Recurring AI agents do not fail only when the model gives a bad answer.
They fail when the job runs twice, reads stale data, misses an approval, writes to the wrong system, spends more than the work is worth, silently changes behavior after a prompt update, or nobody knows who owns the alert at 8:07 AM.
That is what an AI operations runbook is for. It turns "the agent runs every morning" into an operating system: owners, normal behavior, dashboards, alerts, pause criteria, retry rules, incidents, QA, cost checks, change control, and review cadence.
Short answer
An AI operations runbook template for recurring agent workflows should include the workflow owner, technical owner, trigger, expected run window, input checks, allowed actions, human approval gates, dashboard links, alert severity rules, pause criteria, retry and backfill policy, incident response steps, rollback instructions, quality review plan, cost thresholds, change-control rules, and monthly owner review agenda.
Use it after the workflow has clear requirements and monitoring design. If the workflow itself is still vague, start with the AI workflow automation requirements template. If the agent already has a workflow contract but lacks observability, pair this with how to design monitoring for recurring AI agent workflows.
*Visual requirement: create a slug-specific hero image plus a template preview visual showing owners, schedule, run record, approval queue, alerts, pause criteria, retries, rollback, QA sampling, cost checks, and monthly review.*
AI operations runbook summary table
Use this table as the one-page summary. The detailed template follows below.
| Runbook section | What it defines | Why it matters |
|---|---|---|
| Workflow identity | Name, owner, trigger, schedule, systems, business metric | Makes the agent a business workflow, not an orphaned script |
| Normal operation | What a healthy run looks like from trigger to output | Gives operators a baseline for spotting drift |
| Run record | What must be logged for every execution | Makes failures auditable and debuggable |
| Inputs | Freshness checks, required fields, permissions, source IDs | Prevents confident work over stale or incomplete context |
| Allowed actions | Read, draft, route, update, notify, trigger, or block | Keeps agency proportional to the workflow risk |
| Human approval | Reviewer, SLA, evidence view, decision log, escalation | Turns "human-in-the-loop" into a real queue |
| Monitoring | Dashboard, metrics, traces, quality, cost, outcome | Connects runtime health to operational value |
| Alerts | Severity, owner, channel, response time, next action | Stops failures from becoming quiet backlog |
| Pause criteria | Conditions that stop the agent automatically or manually | Protects customers, money, records, and trust |
| Retry and backfill | When to retry, skip, replay, or escalate | Avoids duplicate work and uncontrolled recovery |
| Incident response | Triage, containment, communication, resolution, postmortem | Gives the team a practiced path when things break |
| Rollback | How to undo, contain, or correct side effects | Makes production changes reversible where possible |
| Change control | How prompts, tools, models, permissions, and schedules change | Prevents accidental behavior changes |
| Review cadence | Weekly QA, monthly owner review, improvement backlog | Keeps the workflow useful after launch |
Red Brick Labs POV: if an agent runs on a schedule or event trigger and touches real work, it needs a runbook before it gets treated as production. A green scheduler status is not operations.
Copy-ready AI operations runbook template
Copy this into a doc, Notion page, Linear issue, Confluence page, Git repo, or internal wiki. Keep the runbook close to the workflow owner, not buried in an engineering archive nobody opens.
1. Workflow identity
| Field | Template prompt | Example |
|---|---|---|
| Workflow name | What recurring agent workflow is this? | Weekly renewal risk prep agent |
| Business owner | Who owns the business outcome and adoption? | Head of Customer Success |
| Technical owner | Who owns runtime, integrations, secrets, and logs? | Automation lead |
| Backup owner | Who can respond when the primary owner is unavailable? | RevOps manager |
| Trigger | Schedule, event, queue, webhook, or manual run? | Every Monday at 7:00 AM America/Toronto |
| Systems touched | What systems does the agent read, write, notify, or avoid? | CRM, support tickets, billing system, Slack |
| Business metric | What outcome should improve? | Reduce renewal prep time and missed at-risk follow-up |
| Risk level | Low, medium, high, or regulated? | Medium: customer records and internal CRM tasks |
| Production status | Shadow, pilot, limited production, or expanded production? | Limited production |
Do not list "AI team" as the business owner. AI teams can build and support the workflow. The operating team owns whether the work is actually useful.
