How to Build a customer support Agent Using AutoGen in TypeScript for lending

A lending support agent handles borrower questions about applications, repayment schedules, payoff quotes, document status, and basic policy guidance. It matters because support in lending is not just customer service; it touches compliance, auditability, and regulated data handling every time the agent responds.

Architecture

• •

  Chat frontend or API gateway

  • •Receives borrower messages from web, mobile, or internal support tools.
  • •Attaches tenant, loan application ID, and locale metadata.
• •

  Conversation orchestrator

  • •Uses AutoGen to route the request between a support agent and optional tool-executing agents.
  • •Keeps the conversation bounded to lending support tasks.
• •

  Tool layer

  • •Exposes functions like getLoanStatus, getPaymentHistory, generatePayoffQuote, and createSupportTicket.
  • •Enforces authorization before any data access.
• •

  Policy and compliance guardrail

  • •Blocks disallowed advice like underwriting decisions or legal promises.
  • •Redacts sensitive fields and logs every tool call for audit.
• •

  LLM client configuration

  • •Connects AutoGen to your model endpoint.
  • •Must be configured for data residency requirements if borrower data cannot leave a region.
• •

  Audit and observability pipeline

  • •Stores prompts, tool calls, responses, and moderation outcomes.
  • •Needed for dispute handling and regulator review.

Implementation

1. Install AutoGen for TypeScript and define your lending tools

Use the TypeScript AutoGen package that exposes AssistantAgent, UserProxyAgent, and tool registration. Keep tools narrow; the agent should answer support questions, not make credit decisions.

npm install @autogenai/autogen openai zod

import { AssistantAgent, UserProxyAgent } from "@autogenai/autogen";
import { z } from "zod";

type LoanStatus = {
  loanId: string;
  state: "pending" | "approved" | "active" | "past_due" | "closed";
  nextDueDate?: string;
};

const loanIdSchema = z.string().min(8);

async function getLoanStatus(loanId: string): Promise<LoanStatus> {
  loanIdSchema.parse(loanId);

  // Replace with your secured lending service call
  return {
    loanId,
    state: "active",
    nextDueDate: "2026-05-01",
  };
}

async function getPayoffQuote(loanId: string): Promise<{ amount: number; validUntil: string }> {
  loanIdSchema.parse(loanId);

  return {
    amount: 18452.33,
    validUntil: "2026-04-30",
  };
}

2. Create an assistant agent with strict lending instructions

The important part is the system message. It should keep the model in support mode, require escalation on regulated topics, and avoid hallucinating policy details.

const assistant = new AssistantAgent({
  name: "lending_support_agent",
  systemMessage: `
You are a customer support agent for a lending company.

Rules:
- Answer only support questions about applications, payments, due dates, payoff quotes, document status, and account navigation.
- Never make credit decisions or promise approval.
- Never provide legal or tax advice.
- If asked about disputes, complaints, hardship programs, or adverse action reasons, escalate to a human agent.
- Use tools only when you have a verified loan ID.
- Do not expose full SSNs, bank account numbers, or internal scoring data.
`,
});

3. Register tools and wire up a user proxy for controlled execution

AutoGen’s UserProxyAgent is useful as the execution boundary. In production you usually replace its manual approval flow with your own service layer that validates identity before calling tools.

const userProxy = new UserProxyAgent({
  name: "support_operator",
});

assistant.registerFunction({
  name: "get_loan_status",
  description: "Fetch current loan status for a verified loan ID.",
  parameters: z.object({
    loanId: z.string(),
  }),
}, async ({ loanId }) => {
  return await getLoanStatus(loanId);
});

assistant.registerFunction({
  name: "get_payoff_quote",
  description: "Fetch a payoff quote for a verified loan ID.",
  parameters: z.object({
    loanId: z.string(),
  }),
}, async ({ loanId }) => {
  return await getPayoffQuote(loanId);
});

4. Run a bounded conversation loop

This pattern keeps the agent focused on one task and makes it easier to log every turn. Add your own authentication check before starting the chat.

async function handleSupportRequest(message: string) {
  const result = await assistant.initiateChat(userProxy, {
    message,
    maxTurns: 4,
    summaryMethod: "last_msg",
    clearHistory: true,
  });

  return result.chatHistory[result.chatHistory.length - 1]?.content ?? "";
}

(async () => {
  const response = await handleSupportRequest(
    "My loan application is approved? My loan ID is LN12345678."
  );

  console.log(response);
})();

Production Considerations

• •

  Deployment boundary

  • •Keep the agent in a private service behind auth.
  • •For lending data residency requirements, run the model endpoint in-region or use an approved private deployment.
• •

  Monitoring

  • •Log prompt version, tool calls, response text, latency, and escalation reason.
  • •Track how often the agent answers without tools versus when it needs account lookups.
• •

  Guardrails

  • •Add PII redaction before logs are written.
    • •Mask SSNs, account numbers, phone numbers, and email addresses where possible.
    • •Block requests that ask for underwriting rationale or adverse action explanations unless routed to humans.
• •

  Human handoff - Escalate disputes about fees, payment allocation errors, fraud claims, hardship requests, and regulatory complaints. - Preserve conversation context so an agent can continue without re-authentication loops.

Common Pitfalls

1. •

   Letting the model answer beyond support scope

   • •The most common failure is turning a support bot into an unofficial lender representative.
   • •Fix this with strict system instructions plus server-side intent checks before any response is returned.
2. •

   Calling backend systems without identity verification

   • •A borrower asking “what’s my payoff quote?” is not enough authorization by itself.
   • •Require verified session identity and matched loan/account ownership before any tool call runs.
3. •

   Logging raw sensitive data

   • •Teams often ship good chat logs into observability tools and accidentally store PII.
   • •Redact at ingestion time and keep audit logs separate from analytics logs.
4. •

   Ignoring compliance boundaries in generated text

   • •The model may phrase something like “you qualify” or “your approval is guaranteed.”
   • •Post-process responses with policy checks that reject claims about eligibility or legal commitments before sending them to users.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.