Last reviewed: 2026-06-05

Direct answer

Every retry an agent fires against a model gateway sends a fresh prompt, which means retries are not free. Without guardrails, an agent that hits a transient 429 or 5xx and retries with exponential backoff can exhaust a session budget before a human operator notices. The remedy is to treat retry cost as a first-class design constraint and enforce limits at three points: the retry policy itself, the gateway request envelope, and an optional per-session token ceiling.

At the retry policy level, cap the maximum number of attempts (typically 2-3 beyond the first request) and use a fixed or exponential backoff with a hard ceiling so the agent cannot loop indefinitely. At the gateway layer, a compatible gateway such as CometAPI lets you route requests through a single endpoint that applies request-level and account-level controls, reducing the risk that individual agents each need to implement their own spend logic. At the application level, a session token counter that refuses to fire additional retries once a threshold is crossed gives you a final safety net.

The combination of a capped retry policy, a gateway that centralises routing and account controls, and an application-side token budget means a single misconfigured agent cannot produce unbounded model spend.

For broader release checks, see AI Coding Agent Setup, Security, and Model Routing .

Who this is for

This guide is for engineers who operate one or more coding agents that call a model gateway, particularly when those agents run autonomously in CI pipelines, cloud sandboxes, or overnight jobs where no human is watching the token meter in real time. It is also relevant if you have recently added fallback routing or multi-model logic to your agent stack, because each additional model path multiplies potential retry volume.

If you are new to gateway setup basics, Route Coding Agent Model Calls Without Endpoint Drift covers the foundational routing decisions before you layer cost guardrails on top.

Key takeaways

  • Retries are billed the same as original requests; treat retry budget as part of your per-task cost model.
  • A hard attempt cap (e.g., max 3 total attempts) with exponential backoff and a ceiling prevents most runaway loops.
  • Centralising requests through a gateway gives you a single place to apply account-level controls and observe aggregate usage rather than per-agent silos.
  • A per-session token counter at the application layer provides a final backstop independent of gateway configuration.
  • Verify exact pricing, quota, and rate-limit values for any model you use against the current gateway pricing documentation before increasing retry limits or concurrency.
  • Test your guardrail configuration with a controlled error injection before relying on it in production.

Retry cost mechanics

When a model gateway returns a retriable error, the agent resends the full conversation context. Depending on the task, that context may be several thousand tokens. With three automatic retries, an agent that was budgeted for one 4,000-token call can silently consume 16,000 tokens before the final request succeeds or the agent gives up.

The risk compounds when agents run in parallel. A CI job that launches four concurrent agent workers, each allowed three retries, can produce twelve model calls from a single flaky test step. If the flakiness is structural (for example, a gateway misconfiguration that produces consistent 5xx responses), the retry loop can drain a significant portion of a daily token budget before the issue surfaces.

The three variables that determine retry cost exposure are: (1) the size of the context window sent per request, (2) the number of retry attempts permitted, and (3) the number of concurrent agent sessions. Guardrails must address all three.

Guardrail layer 1: Retry policy caps

The retry policy is the first and most direct control. The recommended pattern for agent gateway calls is:

  • Set max_attempts to 3 (one original request plus two retries).
  • Use exponential backoff starting at 1 second with a cap of 30 seconds.
  • Treat 429 (rate-limited) and 5xx (server error) responses as retriable; treat 400 and 401 responses as non-retriable because they indicate a request or auth problem that a retry will not fix.
  • Log each retry attempt with its attempt number, error code, backoff delay, and estimated token count before firing the next request.

A GitHub Actions workflow that runs agent tasks can enforce a hard timeout via the timeout-minutes field at the job or step level, which provides a CI-layer ceiling independent of the retry logic inside the agent. Verify current workflow syntax and timeout field names against the GitHub Actions workflow syntax reference before relying on this in production.

