What happens first in a GaaS task?

The service receives a goal, validates the request, confirms access, and assembles the context needed for the task before the agent begins taking actions.

How does a GaaS agent decide which tool to use?

The agent compares the current goal and task state with the descriptions of approved tools. System permissions then determine whether the selected tool and destination are allowed.

Does GaaS always use multiple AI agents?

No. Many tasks work best with one agent inside a structured workflow. Multiple agents are useful only when specialist roles, delegation, or parallel work improve the result.

How does GaaS prevent duplicate write actions?

Reliable services use unique request identifiers, destination checks, limited retries, activity records, and confirmation rules before repeating a create or update action.

Where does human approval fit into GaaS?

Approval is placed before sensitive, external, destructive, financial, or difficult-to-reverse actions. The reviewer should see the exact proposal, destination, evidence, and risk.

How is a GaaS service evaluated?

Evaluation should cover the complete task, including tool selection, source accuracy, validation, completion, exceptions, duplicate actions, runtime, cost, and required human correction.

How Does Agentic as a Service Work?

Agentic as a Service turns a goal into a managed sequence of decisions and actions.

The user does not need to define every software step in advance. Instead, the service receives an objective, gathers the relevant context, chooses from approved capabilities, performs the work, checks the result, and either completes the task or sends it for review.

A reliable GaaS process is not an unrestricted AI loop.

It is a controlled operating model that combines:

AI reasoning;
structured workflows;
approved tools;
task state;
deterministic rules;
human approvals;
activity records; and
service monitoring.

The exact design varies by provider and use case, but most production services follow a similar lifecycle.

The GaaS operating lifecycle

A typical Agentic as a Service task moves through these stages:

Goal
→ Intake
→ Context
→ Plan
→ Tool Selection
→ Action
→ Observation
→ Validation
→ Approval or Escalation
→ Completion
→ Evaluation

Some tasks move through the sequence once.

Others repeat the action and observation stages until a stopping condition is reached.

1. The service receives a goal

Every run begins with a requested outcome.

The goal may come from:

a user message;
a form;
an uploaded file;
a scheduled workflow;
a business event;
an API request;
a new record;
a monitoring alert; or
another approved system.

A useful goal describes the result rather than only the activity.

For example:

Prepare a weekly project-risk report from approved project records.

This is clearer than:

Check the project system.

The service can measure whether a report was prepared, which period it covers, and whether the required risks were included.

2. The intake layer checks the request

Before an agent begins reasoning, the service should validate the request.

The intake layer may check:

user identity;
account access;
required fields;
file type;
requested destination;
task category;
permitted data;
maximum size;
urgency;
approval requirements; and
whether the request is supported.

Invalid requests should stop early.

This prevents the agent from spending time on a task that is incomplete, prohibited, or outside the service's purpose.

3. The service assembles task context

Context is the information the agent needs for the current task.

It may include:

the user's instruction;
current conversation details;
account or project settings;
relevant documents;
available tools;
workflow rules;
previous task state;
output requirements;
examples;
deadlines; and
known restrictions.

Good context is selective.

Sending every available document, message, and record can make the task slower and less reliable.

The service should retrieve only what is relevant to the current goal.

4. The orchestrator chooses the execution pattern

The orchestration layer decides how the task should run.

It may use:

one agent;
a fixed workflow with one agentic step;
several specialist agents;
sequential processing;
parallel processing;
a routing step;
a review loop; or
a human approval stage.

The simplest suitable pattern is usually the best starting point.

A straightforward document task may need one agent and two tools.

A complex investigation may need separate agents for retrieval, analysis, verification, and report preparation.

5. The agent prepares a working plan

The plan describes the next useful actions.

For a project-risk report, the plan might be:

Identify the reporting period.
Retrieve active projects.
Find unresolved blockers.
Compare deadlines with current status.
Group risks by severity.
Prepare the report.
Ask for approval before distribution.

The plan does not always need to be shown to the user.

However, the service should retain enough internal structure to explain what happened and to identify where a failure occurred.

Fixed planning and adaptive planning

GaaS platforms commonly combine two planning styles.

Fixed planning uses a known sequence.

It is suitable when:

the process is stable;
required steps are known;
compliance matters;
outputs must be consistent; or
the same checks must happen every time.

**Adaptive planning** lets the agent choose the next step based on the current result.

It is useful when:

source information varies;
several tools may be relevant;
follow-up questions may be needed;
the number of steps is unpredictable; or
exceptions require different responses.

Strong services use fixed controls around adaptive decisions.

6. The agent selects from approved tools

Tools allow the agent to interact with information and systems.

A GaaS tool may:

search a knowledge base;
retrieve a file;
query a database;
read an account record;
calculate a value;
create a document;
update a task;
send a message;
call an external service; or
run another approved workflow.

The agent should not discover unrestricted access during the task.

The service should provide a defined tool set for the use case.

Tool descriptions guide selection

Each tool should clearly explain:

what it does;
when it should be used;
what input it requires;
what result it returns;
whether it reads or writes;
which account it uses;
which source it accesses;
which destination it changes; and
what limitations apply.