2. Normal operation
Write the healthy path in plain language.
| Step | Healthy behavior | Evidence |
|---|---|---|
| Trigger | Agent starts within the expected run window | Scheduler event and run ID |
| Input collection | Agent pulls current records from approved systems | Source IDs, timestamps, and freshness check |
| AI work | Agent analyzes, classifies, drafts, routes, or summarizes within scope | Prompt version, model version, output |
| Tool use | Agent calls only approved tools with allowed arguments | Tool trace and permission decision |
| Human review | Risky or external-facing actions wait for approval | Review queue item and decision log |
| Output | Agent creates the expected record, task, summary, or notification | Destination ID and link |
| Completion | Run ends with status, cost, quality markers, and owner-visible summary | Run record and dashboard |
Example normal operation:
Every Monday at 7:00 AM, the renewal risk agent pulls CRM accounts renewing in the next 90 days, checks open support escalations and billing flags, drafts a risk summary for each account owner, creates internal CRM tasks after validation, and posts a Slack digest. It never emails customers or changes opportunity stages. High-risk accounts and low-confidence summaries require customer success manager review before any task is created.
That paragraph is more useful than a diagram with six unlabeled arrows.
3. Run record requirements
Every execution should leave one canonical run record.
| Run record field | Required? | Notes |
|---|---|---|
| Run ID | Yes | Unique ID for this execution |
| Workflow ID | Yes | Stable ID for the recurring workflow |
| Trigger source | Yes | Schedule, event, webhook, manual retry, or backfill |
| Expected start | Yes | Useful for missed-run and late-run alerts |
| Actual start and end | Yes | Used for latency and SLA checks |
| Status | Yes | Success, partial success, failed, skipped, paused, awaiting approval |
| Input snapshot | Yes | Source IDs, timestamps, versions, hashes, queue size |
| Prompt version | Yes | Link to the approved prompt or instruction set |
| Model version | Yes | Provider and model used |
| Tool calls | Yes | Tool name, arguments, response, error, retry, side effect |
| Human decisions | When applicable | Reviewer, decision, reason, edits, timestamp |
| Output links | Yes | Destination records, files, messages, tickets, or tasks |
| Cost | Yes | Token cost, tool cost, enrichment cost, runtime estimate |
| Quality marker | Yes | Validation pass, approval acceptance, sample QA result, rejection reason |
| Incident link | When applicable | Ticket, alert, postmortem, or remediation task |
OpenTelemetry's observability primer frames telemetry as traces, metrics, and logs. For AI workflows, the run record is the operator-facing wrapper around those signals. It should show what the agent saw, what it did, what it was allowed to do, who approved it, and what changed downstream.
4. Input checks
Recurring agents should not reason over whatever context happens to be available. They need input gates.
| Input check | Pass condition | Failure action |
|---|---|---|
| Source freshness | Data is newer than the allowed threshold | Pause or skip run; alert owner |
| Required fields | Required records, files, fields, and IDs are present | Route exception to owner |
| Permission | Agent has approved read/write scope | Pause and alert technical owner |
| Source of truth | Conflicting records resolve to documented system | Block output that depends on unresolved conflict |
| Data boundary | Restricted fields are excluded from model context | Pause and open security review |
| Queue size | Volume is within expected range | Warn owner or switch to batch mode |
| Duplicate guard | Idempotency key has not been processed | Skip duplicate and log reason |
NIST's AI Risk Management Framework and Generative AI Profile emphasize mapping context, measuring risk, and managing controls across the AI lifecycle. In operator language: know what data the agent is using, why it is allowed, and whether it is fit for the decision.
5. Allowed actions and blocked actions
Document permissions in operational terms, not only technical scopes.
| Action type | Agent can do this | Human must do this | Blocked in version one |
|---|---|---|---|
| Read | Pull approved records, files, tickets, and messages | Approve new data sources | Read restricted folders or personal inboxes |
| Draft | Prepare summaries, notes, replies, or task descriptions | Review external-facing or high-risk drafts | Send customer-facing messages directly |
| Route | Assign internal tasks or send items to queues | Review exceptions and escalations | Reassign regulated work without approval |
| Update | Write approved low-risk status or tracker fields | Approve sensitive CRM, ERP, HRIS, finance, or legal changes | Change money, contract terms, employment status, or legal positions |
| Notify | Post internal digest or exception alert | Decide on customer or vendor communication | Notify external parties without explicit approval |
| Trigger | Start downstream workflow after approval | Approve irreversible actions | Trigger payment, deletion, legal notice, customer email, or access change |
OWASP's agentic AI guidance and LLM risk work call out the danger of excessive agency: systems that can take damaging actions when outputs are unexpected, ambiguous, manipulated, or over-permissioned. The practical response is boring and powerful: least privilege, explicit blocked actions, approval gates, logs, and pause rules.
