Agent State Digest — Decision Provenance and Drift Detection Across Long-Running Tasks

The hardest part of long-running agent tasks isn't failure — it's the drift you don't notice until three steps after it started. As agents operate beyond single-request horizons, the gap between what the system recorded and what it actually decided and why becomes the central governance problem. Today's content, read together, makes a sharp case that the missing layer in most state schemas isn't execution data — it's the rationale layer that connects decisions to intent, and the checkpointing discipline that makes behavioral drift detectable before it becomes audit debt.


The Intent Debt

Addy Osmani's framing here deserves to land hard for anyone designing agent state schemas: intent debt is what accumulates when you record what a system did without capturing why it was authorized to do it that way. For long-running agents, this is catastrophic in slow motion — each checkpoint persists execution state faithfully while the rationale that justified a branching decision evaporates entirely. When you try to reconstruct why an agent chose a particular tool call sequence three hours into a workflow, you're left reading telemetry like tea leaves.

The piece distinguishes intent debt from technical debt deliberately: you can refactor code to pay down technical debt, but you can't reconstruct intent retroactively. This is especially acute for agentic systems because agents accumulate decision branches at runtime based on context that was ephemeral at the time — model reasoning, intermediate tool outputs, confidence thresholds crossed. None of that gets persisted unless you architect it in from the start.

What this actually demands is a state schema that treats rationale as a first-class field alongside execution data. Not a log entry. Not a trace tag. A structured field in your checkpoint that captures the goal the agent was pursuing at that decision point, the constraints it was operating under, and the reasoning that made one path preferable to another. If your checkpoint schema looks like { step, tool_called, inputs, outputs, timestamp }, you have execution state but zero provenance. Add active_goal, constraint_set, decision_rationale and you have something you can actually audit.

The practical design decision here: when you define your agent state type — whether that's a Pydantic model, a TypeScript interface, or a Java record — make the intent fields non-optional. If the agent can't populate them, that's a signal your orchestration logic isn't surfacing enough context at decision boundaries, which is itself a governance smell worth catching early.

Why this matters: Intent debt is the specific mechanism by which agentic systems become unauditable — observable at the execution layer but opaque at the governance layer — and schema design is the only point where you can intercept it before it compounds.

Source: The Intent Debt — Addy Osmani (https://addyosmani.com/blog/intent-debt/)


Unlocking Dependable Responses with Gemini Enterprise Agent Platform's Agentic RAG

Google's Agentic RAG architecture is interesting here not primarily for its retrieval accuracy gains — the 34% improvement on factuality benchmarks is headline material but not the structural insight. What's more useful for platform thinking is the explicit decomposition into role-specific agents: Orchestrator, Planner, Query Rewriter, Retriever. Each agent in that chain has a bounded responsibility, which means each one also has a well-defined state boundary. That's what makes this architecture more observable than a monolithic RAG chain — you can checkpoint the state at each role transition and know exactly which agent's decision drove the downstream behavior.

The "sufficiency check before answering" pattern is worth examining as a state management primitive. Rather than treating retrieval as a single-pass operation and propagating partial context silently, the architecture explicitly holds state at a verification gate. This is essentially a human-in-the-loop pattern applied to information completeness — the agent won't proceed until a sufficiency condition is met, which means that condition and its evaluation logic need to live in the agent's state schema, not just in the model's context window.

For multi-hop queries across fragmented enterprise data, the critical drift risk is context bleed — where retrieved context from an earlier hop starts shaping retrieval decisions in later hops in ways that weren't intended. The Planner role in this architecture exists precisely to hold the query decomposition plan as persistent state, so you can inspect whether retrieval drift is a planning failure or a retrieval failure. That separation of diagnostic surface is architecturally valuable.

The concrete takeaway: when you're designing a multi-agent pipeline that involves iterative retrieval or multi-step reasoning, model each agent's role boundary as a checkpoint boundary, and persist the plan the Planner generated at the start of a task alongside every subsequent state snapshot. If an agent's behavior drifts from the plan, you'll know whether the plan was bad or whether execution deviated — and that distinction matters enormously for governance.

Why this matters: Role-scoped agents with explicit state boundaries are not just an accuracy pattern — they're the architectural prerequisite for making behavioral drift attributable to a specific agent in a multi-agent pipeline rather than diffuse across the whole system.