Poor tool descriptions can lead to incorrect selection even when the tool itself works correctly.

7. Permissions are checked before action

Tool availability does not mean unlimited access.

Before execution, the service may check:

user permission;
agent permission;
account scope;
source allowlist;
destination allowlist;
URL access;
file-path access;
record type;
read or write status;
task risk;
approval state; and
execution limits.

The permission decision should happen outside the model whenever possible.

An AI instruction such as "do not access other projects" is weaker than a system rule that makes other projects unavailable.

8. The tool performs the action

Once approved, the tool receives structured input.

For example:

Tool: Search Project Records
Project: Atlas
Status: Active
Reporting Period: 1–7 June 2026

The tool performs the defined operation and returns a result.

A result may contain:

records;
text;
files;
status information;
identifiers;
timestamps;
warnings;
errors; or
confirmation of an external action.

The tool result becomes a new observation for the agent.

9. The agent observes and updates the task state

Task state records what has happened so far.

It may include:

completed steps;
retrieved records;
unresolved questions;
selected sources;
tool results;
validation status;
approval status;
errors;
retries;
current plan; and
remaining work.

State prevents the service from treating every step as a new unrelated request.

It also supports pausing and resuming.

For example, a task can stop before an external write, wait for a person's approval, and continue from the same point afterward.

Short-term state and long-term memory

These concepts should not be confused.

Short-term state supports the current run.

It remembers which records were retrieved, which steps passed, and what the agent should do next.

Long-term memory preserves selected information across separate runs.

It may store:

user preferences;
approved terminology;
recurring project details;
previous decisions;
task history; or
reusable organisational context.

Long-term memory should be deliberate, limited, and reviewable.

A service should not keep every interaction indefinitely simply because it can.

10. The result is validated

The agent's interpretation is not the final control.

Validation checks whether the result meets defined requirements.

It may verify:

required fields;
allowed values;
source references;
record identifiers;
date ranges;
totals;
output structure;
destination;
duplication;
policy rules;
completion criteria; and
confidence thresholds.

Deterministic validation is especially useful for values that should not be guessed.

Examples include account numbers, dates, amounts, status codes, file paths, and destination identifiers.

Validation may send the task backward

A failed check does not always end the run.

The service may:

correct the format;
retrieve a missing field;
use another approved source;
ask the user for clarification;
repeat one safe read action;
prepare an exception; or
send the task to a reviewer.

The service should limit correction loops.

Repeating the same failed step indefinitely is not useful autonomy.

11. Human approval is requested when required

Human review is part of the workflow, not a failure of agentic design.

Approval is useful before actions that are:

external;
financial;
destructive;
difficult to reverse;
legally important;
privacy-sensitive;
customer-facing;
security-related; or
based on uncertain information.

The approval request should show:

proposed action;
destination;
affected record or file;
current value;
proposed value;
supporting source;
risk or warning;
reversibility; and
what happens after approval.

The service should not hide important details behind a general "continue" button.

Approval must bind to one action

Approval should apply to the exact proposal shown.

If the agent later changes:

the destination;
the record;
the amount;
the recipient;
the fields;
the content; or
the tool,

the service should request approval again.

This prevents an old approval from being reused for a different action.

12. The service handles exceptions

Not every task can be completed automatically.

An exception may occur when:

the source is unavailable;
no matching record exists;
several records match;
information conflicts;
a permission is missing;
the task exceeds its limits;
a tool times out;
validation fails;
approval is denied; or
the agent cannot determine a safe next step.

A useful exception contains:

what happened;
which step failed;
what information is available;
what remains unknown;
what action was not performed;
who should review it; and
what input is needed next.

No result is different from an error

A tool can work correctly and return no match.

That is different from a server failure.

The service should distinguish:

Outcome	Meaning
Completed	The requested outcome passed validation
No result	The tool worked but found nothing
Needs input	Required information is missing
Needs approval	A person must authorise the next action
Partly completed	Some steps succeeded and others did not
Failed	The service could not complete the task
Stopped	A policy, limit, or reviewer ended the run

Clear status prevents users from mistaking an error for a valid empty result.

13. The service applies retry rules

Retries can recover from temporary problems, but they can also create harm.

Safe retry rules should consider:

whether the action reads or writes;
whether the first action may have completed;
whether a unique request identifier exists;
whether the destination can be checked;
how many attempts are allowed;
how long to wait;
which errors are temporary; and
when a person must review the task.

Read actions are usually safer to retry than create or update actions.

Write retries require destination checks

A write tool may time out after the destination has already changed.

Before retrying, the service should:

inspect the destination;
search for the request identifier;
compare timestamps;
confirm whether the intended change exists; and
retry only if the first action did not complete.

This is essential for preventing duplicate tasks, messages, files, and records.

14. The service decides when to stop

Every agentic run needs stopping conditions.

A task should stop when:

the goal is complete;
required validation passes;
the maximum number of steps is reached;
the runtime limit is reached;
the spending limit is reached;
the same error repeats;
required approval is denied;
no safe tool remains;
the source cannot be trusted; or
a person takes control.

Stopping safely is part of successful execution.

15. The outcome is delivered

The service returns the completed result through an approved channel.

