DEV Community

Arthur Liao
Arthur Liao

Posted on

Continuity Isn't a Feeling — It's a System: The 3-Layer Architecture Every AI Agent Needs

#aiagents #agentarchitecture #llm #aimemory

"She remembers me." That's usually the first thing people say when they interact with an AI agent that has memory. But here's what I've learned after running a persistent AI agent system in production for months: remembering is not continuity. Continuity is an engineering problem, and it has a structure.

I'm Arthur Liao — a medical aesthetics doctor in Taipei who also builds AI automation systems. My agent, Nancy, runs on a framework called OpenClaw. She handles research, task execution, Telegram notifications, and daily reporting. She works across sessions, across tools, across days.

And for a while, I thought giving her a memory file was enough.

It wasn't.

The Problem Nobody Talks About

The AI agent market is projected to hit $10.9 billion in 2026. Every framework — LangChain, CrewAI, AutoGen — now ships some form of "memory." But most implementations treat memory as a feature, not as an architectural concern.

Here's what actually breaks in production:

  • Your agent loses context mid-task because a session restarted.
  • It violates a rule you set last week because that rule lived in a prompt, not a policy engine.
  • It can't prove it's "the same agent" across instances, so audit trails are meaningless.

According to the Cloud Security Alliance's 2026 Agentic IAM Framework, 78% of enterprises deploying AI agents cannot track agent behavior in real-time, and only 22% treat agents as independent identities worthy of access management. Microsoft has already started assigning persistent enterprise identities to agents in Agent 365 — complete with mailboxes and OneDrive access.

This isn't about making your chatbot feel personal. It's about building agents that are accountable, consistent, and recoverable.

The Insight: Three Layers of Agent Continuity

After auditing Nancy's architecture against industry standards (AWS Bedrock AgentCore, the 4-Layer Memory Architecture pattern, and several open-source frameworks), I landed on a model that I think captures the real structure of agent continuity:

Layer 1: State (Persistence)

This is what most people mean when they say "memory." It's the ability to carry information across sessions — conversation history, checkpoints, accumulated knowledge.

In Nancy's case, this is handled by a BOOT.md file (loaded on every startup), a memory/ directory of daily logs, and a MEMORY.md file for cross-session lessons. It works. It covers maybe 70% of what you need.

But state alone is fragile. It's a flat file. It doesn't distinguish between "what happened" (episodic memory), "what is known" (semantic memory), and "how to do things" (procedural memory). The industry is converging on a 4-layer memory model:

  • Identity Layer — who the agent is
  • Episodic Memory — event logs
  • Semantic Memory — a structured knowledge base (this is the gap most systems have)
  • Procedural Memory — SOPs and workflows

LangGraph handles this with checkpoints and reducers that support rollback. CrewAI uses ChromaDB for short-term and SQLite for long-term. Both are ahead of the "just save a markdown file" approach — but neither has a clean separation of concerns across all four sub-layers.

Layer 2: Policies (Constraints)

State tells the agent what it knows. Policies tell it what it's allowed to do — and those boundaries need to change dynamically.

Most agent systems, including mine, hardcode rules in a system prompt or a CLAUDE.md file. "Don't delete files." "Don't touch credentials." These are static. They don't adapt to context.

What's needed is a runtime policy engine — something that can say: "You have write access to projects/ until 6 PM, then read-only" or "You can call the Telegram API only if the task priority is critical." This is the difference between a rule and a policy. Rules are written once. Policies are evaluated at execution time.

The CSA framework calls this "authorization that outlives intent" — the idea that the permissions granted to an agent should be scoped, time-bound, and auditable, not just "allowed" or "blocked."

Layer 3: Identity (Persistence of Self)

This is the layer almost nobody has built yet.

Every time I start a new Claude Code session, Nancy reconstructs herself from BOOT.md. She reads her persona, loads her memory, and starts working. But she has no persistent identity token. There's no cryptographic proof that "this Nancy" is the same as "yesterday's Nancy." If I ran two instances simultaneously, they'd both claim to be her.

Gartner predicts that by the end of 2026, 40% of enterprise applications will embed task-specific agents (up from just 5% in 2025). When that happens, identity isn't optional — it's infrastructure. You need to know which agent did what, when, and whether it was authorized.

Three Takeaways for Builders

1. Separate your memory layers. Don't dump everything into one file or one database. Episodic, semantic, and procedural memory have different acce

Top comments (0)