Guardrail layer 2: Gateway-layer controls

Routing all agent model calls through a single gateway endpoint (rather than directly to individual provider APIs) creates a centralised observation and control point. A gateway in the OpenAI-compatible family, such as CometAPI, exposes endpoints in a request shape your agent tooling can already speak. Verify the exact endpoint paths, auth header format, request fields, and response fields against the current documentation:

  • Chat completions endpoint: CometAPI /api/text/chat reference
  • Responses endpoint: CometAPI /api/text/responses reference
  • Model listing and routing: CometAPI model overview
  • Pricing and usage documentation: CometAPI pricing overview

At the gateway layer, cost guardrails typically take the form of per-key usage limits, per-request max_tokens parameters, and account-level quota controls. The specific fields and limit surfaces available depend on the gateway you use and must be verified in current documentation; do not assume limits carry over from a different provider’s API.

A gateway also lets you centralise model fallback logic so that a retry that would have gone to an expensive frontier model can be redirected to a lower-cost model after the first failure. See Cost Controls for Coding Agent Model Gateways for the general pattern and Fallback Routing for Coding Agent Model Calls for the fallback routing mechanics.

Guardrail layer 3: Application-side session token budget

The third layer is a counter inside your agent that tracks tokens consumed during a session and refuses to fire additional requests (including retries) once a threshold is crossed. This operates independently of the gateway configuration and catches cases where gateway-side controls are misconfigured or temporarily unavailable.

A minimal implementation tracks:

  • Tokens sent in the session so far (input + output).
  • A hard ceiling defined per task type (e.g., 20,000 tokens for a routine CI repair task).
  • A soft warning threshold at 80% of the ceiling that logs a warning before the next request.
  • A flag that suppresses retries once the hard ceiling is crossed, replacing them with a structured error that the CI system can report.

The ceiling values are task-specific and must be calibrated against the actual token costs of the models you use. Verify current pricing per model against CometAPI pricing documentation and CometAPI support before committing ceiling values.

Smoke-test workflow

Setup assumptions: You have a working agent that calls a model gateway via an OpenAI-compatible chat or responses endpoint, a configured retry policy, and access to request logs or stdout output that shows token counts per request.

Happy-path plan:

  1. Run the agent against a simple task that requires a single model call.
  2. Confirm the request completes without retries.
  3. Record the tokens consumed and verify they are within the expected range for the task.
  4. Confirm the gateway routing header or model field in the response matches the intended model.

Error-path check:

  1. Inject a simulated error by configuring a test endpoint (or a local proxy) to return a 429 response for the first two requests before allowing a success.
  2. Observe that the agent retries up to the configured max_attempts limit and no further.
  3. Verify that each retry attempt is logged with its attempt number and error code.
  4. Verify that if the session token counter is exceeded during retries, the agent stops and emits a structured error rather than continuing.

Minimum assertions:

  • Retry count does not exceed max_attempts.
  • Backoff delay between retries is non-zero and does not exceed the configured ceiling.
  • Session token counter increments correctly across retries.
  • Non-retriable errors (400, 401) do not trigger a retry.

Pass/fail log fields to record:

test_run_id: timestamp: max_attempts_config: actual_attempts: final_status: <success|error-non-retriable|error-budget-exceeded> token_budget: tokens_consumed: budget_exceeded: <true|false> retriable_codes_observed: [] non_retriable_codes_observed: []

What the smoke test must not assert:

  • Specific pricing per token (verify against current docs; do not hard-code).
  • Model availability for a specific model identifier (verify against current gateway docs).
  • Uptime or latency SLAs (these are vendor commitments; do not test them in a guardrail smoke test).
  • Gateway account quota values (these are account-specific; verify in the gateway dashboard, not in the smoke test).