It may:

display a response;
save a file;
update a system;
create a task;
send a notification;
store a report;
return structured data; or
pass the result to another workflow.

The output should identify its status and important evidence.

A completed research result may show sources and retrieval dates.

A completed write should show the destination and confirmation identifier.

16. Activity is recorded

GaaS providers need observability.

A useful activity record may include:

task identifier;
user or triggering system;
start and finish time;
model;
workflow version;
selected tools;
tool inputs;
tool outputs;
approvals;
warnings;
errors;
retries;
final status;
destination; and
cost or resource use.

Activity records support debugging, review, evaluation, and incident response.

They should not expose protected credentials.

17. The service measures task quality

Model quality alone does not show whether GaaS works.

Evaluation should measure the full outcome.

Useful measures include:

task completion rate;
correct tool selection;
source accuracy;
field accuracy;
successful validation;
approval rate;
exception rate;
duplicate-action rate;
recovery rate;
total runtime;
cost per completed task; and
human correction required.

The best measure depends on the use case.

Evaluate with representative cases

A provider should test:

normal cases;
incomplete input;
no-result cases;
conflicting sources;
permission failures;
tool errors;
timeouts;
long input;
repeated requests;
changed schemas;
denied approvals; and
unsafe instructions.

A service that works only on ideal examples is not ready for dependable use.

18. The service improves through controlled updates

GaaS providers may improve:

prompts;
models;
tools;
routing;
validation;
memory;
permissions;
retry rules;
user interfaces; and
monitoring.

Each change can affect behaviour.

Important updates should be versioned, tested, and released gradually.

Customers should know when a material change affects:

data handling;
tool access;
model provider;
output structure;
approval behaviour;
retention;
reliability; or
cost.

Single-agent and multi-agent operation

A single agent can handle many bounded tasks.

It is often easier to test, monitor, and maintain.

A multi-agent service may use specialists such as:

planner;
researcher;
verifier;
writer;
policy checker;
destination agent; or
supervisor.

Multi-agent designs can help when tasks need clearly different expertise or parallel work.

They also create more coordination, context, monitoring, and cost.

Multiple agents should be used because they improve the task, not because the design sounds more advanced.

How GaaS connects to business systems

A managed agentic service can connect through:

APIs;
webhooks;
database connections;
file services;
application integrations;
Model Context Protocol servers;
message queues;
event systems; or
approved desktop tools.

The integration method matters less than the controls around it.

Buyers should confirm:

which account is used;
what fields are accessible;
whether writes are possible;
where credentials are stored;
how permissions are limited;
what activity is logged; and
how access is revoked.

How Feluda fits into a GaaS workflow

Feluda can represent several GaaS operating ideas in a user-controlled environment.

Studio can define the structured workflow around agentic steps.

AI models can interpret information and choose approved tools.

MCP and Gene tools can connect workflows to data and actions.

RunFlows can expose intermediate output, warnings, and errors.

Schedule Manager can trigger recurring work.

Permissions can constrain URLs, IP addresses, file paths, and ports.

This does not mean every Feluda workflow is automatically GaaS.

GaaS is a service and operating model. Feluda provides building blocks that can support agentic services, managed workflows, or locally controlled agent execution.

A practical GaaS example

Consider a managed supplier-review service.

The goal is:

Prepare a monthly supplier-risk review and request approval before
creating follow-up tasks.

The service may:

receive the monthly schedule;
identify active suppliers;
retrieve approved performance records;
find late deliveries and unresolved issues;
compare the findings with risk rules;
prepare a supplier summary;
validate supplier identifiers and dates;
propose follow-up tasks;
ask a manager to approve the tasks;
create only the approved tasks;
verify the destination;
record the activity; and
measure corrections and completion time.

The agent handles variation in the records.

The workflow, permissions, validation, and approval steps control the risk.

What customers still need to manage

Buying GaaS does not transfer every responsibility to the provider.

Customers still need to define:

approved use cases;
data boundaries;
account ownership;
access levels;
human reviewers;
source quality;
destination rules;
retention requirements;
incident contacts;
success measures; and
when the service should not be used.

The provider operates the agentic capability.

The customer remains accountable for how it is used in the organisation.

Questions to ask about how a GaaS product works

Before adoption, ask:

How does a task enter the service?
What validates the request?
How is context selected?
Which models are used?
Which tools are available?
Who controls tool permissions?
How is task state stored?
What information is kept between runs?
Which actions require approval?
How are timeouts and retries handled?
How are duplicate writes prevented?
What stops an agent loop?
What activity can customers inspect?
How are failures escalated?
How are updates tested?
How can data, workflows, and logs be exported?
How is access revoked?

A provider should be able to explain the complete lifecycle in clear terms.

The central principle

Agentic as a Service works by combining flexible AI decisions with controlled execution.

The AI determines what may be useful next.

Tools perform defined actions.

State preserves progress.

Rules enforce boundaries.

Humans approve sensitive decisions.

Monitoring shows what happened.

Evaluation confirms whether the service produces dependable outcomes.

The agent is only one part of the system.

The full GaaS service is the operating layer that makes the agent usable, reviewable, and manageable over time.