6. Human approval model
If the workflow says "human review," the runbook should say exactly what that means.
| Approval field | Template prompt | Example |
|---|---|---|
| Reviewer role | Who approves or rejects? | Customer success manager |
| Backup reviewer | Who covers absence? | RevOps manager |
| Approval SLA | How fast should review happen? | Same business day |
| Evidence view | What should the reviewer see? | Source records, summary, confidence, risk reason, proposed action |
| Edit rights | Can the reviewer edit output? | Yes, before CRM task creation |
| Rejection reasons | What options should be captured? | Wrong account, stale data, poor summary, missing evidence, policy concern |
| Escalation path | Who handles unresolved items? | Head of Customer Success |
| Audit log | Where is the decision stored? | Run record and CRM task history |
The OpenAI Agents SDK human-in-the-loop docs are a useful implementation pattern: sensitive tool calls can pause for approval and resume after a person decides. Even if your stack is different, the operating pattern should be the same. Risky action waits. Human decision is logged. The agent resumes with the decision.
7. Monitoring dashboard
The dashboard should make the workflow inspectable without asking an engineer to reconstruct logs.
| Dashboard tile | Minimum metric |
|---|---|
| Runs | Scheduled, started, completed, skipped, failed, paused |
| Freshness | Source timestamps, stale input count, missing required fields |
| Tool health | API/browser/tool failures, retries, timeout rate |
| Approval queue | Open approvals, oldest approval, rejection rate, edit rate |
| Output quality | Validation pass rate, accepted outputs, sample QA score, policy violations |
| Cost | Cost per run, cost per item, token volume, tool or enrichment cost |
| Business outcome | Cycle time, manual hours saved, backlog reduced, revenue or risk metric |
| Incidents | Open incidents, severity, owner, resolution time, follow-up actions |
LangSmith's observability docs, Microsoft Foundry observability docs, and the OpenAI agent docs all point in the same direction: production agent systems need visibility into traces, performance, quality, cost, and interactions. The exact tool matters less than the operating question: can the owner see whether the workflow is healthy and valuable?
8. Alert rules
Alerts should tell a human what happened, why it matters, and what to do next.
| Severity | Alert when | Notify | Response time |
|---|---|---|---|
| Info | Run completed with normal exceptions | Dashboard only or daily digest | No interruption |
| Warning | Late run, stale input, unusual cost, approval queue aging, quality dip | Business owner and technical owner during working hours | Same business day |
| Critical | Missed run, unauthorized action attempt, sensitive data exposure, failed writeback, duplicate external action, customer-facing failure | Immediate owner channel and incident responder | Immediate |
Every alert should include:
- workflow name;
- run ID;
- severity;
- what changed;
- likely business impact;
- whether the agent is paused or continuing;
- owner;
- next action;
- link to run record;
- link to the runbook section.
Google's SRE guidance on monitoring distributed systems is blunt in the right way: alerts should be tied to symptoms that need human action, not every internal detail. For recurring AI agents, the symptom is usually operational: missed work, stale decisions, blocked approvals, bad writebacks, policy breaches, or trust erosion.
9. Pause criteria
This is the most important part of the runbook. A production agent needs conditions where it stops.
| Pause condition | Pause type | Owner to resume |
|---|---|---|
| Required source data is stale beyond threshold | Automatic | Business owner and technical owner |
| Agent attempts a blocked tool or action | Automatic | Technical owner plus security reviewer |
| Sensitive data appears in unauthorized context | Automatic | Security or compliance reviewer |
| Duplicate processing risk is detected | Automatic | Technical owner |
| Output validation fails above threshold | Automatic | Business owner |
| Approval queue exceeds SLA by defined amount | Manual or automatic | Business owner |
| Cost per run exceeds threshold | Warning, then manual pause | Business owner and technical owner |
| External system schema or API changes | Automatic for write actions | Technical owner |
| Customer-facing mistake is detected | Manual or automatic | Business owner |
| Prompt, model, permission, or tool change is unapproved | Automatic | Technical owner |
Pause criteria protect trust. They also make it easier to approve useful automation because leaders know where the brakes are.