Source: Unlocking Dependable Responses with Gemini Enterprise Agent Platform's Agentic RAG — Google Research (https://research.google/blog/unlocking-dependable-responses-with-gemini-enterprise-agent-platforms-agentic-rag/)


We Should Be More Tired Than the Model

Vicki Boykis is writing about the experience of agentic coding sessions, but the cognitive model she's articulating maps directly onto agent system design. She describes the problem as a dissociation between the external artifacts of work — the code that got written — and the internal process that normally builds a mental model of what was done and why. The code exists; the comprehension doesn't. For agent systems, this is the state persistence problem restated at the human layer: outputs accumulate while the reasoning that produced them goes unrecorded.

There's a specific engineering concern buried in here around long-running agentic coding assistants. When an agent session runs across multiple hours and many tool calls, the agent's working memory — its context window — is doing work that should be externalized into persistent state. The model is carrying reasoning forward in-context, which means if the session is interrupted, replayed, or handed off to a different model invocation, that reasoning is gone. What the human engineer sees is code artifacts; what they can't see is the decision thread that produced them.

Boykis frames this as a memory taxonomy problem: short-term, working, and long-term memory each play a role in how humans maintain comprehension during complex tasks. The parallel for agent systems is that your state schema needs to map to this same taxonomy deliberately — ephemeral context, active working state for the current task horizon, and durable long-term facts that persist across sessions. Collapsing all three into a single checkpoint format creates a schema that's technically complete but cognitively unreadable when you try to audit it.

The design decision this points at: treat session-scoped working state and durable task state as separate schema concerns from the start. Don't wait until a long-running agent produces an unexpected output to ask why you can't reconstruct its reasoning. If your checkpoint schema doesn't distinguish "what the agent knew at this step" from "what the agent concluded from what it knew," you will accumulate the cognitive debt Boykis is describing at the system level.

Why this matters: The same comprehension loss that happens to engineers in long agentic coding sessions happens to the systems they build — and treating working memory and durable state as the same schema field is the architectural decision that makes it inevitable.

Source: We Should Be More Tired Than the Model — Vicki Boykis (https://vickiboykis.com/2026/05/28/we-should-be-more-tired-than-the-model/)


My AI Couldn't See My Files — I Built a Zero-Dependency MCP Server

The zero-dependency MCP server built here is a narrow solution to a real friction point — AI tools that can't access project context without manual copy-paste — but what it illustrates for platform design is more interesting than the implementation itself. The author's stdio-to-HTTP/SSE dual-mode transport design means the same server works for a single local session (stdio, no concurrency overhead) and for multi-client scenarios (HTTP/SSE with proper isolation) by flipping a flag. That's a clean example of building context infrastructure that scales with usage patterns without requiring a rewrite.

From a state management perspective, MCP servers that expose file system or project context are effectively injecting external state into the agent's working context at tool call time. The question that matters for long-running tasks is: when does that injected context become stale, and does the agent know? If an agent calls a file-reading tool at step 2 and again at step 47 of a long workflow, and the file changed between those calls, the agent's internal state may be holding two conflicting versions of the same fact. That's a drift vector that tool-level observability needs to handle explicitly.

The under-50ms latency across five concurrent clients is notable not for its impressiveness but for what it signals about the cost floor of adding context injection to agent tool calls. If well-built context tooling comes in under 50ms, there's no serious argument for skipping tool-level state capture in checkpoints. The latency cost of recording what context was injected, from where, and at what version is negligible relative to the observability value.

The concrete pattern here: any tool that injects external state — files, database reads, API responses — should emit a context provenance record as part of the tool's output contract, not as an optional metadata field. That record becomes part of the agent's checkpoint at that step, making it possible to detect when behavioral drift correlates with a specific context injection rather than a model reasoning change.

Why this matters: Tools that inject external context into agent working state are silent drift vectors unless the tool output schema explicitly captures what was injected, from where, and when — and that's a governance concern that lives in the tool interface contract, not the agent orchestration layer.

