jcardena.com Blog My first real lesson in graceful degradation
145 posts
EN ES

My first real lesson in graceful degradation

Software

A personal story about an early-career system failure that taught the critical lesson of graceful degradation, now applied to building resilient AI agentic systems.

The dashboard was lit up, but with all the wrong colors. The site was up—every server returning a 200 OK—yet support tickets were flooding in with the same three words: "I see nothing." Product orders had flatlined overnight. We had shipped a feature so advanced it made our product invisible to a painful minority of our users.

This was my first visceral lesson in the architecture of graceful degradation. It wasn't a theoretical exercise in a textbook. It was the costly pain of watching a system perform beautifully for the majority, while catastrophically failing for everyone else.

The All-or-Nothing Bet

This was during the rise of the single-page application. We were rebuilding a core e-commerce flow and went all in, aiming for a fluid, desktop-class experience in the browser. No page reloads, instant feedback. It was impressive.

The architecture was simple: the server sent a nearly empty HTML shell and a single, hefty JavaScript bundle. That script would bootstrap a client-side framework, fetch data via APIs, and render the entire user interface. For users on a modern browser with a stable connection, it was magic. We had coupled the core function—seeing and buying a product—to the successful execution of that complex script. We failed to distinguish the essential content from its enhanced delivery.

User Requests PageServer Sends HTMLShellBrowser DownloadsJSJS Fails toExecuteResult is BlankPage
The Fragile All-or-Nothing Architecture

The Long Tail of Failure

Our monitoring was naive. It checked for a 200 OK on the root page, which the server happily provided. The problem was what didn't happen next. A significant slice of users never successfully executed the JavaScript bundle.

The reasons were a long tail of real-world messiness: slightly older corporate browsers, aggressive firewalls blocking our CDN, flaky mobile networks dropping the download midway. For these users, the result wasn't a broken layout. It was a completely blank page. The experience didn't degrade; it evaporated.

The Durable Baseline

The fix was to unwind our bet. The new guiding principle became: the server must deliver a complete, functional, buyable product page in plain HTML. This became our durable baseline. It required page reloads, but it worked for everyone, everywhere.

Our JavaScript was reframed as an enhancement that loaded on top. This approach, often called Progressive Enhancement, is a core tenet of building for the web's heterogeneity. Thinkers like Jeremy Keith formalized these ideas in foundational works like Resilient Web Design, but for us, it was a lesson learned in the field. If the script ran, it hijacked the static links and forms to create the dynamic experience. If it failed, the user was left with the boring, reliable, and—most importantly—profitable HTML version.

This isn't to say an all-or-nothing client-side app is always wrong. For controlled environments, like an internal enterprise tool with a mandated browser, it can be a perfectly valid trade-off for development speed.

The Same Pattern with Agents

This lesson directly applies to the agentic systems we build today. LLM agents are the ultimate enhancement layer. They promise to perform complex, multi-step tasks and provide novel, generative experiences. They are also, by their nature, unpredictable.

The failure modes are more subtle than a script error. They aren't just API outages or hallucinations. In production, I've seen silent semantic drift from a new model version subtly misclassifying data, or runaway agentic loops causing unexpected cost spirals that are themselves a form of system failure. Tying a core business process directly to a non-deterministic agent, especially one following a complex reasoning pattern like those described in the ReAct paper, is the new version of that blank white page.

The old pattern holds. If an AI agent's successful completion is required for your workflow, you are building a fragile system.

INPUT SOURCESUser RequestsAPI EventsData StreamsPROCESSING & STATEDeterministic CoreAgenticEnhancementFallback LogicReliable QueueSERVING & OUTPUTSCore API ResponseEnriched UIManual Review
Resilient Architecture with Agentic Fallbacks

What to Remember

The architectural question remains the same: what is the deterministic, reliable fallback? Consider an agent that categorizes support tickets. The enhanced path is magic. The fallback path is boring: if the agent fails or lacks confidence, the ticket is simply routed to a general human review queue. The core function—capturing the customer's issue—is preserved.

That early failure taught me that resilience isn't just about surviving server outages. It’s about designing for a world of unpredictable clients, networks, and now, AIs. The most durable systems are built in layers, ensuring that when the magical enhancement fails, the boring, reliable core is always there to do the work.

JC
Juan Cardena
Enterprise Architect, Data & AI

Enterprise architect with 25 years across web, software, data, and AI. MIT CDAO ’25. Writing on agentic AI in production.