Circuit Breaker
Stop calling a failing dependency for a cooldown period after error rates exceed a threshold.
Problem
When a dependency is genuinely down or rate-limited, naive retry logic hammers it with the same failing call over and over, burning token budget and wall-clock latency on responses that will never succeed. Worse, the retry storm can push a partially-degraded vendor past its rate limits and block legitimate traffic from other tenants, turning a small incident into a larger one. The team has no way to give the upstream a chance to recover without a coordinated decision to back off.
Solution
Track per-dependency error rate over a window. When error rate exceeds a threshold, 'open' the breaker: route calls to fallback (or fail fast) for a cooldown. After cooldown, allow trial calls; close the breaker on success.
When to use
- A dependency fails often enough that hammering it wastes cost or blocks legitimate traffic.
- Per-dependency error rates can be tracked over a meaningful window.
- A fallback or fail-fast path exists for use during the cooldown.
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.
Related
- Fallback Chain
- Rate Limiting
- Exception Handling and Recovery
- Provider Fallback
- Kill Switch
- Graceful Degradation
- Degenerate-Output Detection
- Pre-Generative Loop Gate
- Typed Tool-Loop Failure Detector
- Infrastructure Burst Bottleneck (Agent Scale-Out)
- Missing Idempotency on Agent Calls
- Naive Retry Without Backoff
- Agentic Behavior Tree
- Session-Scoped Payment Authorization