Failure modes

  • Evidence gap: the agent cannot inspect the failing log, source page, pull request, or local command output. The safe action is to stop and record the missing evidence instead of guessing.
  • Scope drift: the agent edits files that are not connected to the observed failure. Keep the repair tied to the failing signal and leave unrelated cleanup for a separate task.
  • Environment mismatch: the local check uses different versions, credentials, feature flags, or runtime settings than the hosted path. Record the mismatch before treating the result as proof.
  • Unreviewed fallback: the agent changes models, endpoints, permissions, or retry behavior to make a run pass without preserving the review boundary. Treat access and provider failures as operational blockers, not topic failures.
  • Weak handoff: the final note says the issue is fixed but omits the command, result, changed files, and remaining uncertainty. That makes the next operator repeat the investigation.

Sources checked

Contract details to verify

AreaWhat to verifySource URLAccessedSafe candidate wording
Chat completions request fieldsConfirm exact field names for max_tokens, model, and any retry-relevant response fieldshttps://apidoc.cometapi.com/api/text/chat2026-06-05“Verify current field names in the chat completions reference before implementing”
Responses endpoint fieldsConfirm whether the responses endpoint supports the same max_tokens and model fieldshttps://apidoc.cometapi.com/api/text/responses2026-06-05“Verify current field names in the responses endpoint reference before implementing”
GitHub Actions timeout fieldConfirm current syntax for timeout-minutes at job and step levelhttps://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax2026-06-05“Verify current timeout field syntax in the GitHub Actions workflow reference”
Codex cloud agent retry behaviourConfirm whether Codex cloud tasks expose retry or budget controls at the task levelhttps://developers.openai.com/codex/cloud2026-06-05“Verify current Codex cloud task configuration options before assuming specific retry controls”

FAQ

Why does capping max_attempts matter if the gateway already has rate limits?

Gateway rate limits cap the rate of requests per unit of time, but they typically do not cap the total number of retry attempts an agent fires during a session. An agent can stay under the rate limit while still executing many retries spread over several minutes. An explicit max_attempts cap ensures the agent gives up after a fixed number of failures regardless of how slowly it is retrying.

Should I set max_tokens low to reduce retry cost?

Setting a low max_tokens reduces the size of each response, which reduces output token cost per attempt. However, if the task genuinely requires a long response, an artificially low ceiling will cause the response to be truncated, which may cause the agent to retry because the output was incomplete. Set max_tokens at the level the task actually needs, and use the retry count cap and session budget to control total cost.

Can I rely on the gateway to stop runaway retries on my behalf?

Not as your only control. Gateway-level quota and rate-limit controls are designed to protect the service from overuse, but the granularity and configuration surface vary by gateway. Treat gateway controls as a second layer, not the first. Your retry policy and application-side session budget should stop runaway loops before the gateway has to.

What should I log for each retry attempt?

At minimum: attempt number, timestamp, HTTP status code returned by the gateway, backoff delay applied, and estimated token count for the request being retried. This information lets you reconstruct the retry sequence from logs without replaying the request.

How do I calibrate per-session token ceilings?

Run representative tasks in a staging environment with logging enabled, record the actual token consumption for the p50 and p95 case, and set the ceiling at roughly 2x the p95 value for normal tasks. For high-stakes tasks that justify higher ceilings, document the rationale. Verify token pricing for each model you use against current gateway pricing documentation before deciding whether a higher ceiling is cost-acceptable.

What if I am running multiple agents concurrently?

Each agent session should have its own token budget. At the CI job level, use GitHub Actions timeout-minutes or an equivalent CI timeout as a wall-clock ceiling that complements the per-session token budget. Verify current timeout syntax against the GitHub Actions workflow syntax reference before deploying this pattern.

Reader next step

Turn the next coding-agent request into a one-page task brief, then compare it with How to Write Repository Instructions for Coding Agents . For the surrounding setup and permission baseline, review AI Coding Agent Setup, Security, and Model Routing before assigning broader repository work.

After the repository instruction, secret, and review gates are in place, evaluate CometAPI as the model gateway target for only the writer, reviewer, critic, or fallback roles the team actually needs.