10. Retry, backfill, and skip rules
Bad recovery creates more damage than the original failure. Write the retry policy before the first incident.
| Scenario | Default action | Notes |
|---|---|---|
| Temporary API timeout | Retry with capped attempts | Log each retry and final status |
| Auth failure | Pause | Do not loop on expired credentials |
| Stale input | Skip or pause | Do not run on stale records unless owner approves |
| Duplicate run | Skip duplicate | Use idempotency key and source window |
| Partial writeback | Pause and open incident | Identify what changed before retry |
| Approval timeout | Escalate | Do not auto-approve because humans were slow |
| Missed scheduled run | Backfill only after owner review | Avoid duplicate downstream actions |
| Bad output caught before write | Regenerate or route for review | Keep failed output for analysis |
| Bad output already written | Incident and rollback | Do not silently overwrite without audit |
Retry is not a vibes-based operation. It is a business decision with technical consequences.
11. Incident response
Use this when something important breaks.
| Incident step | What to do | Owner |
|---|---|---|
| Triage | Identify workflow, run ID, severity, affected records, and side effects | Technical owner |
| Contain | Pause agent, block risky tools, stop downstream sends or writes | Technical owner |
| Assess impact | Determine customer, financial, legal, HR, or operational exposure | Business owner |
| Communicate | Notify affected internal owners with status and next update time | Business owner |
| Correct | Roll back, repair records, resend, reroute, or manually complete work | Assigned responder |
| Document | Link run record, root cause, timeline, decisions, and remediation | Incident owner |
| Prevent | Add test, monitor, guardrail, prompt change, permission change, or training | Business + technical owner |
Google's incident management guidance makes a simple point that applies here: if you have not thought through the response before the incident, real-time response gets messy. AI agent incidents are worse when nobody knows whether to pause the agent, retry the run, tell users, or repair downstream records.
12. Rollback and correction
Not every AI workflow can roll back cleanly. The runbook should say what is reversible and what is only correctable.
| Side effect | Rollback or correction path |
|---|---|
| Internal draft created | Delete or archive draft; log reason |
| Internal task created | Close task with correction note or update assignee/status |
| CRM field updated | Restore previous value from run record or audit history |
| Slack or Teams message sent | Reply with correction; delete if policy allows |
| Customer email sent | Escalate to owner; send correction only after approval |
| File created or moved | Restore location or version; log affected file IDs |
| Payment, legal, HR, or access action | Escalate immediately; follow department-specific incident procedure |
Red Brick Labs usually recommends starting recurring agents with draft, route, summarize, or internal-update permissions before expanding to irreversible actions. The first version should prove reliability and review flow before it earns more agency.
13. Quality review
Quality review should sample successful runs, not only failures. Otherwise you only learn about the errors loud enough to break something.
| Review item | Cadence | Owner |
|---|---|---|
| Sample successful outputs | Weekly during pilot, then monthly | Business owner |
| Review rejected outputs | Weekly | Business owner |
| Review prompt and instruction changes | Before release | Technical owner |
| Review edge cases and exceptions | Weekly during pilot | Business + technical owner |
| Review cost per useful output | Monthly | Business owner |
| Review user feedback | Monthly | Workflow owner |
| Review incident follow-ups | After each incident and monthly | Incident owner |
Use a simple scorecard:
| QA criterion | Pass / fail / notes |
|---|---|
| Used the right input records | |
| Followed allowed actions | |
| Routed approvals correctly | |
| Produced useful output | |
| Avoided restricted data | |
| Created correct downstream record | |
| Saved operator time | |
| Needs prompt, tool, data, or process change |
This is where AI operations becomes continuous improvement instead of set-and-forget automation.
14. Cost and ROI checks
Cost belongs in the runbook because recurring workflows can quietly drift.
| Cost check | Threshold |
|---|---|
| Cost per run | Define expected range and warning threshold |
| Cost per processed item | Compare against manual effort saved |
| Token volume | Alert on unusual input, output, or retrieval growth |
| Tool and enrichment cost | Track paid API, browser, scraping, or data-provider usage |
| Human review time | Measure whether approval work is shrinking or growing |
| Rework cost | Track time spent correcting bad outputs |
| Business outcome | Compare against cycle time, backlog, risk, revenue, or savings target |
If an agent saves 20 minutes of work but creates 18 minutes of review and correction, it is not production leverage yet. It is a pilot with paperwork.
