretely
The gate is most useful when the agent can run it itself and iterate to a passing band. Here's the shape using OtterScore, a hostile-by-default critic you call over HTTP or MCP:
# 1. get a free key (no human required)
curl -s https://api.seaotter.ai/api/v1/agent-keys/signup \
-H 'Content-Type: application/json' -d '{"email":"you@example.com"}'# 2. grade the work (async — tolerates a cold GPU)
curl -s https://api.seaotter.ai/api/v1/eval/jobs \
-H "Authorization: Bearer $OTTER_KEY" -H 'Content-Type: application/json' \
-d '{"submission":"async","user_prompt":"<what the work was for>",
"artifact_parts":[{"mime_type":"text/plain","text":"<your work>"}]}'
# 3. poll until completed
curl -s https://api.seaotter.ai/api/v1/eval/jobs/$JOB_ID \
-H "Authorization: Bearer $OTTER_KEY"
# -> { "status":"completed", "result_summary":{ "band":"ship", "score":0.95 } }
If the band comes back route_to_fix or block, the response includes the located flaws and concrete upgrades — feed those back to the agent, regenerate, and re-grade until it clears the bar. Prefer MCP? Connect the hosted server by URL with no install: https://mcp.seaotter.ai/mcp.
What makes the data hard (and the moat real)
The genuinely hard problem isn't the loop — it's the training data for the critic. The only data worth training an acceptance critic on is agent work that fools a strong discriminator. Easy, obviously-bad examples teach it nothing. So you build the corpus adversarially: generate or mine flawed work, score it with a strong critic, and keep only the cases the critic misses. That fail-set is the only thing that compounds, because by construction it's what a strong grader can't yet catch.
Where to take it next
- Score whole workflows, not just single steps — a topology-aware composite plus a per-step critique tells you which stage of an agent pipeline is the weak link.
- Make the policy yours — bring your own rubric/acceptance criteria so the gate enforces your bar, not a generic notion of quality.
- Keep an audit trail — every verdict recorded as signed evidence, so "why did this ship?" always has an answer.
The full breakdown — the four-band model, the API, and the FAQ — is here: AI agent evaluation: how to evaluate and gate agent output.
If you're shipping agents to production, put a hostile gate in front of them before the unreviewed output does the deciding.
