Agent Best Practices
A well-configured AI Agent is focused, safe, and consistently useful. These best practices are drawn from real deployment patterns across Chase Agents workspaces.
Write Specific, Role-Focused System Prompts
Avoid all-purpose agents that have access to everything and can do anything. These are hard to reason about, easy to misuse, and produce inconsistent results. Instead, create agents with a clear, narrow purpose: one for customer data queries, one for engineering tasks, one for marketing content review. A focused system prompt produces far better tool-use decisions than a broad one.
Assign Only the Connections the Agent Needs
Each connection you add to an agent expands its potential action surface. A customer support agent does not need access to your deployment pipeline. A data analyst agent does not need write access to your CRM. Assign the minimum set of connections required for the agent's designated purpose. This reduces risk and makes the agent's behavior easier to audit.
Distinguish Read-Only from Write Access
Many MCP servers expose both read tools such as fetch, list, and search, and write tools such as create, update, delete, and send. If your agent's primary purpose is analysis or answering questions, consider whether it actually needs write-capable tools. If you do include write tools, call this out explicitly in the system prompt and instruct the agent to always confirm with the user before taking any action that modifies data.
Describe Available Tools in the System Prompt
When you assign a connection to an agent, briefly describe what it is and what it is used for in the system prompt. For example: You have access to a Postgres connection called company-db which contains customer orders and product inventory, use it to answer questions about order status and stock levels. This context helps the model make better tool selection decisions, especially when multiple connections expose overlapping capabilities.
Set a Clear Output Format Preference
Tell the agent how to format its responses in the system prompt. If users are viewing responses in a markdown-aware interface, specify that the agent should use headers, bullet points, and tables where appropriate. If responses will be read in a plain-text context, instruct the agent to avoid markdown formatting. Consistent formatting makes the agent's output predictable and easier to act on.
Define Escalation Paths
Tell the agent what to do when it encounters something outside its scope. For example, instruct it that if a user asks about billing or account access, it should tell them to contact the support team. This prevents the agent from attempting to answer questions it lacks the context or tools to answer reliably, which reduces hallucinations and builds user trust.
Iterate Based on Real Sessions
No system prompt is perfect on the first try. After real users interact with the agent, review the conversation history to find patterns where the agent underperformed: misselected tools, gave vague answers, or went off-topic. Use those examples to refine the system prompt. Even a single sentence added to address a recurring failure mode can dramatically improve quality.
Use Separate Agents for Separate Audiences
If different teams or roles in your organization have different data access needs, create a separate agent for each group rather than one shared agent. A sales agent can have access to CRM and deal data. An HR agent can have access to your HRIS. Keeping these separate ensures that no single agent can inadvertently surface data that a user should not see, and makes permission management straightforward.
Treat the Agent as a Product
The best agents are treated like internal products: they have a clear owner, a defined scope, a changelog of prompt improvements, and a feedback channel for users to report when the agent underperformed. Designate someone on your team to review agent conversation logs periodically and to refine the system prompt based on what they observe. This discipline compounds over time into agents that reliably deliver value.