15. Change control
Recurring agents change when prompts, models, tools, data schemas, permissions, schedules, and business rules change. The runbook should make those changes visible.
| Change type | Required before release |
|---|---|
| Prompt or instruction change | Version, reason, reviewer, sample test, rollback path |
| Model change | Evaluation on known cases, cost and latency check, owner approval |
| Tool change | Permission review, test in sandbox or shadow mode, audit update |
| Data source change | Source-of-truth review, field mapping, privacy check |
| Schedule change | Owner approval, alert threshold update, missed-run test |
| Approval rule change | Reviewer approval, SLA update, audit-log test |
| Output destination change | Writeback test, rollback plan, affected-user notice |
This is especially important for agentic systems because small instruction changes can alter tool use and workflow behavior. Do not let production agents mutate through casual prompt edits.
16. Monthly owner review
Put this meeting on the calendar before launch.
| Agenda item | Question |
|---|---|
| Workflow value | Is the agent still improving the business metric? |
| Run health | Were there missed, late, duplicate, skipped, or failed runs? |
| Quality | Are users accepting outputs with less editing? |
| Approvals | Are review queues healthy, slow, or fake? |
| Exceptions | Which edge cases repeat and should be designed into the workflow? |
| Incidents | What broke, what changed, and what still needs follow-up? |
| Cost | Is cost per useful outcome stable and justified? |
| Scope | Should the agent stay narrow, expand, or be retired? |
| Ownership | Are owners, backups, and escalation paths still correct? |
The monthly review is where the team decides whether the agent earned more trust. Sometimes the right answer is expansion. Sometimes it is narrower scope. Sometimes it is turning the agent off because the process changed. All three are operational maturity.
Example mini-runbook
| Section | Example |
|---|---|
| Workflow | Weekly renewal risk prep agent |
| Business owner | Head of Customer Success |
| Technical owner | RevOps automation lead |
| Trigger | Every Monday at 7:00 AM America/Toronto |
| Inputs | CRM renewals in next 90 days, support escalations, billing flags, latest QBR notes |
| Allowed actions | Draft risk summaries, create internal CRM tasks after validation, post internal Slack digest |
| Blocked actions | Email customers, change opportunity stages, apply discounts, update contract terms |
| Human approval | Required for high-risk account recommendations and low-confidence summaries |
| Dashboard | Runs, stale inputs, failed tool calls, open approvals, output acceptance, cost, incidents |
| Warning alerts | Approval queue older than one business day, cost 25% above baseline, stale support export |
| Critical alerts | Missed run, duplicate task creation, unauthorized write attempt, customer-facing send attempt |
| Pause criteria | Stale CRM export over 12 hours, blocked action attempt, output validation failure over threshold |
| Retry policy | Retry transient API failures twice; pause on auth failure or partial writeback |
| Rollback | Close incorrect CRM tasks with correction note; restore changed fields from audit history |
| QA | Review 10 successful accounts and all rejected outputs weekly during pilot |
| Change control | Prompt, model, tool, and permission changes require sample test and owner approval |
| Monthly review | Decide whether to expand from renewal risk prep to QBR prep |
That is enough for a real first version. It tells the owner what normal looks like, when to intervene, and how to improve the workflow without guessing.
Backlink asset: package this as a reusable runbook
This article should be treated as a linkable asset, not just a blog post.
Recommended downloadable package:
- One-page AI operations runbook summary.
- Full runbook template in Google Docs and Markdown.
- Run record field checklist.
- Alert severity matrix.
- Pause criteria worksheet.
- Retry, backfill, and skip policy table.
- Incident response worksheet.
- Monthly owner review agenda.
- Template preview graphic for resource pages and social sharing.
Useful backlink targets:
- AI operations and agent governance resource pages.
- Template galleries covering operations, RevOps, customer success, legal ops, and finance ops.
- Workflow automation communities comparing production patterns.
- SaaS resource libraries looking for practical AI adoption templates.
- Newsletters writing about agentic AI moving from experiments to operations.
- Implementation partner blogs that need a neutral runbook asset.
