Deep-Dives

The Agent Design-Pattern Landscape

Why architecture is a reliability lever, and the five axes that compare every pattern.

ReAct — Interleaving Reasoning and Acting

The workhorse tool loop: control flow, why interleaving wins, and the failure modes at scale.

Plan-and-Execute — Decompose, Then Run

Planner/executor split, replanning strategies, and when the up-front plan becomes a liability.

Reflection — Verify, Critique, Revise

Self-refine vs Reflexion, why the external signal is everything, and when self-critique hurts.

Search Strategies — Branching Over Trajectories

Best-of-N, self-consistency, tree/graph-of-thought: the cost regime and the scorer dependency.

Routing & Dispatch — Selection, Fan-out, Parallelism

Classifier vs tool-call routing, parallel fan-out, and the failure modes of the routing layer.

Tool-Use Loops & Error Recovery

The failure taxonomy, layered recovery, error-messages-as-prompts, and side-effect durability.

Single-Agent vs. Multi-Agent Orchestration

Real reasons to split, supervisor/worker vs hand-off, the coordination tax, and a decision framework.

Why Interop Matters: The M×N Problem

How connecting M agents to N systems by hand explodes, and why a protocol layer is the structural fix.

Tool Calling Standards: JSON Schema

The universal declare/select/execute/return contract, the portable JSON Schema core, and where providers differ.

MCP: Hosts, Clients, Servers

The Model Context Protocol participant model, resources/tools/prompts, JSON-RPC lifecycle, and transports.

Agent-to-Agent Communication

Delegating to opaque peer agents: Agent Cards, tasks, messages, artifacts, and long-running work.

Structured Tool I/O & Validation

Input and output as two trust boundaries: structural-then-semantic validation, and why typed output is still untrusted.

Capability Discovery & Negotiation

Runtime discovery, feature-test version negotiation, and why discovery describes ability not permission.

Building an Interoperable Agent

Comparing tool calling, MCP, and A2A; a decision rule and one normalised registry architecture.

Engineering the Context Window

Treat the finite window as a budgeted resource: per-category token budgets, position-aware ordering, and utilization metrics.

Short-Term vs Long-Term Memory

The in-prompt working set vs the external store: what earns a slot, when to write, when to recall, and the promotion/demotion cycle.

Memory Types: Episodic, Semantic, Procedural

Three durable memory kinds plus the scratchpad, each written and retrieved differently; reflection promotes episodes to semantics.

Retrieval-Augmented Memory

Recall as retrieval: state-derived cues, relevance+recency+salience scoring, threshold-before-truncate, and provenance-tagged rendering.

Context Compaction & Hierarchical Memory

The compaction ladder, task-structured summarization, MemGPT-style tiering, pressure-triggered hysteresis, and verifying lossy compaction.

Memory Stores: Vector, KV, Graph & Eviction

Match backend to memory kind, a unified interface, why unbounded stores rot retrieval, and decay/eviction policies.

Evaluating Memory Quality

Memory-specific metrics (recall@k, staleness, constraint survival, write precision) and the pitfalls they catch: poisoning, staleness, drift, compaction amnesia.

Advanced RAG Architectures

The naive→modular→agentic RAG spectrum and the levers that matter — CRAG, Self-RAG, query transformation, fusion, reranking — all attacking the same garbage-in/confident-wrong-out failure.

GraphRAG & Multi-Hop Retrieval

Why flat top-k RAG cannot answer thematic or relational multi-hop queries, how Microsoft GraphRAG and iterative retrieve-reason loops solve it, and the cost/staleness heuristic for when not to.

The Agentic Threat Model

Why autonomy and tool use widen the attack surface, and the four channels attacker-influenced text reaches an agent.

Prompt Injection: Direct & Indirect

How prompt injection works, why no clean fix exists, and the layered defense pattern for defenders.

Data Exfiltration & Tool Misuse

The confused-deputy pattern in agents: exfiltration sources, hidden sinks, and how to cut the chain.

Guardrails: Filtering, Sandboxing & Scoping

Probabilistic vs deterministic guardrails and how to layer input, output, sandbox and capability controls.

Human-in-the-Loop & Least Privilege

Bounded autonomy by design: least privilege as default and consequence-based approval gates.

Red-Teaming & Safety Evaluation

Adversarial testing of agents as a repeatable, outcome-graded pipeline gate, not a one-off session.

Alignment Basics: Intent & Oversight

Instruction-following vs intent, reward hacking, and scalable oversight as the practical builder lever.

The Pre-Ship Safety Review

A practical, fail-closed-first deployment checklist including MCP/third-party supply-chain trust.

RAG Pipeline Security

Why retrieved context is untrusted input that skipped the guard — corpus poisoning, indirect injection, embedding leakage, and the trust-boundary design that contains them.