I'm an avid reader of Marc's blogs - they have a sense of practicality and general wisdom that's easily to follow, even for an average developer like me. In his most recent post, Marc contends that the creative and expressive power of agents can't be contained within its own logic - for the same reasons we call them agents (they’re flexible, creative problem solvers). I agree with that position.

He argues that safety for agents should be contained in a box. I like that framing, but his box is incomplete. He only talks about one half of the traffic that should be managed outside the agent's core logic: outbound calls to tools, LLMs, APIs etc. Id argue that in his diagram he is missing the really interesting stuff on the inbound path: routing, guardrails and if the box is handling at all traffic passing through it then end-to-end observability and tracing without any framework-specific instrumentation.

i'll go one further, we don't need a box - we need a data plane that handles all traffic to/from agents. An open source version of that is Plano: https://github.com/katanemo/plano. I am building it.