Anchor copy: "AI operations runbook template."
Backlink angle: most AI agent content stops at architecture, prompts, or monitoring. This template covers the human operating layer after launch: owners, alerts, pause rules, incidents, retries, QA, cost, and change control.
Red Brick Labs POV
The runbook is not admin overhead. It is the line between a useful recurring agent and a clever scheduled script nobody trusts.
Red Brick Labs would not treat a recurring agent as production until four things are true:
- The workflow has a named business owner and technical owner.
- Every run creates an inspectable record.
- Risky actions have approval gates and pause criteria.
- The owner has a review cadence that ties quality, cost, incidents, and business outcome together.
The best AI operations systems are not the most autonomous. They are the most accountable. They make it obvious what happened, who approved it, what changed, what broke, and what the team learned.
That is how operators get from AI experiments to production workflows that save time without creating a new layer of invisible risk.
CTA: turn the runbook into a working AI operations system
If your team has recurring AI agents in planning, pilot, or production, Red Brick Labs can help turn the runbook into the operating model: workflow scope, agent implementation, monitoring, approval gates, alerts, run records, incident process, and owner training.
Book a 15-minute AI operations consult or email suri@redbricklabs.io.
Turn the runbook into production AI operations: Red Brick Labs can help your team map the recurring workflow, build the agent, define monitoring and approval gates, write the runbook, and train the internal owner.
Visual and asset requirements
- Hero image:
/blog/images/ai-operations-runbook-template-for-recurring-agent-workflows.png. - Template preview visual:
/blog/images/ai-operations-runbook-template-for-recurring-agent-workflows-preview.png. - Preview content: one-page runbook with workflow identity, owners, normal run, run record, dashboard, alert severity, pause criteria, retry rules, incident response, rollback, QA sample, cost checks, change control, and monthly review.
- Style: dark editorial AI operations desk, readable template UI, Red Brick Labs teal and burgundy accents, no generic robot hands or abstract blue cloud graphics.
- Alt text: "AI operations runbook template preview for recurring agent workflows with owners, alerts, pause criteria, retries, incidents, QA, cost, and change control."
Source notes and research links
- NIST AI Risk Management Framework 1.0 informed the governance, mapping, measuring, and managing structure behind the runbook.
- NIST AI Risk Management Framework: Generative AI Profile informed the emphasis on operational monitoring, risk response, owner review, and controls for generative AI systems.
- OWASP Agentic AI Threats and Mitigations informed the allowed-actions, blocked-actions, least-privilege, and excessive-agency sections.
- OpenTelemetry Observability Primer informed the run record framing around traces, metrics, and logs.
- Google SRE: Monitoring Distributed Systems informed the alert severity guidance and focus on actionable symptoms.
- Google SRE: Managing Incidents informed the incident response and pre-planned response sections.
- OpenAI Agents SDK: Human-in-the-loop informed the approval-gate pattern for sensitive tool calls.
- LangSmith Observability and Microsoft Foundry Observability informed the agent observability sections covering traces, quality, cost, performance, and production monitoring.
- Red Brick Labs internal context used for linking and positioning: how to design monitoring for recurring AI agent workflows, best OpenClaw implementation partners for AI operations, AI workflow automation requirements template, AI agent governance checklist, 5 easy prompt engineering techniques, and 5 ways MVP agency accelerates development.
FAQ
What is an AI operations runbook?
An AI operations runbook is the operating manual for an AI workflow after it leaves the demo stage. It defines owners, normal behavior, run records, dashboards, alerts, approval queues, pause criteria, retry rules, incident response, rollback, quality review, cost checks, change control, and review cadence.
When should a recurring AI agent workflow have a runbook?
Write the runbook before a recurring agent runs unattended. A pilot can start with a lightweight version, but production workflows need named owners, dashboards, alert rules, pause criteria, retry policy, incident response, and change control before launch.
Who owns an AI agent runbook?
The business workflow owner owns the outcome and operating procedure. A technical owner owns runtime health, integrations, logs, secrets, deployments, and incident response. Sensitive workflows should also name security, legal, finance, or compliance reviewers.
What is the biggest mistake in AI operations runbooks?
The biggest mistake is documenting the technical job while skipping the business workflow. A useful runbook explains what healthy work looks like, what failure means to the business, when to pause the agent, who decides, and how the team learns from incidents.