Do not hand work to another agent with only a transcript and a hopeful summary.
That is not a handoff.
It is a context dump.
The useful version is smaller and stricter. Before ownership changes, the giving agent writes down what the next owner needs to decide, what has already been done, what evidence supports the current state, what is still uncertain, and what the receiving agent is allowed to do next.
Then the receiving agent accepts, asks for repair, or escalates.
Why this matters
Multi-agent work fails in a different way than single-agent work. A bad assumption can move from one role to the next and start looking like shared truth.
The current LLM-specific handoff literature is still early. I would not claim there is one validated checklist for every agent-to-agent ownership change. The stronger evidence comes from three adjacent places.
First, structured human handoffs. A BMJ Quality & Safety review defines handoff as a transfer of information, authority, and responsibility. It found moderate-certainty evidence that I-PASS reduces medical errors and adverse events.
Source: https://qualitysafety.bmj.com/content/34/10/680
That does not mean clinical handoffs map perfectly to AI agents.
It does mean "I told the next person what happened" is not enough. The receiver needs the action list, contingency plan, and a chance to synthesize what they are taking on.
Second, multi-agent failure analysis. The MAST paper studied more than 1,600 annotated traces across seven multi-agent frameworks and grouped failures into system design issues, inter-agent misalignment, and task verification.
Source: https://arxiv.org/abs/2503.13657
That is the part teams underweight.
The handoff is not paperwork after the real work. It is part of task verification.
Third, current framework design. OpenAI's Agents SDK, LangChain handoffs, AutoGen handoffs, LangGraph persistence, and Google A2A all expose pieces of the handoff problem: delegation, input filters, state, checkpoints, tasks, artifacts, and context IDs.
Sources:
Keep reading with free field-guide resources.
VibeSec Advisory publishes practical research, Skills, workflow examples, MCP notes, prompt injection tests, and AI red-team lessons for builders working with agentic AI.
- https://openai.github.io/openai-agents-python/handoffs/
- https://docs.langchain.com/oss/python/langchain/multi-agent/handoffs
- https://microsoft.github.io/autogen/stable/user-guide/core-user-guide/design-patterns/handoffs.html
- https://docs.langchain.com/oss/python/langgraph/persistence
- https://github.com/google/A2A/blob/7b900e77/docs/topics/life-of-a-task.md
The tools give you mechanisms.
They do not automatically tell you whether the next owner has enough reliable state to continue safely.
The packet
For governed AI workflows, I would use a handoff packet with nine fields:
- Task ID and context ID.
- Current owner and next owner.
- Goal and definition of done.
- Completed steps and current artifact versions.
- Facts the receiver needs for the next decision.
- Evidence for the claims in the packet.
- Open risks, blockers, and missing data.
- Tool authority, data boundaries, and approval requirements.
- Verification status, including checks not run.
Then add one acceptance step.
The receiving agent must restate the goal, next action, artifact version, unresolved risks, and authority boundary before it acts. If it cannot do that cleanly, ownership has not changed yet.
This is deliberately boring.
That is the point.
Agent handoffs fail when work moves faster than responsibility. A packet forces responsibility to move with the work.
It also keeps the team from confusing "the agent has context" with "the agent has accepted ownership."
Those are different states.
What to audit
The easiest audit is a trace review.
Pick one multi-agent workflow where one agent plans, another executes, and another reviews. Find the point where ownership changes.
Then ask:
- What artifact did the giving agent hand off?
- Which version did the receiving agent use?
- Which claims had source or tool evidence?
- Which assumptions were marked as assumptions?
- Which tool actions were allowed after the handoff?
- Which checks were skipped?
- Did the receiving agent accept ownership, or did it just continue?
If the answer lives only in the transcript, the workflow is not auditable enough.
The handoff packet should be short enough to use and specific enough to review. It should not become a policy deck. It should be the small operating surface that keeps ownership, evidence, and authority attached to the work.
Do not add more agents until your handoff contract is visible.
Sources:
- https://qualitysafety.bmj.com/content/34/10/680
- https://pmc.ncbi.nlm.nih.gov/articles/PMC10964397/
- https://arxiv.org/html/2402.01680
- https://arxiv.org/abs/2503.13657
- https://openai.github.io/openai-agents-python/handoffs/
- https://docs.langchain.com/oss/python/langchain/multi-agent/handoffs
- https://microsoft.github.io/autogen/stable/user-guide/core-user-guide/design-patterns/handoffs.html
- https://docs.langchain.com/oss/python/langgraph/persistence
- https://docs.langchain.com/oss/python/langgraph/use-time-travel
- https://github.com/google/A2A/blob/7b900e77/docs/topics/life-of-a-task.md
- https://pmc.ncbi.nlm.nih.gov/articles/PMC12041212/
- https://www.w3.org/TR/prov-overview/