Source: My AI Couldn't See My Files — I Built a Zero-Dependency MCP Server — Towards Data Science (https://towardsdatascience.com/my-ai-couldnt-see-my-files-i-built-a-zero-dependency-mcp-server/)


How Endava Is Redesigning Software Delivery Around AI Agents

The source content here is gated, but the signal worth engaging with is the organizational pattern: Endava isn't adding AI to their existing delivery process, they're redesigning the delivery process around agent capabilities. That framing shift matters for state management because it changes what counts as a checkpoint boundary. In a human-driven delivery process, checkpoints are naturally defined by handoffs between people. When you replace those handoffs with agent-to-agent transitions, you've removed the implicit state synchronization that happened when a human picked up work and asked "what's the context here?" Agents don't ask that question unless you build the asking into the architecture.

What typically breaks in enterprise AI agent deployments isn't the model quality — it's the assumption that agent state is self-explanatory to the next step in the pipeline. Human delivery teams built up a lot of informal context-passing through code review comments, PR descriptions, Jira tickets, and Slack threads. When you automate the work but not the context-passing, you get agents that produce correct outputs in isolation and incoherent pipelines in aggregate.

The redesign-around-agents framing also implies that Endava's teams need to make architectural decisions about which parts of the delivery process require human review at state boundaries and which don't. That's a human-in-the-loop design question that can't be answered after the pipeline is built — it needs to be encoded in the state schema and the checkpoint triggers from day one.

The practical takeaway: if you're building agent pipelines that replace human handoffs in a delivery process, map each former handoff point explicitly and decide whether it becomes an automated checkpoint, a human review gate, or a supervisor escalation trigger. Defaulting to fully automated transitions because "the agent can handle it" is how you end up with pipelines that are fast but unauditable.

Why this matters: Redesigning delivery workflows around agents eliminates the informal context-passing that human handoffs provided — and without explicit checkpoint discipline at those former boundaries, you're trading auditability for throughput without knowing the exchange rate.

Source: How Endava Is Redesigning Software Delivery Around AI Agents — OpenAI (https://openai.com/index/endava-frontiers)


How to Work and Compound with AI

Eugene Yan's core claim — context is infrastructure — is the most directly applicable framing in today's set for agent state schema design. He's describing his own practice: structured directories, annotated INDEX.md files, session-scoped CLAUDE.md onboarding documents, and a memory layer that persists critical facts to disk separately from transient session data. Strip away the personal productivity framing and what he's built is a manually-operated version of what a well-designed agent state schema should do automatically.

The separation he enforces between project facts in ~/vault and transient session data is the same distinction that Boykis was pointing at through the cognitive memory lens — and it's the same schema concern that makes long-running agent checkpoints either useful or noisy. If your checkpoint captures everything at the same fidelity level, you're making the consumer of that checkpoint — whether it's a human auditor, a supervisor node, or a replay mechanism — do the classification work that should have been done at write time.

Yan's CLAUDE.md pattern is essentially a structured context primer that travels with the work — not the work itself, but the frame through which the work should be interpreted. For multi-session agent workflows, this pattern points at a durable task context record: a structured document that captures the original intent, the constraints in scope, and the decisions already made and why, which gets updated at each meaningful checkpoint rather than reconstructed from scratch at each resume point.

The concrete design pattern here: maintain a task-level context record as a distinct schema object from your step-level checkpoint records. The task record holds intent, constraints, and cumulative decisions; the step records hold execution state. When you need to audit behavioral drift, you compare step records against the task record — not against each other — and the task record tells you whether the drift was a violation of intent or a legitimate adaptation to changed conditions.

Why this matters: Treating context as infrastructure means the task-level intent document is not documentation added after the fact — it's a live governance artifact that agent orchestration reads and writes, making it the primary instrument for detecting when an agent has drifted from its original authorization scope.

Source: How to Work and Compound with AI — Eugene Yan (https://eugeneyan.com//writing/working-with-ai/)


Why We Think

Lilian Weng's survey of test-time compute and chain-of-thought research is dense, but the piece most relevant to long-running state management is what she surfaces about the relationship between visible reasoning traces and actual model behavior. Extended thinking — the kind that happens in reasoning models when you give them more compute budget at inference time — produces chains of thought that look like decision provenance but aren't reliably so. The model's visible scratchpad is not always an accurate trace of what drove its output.

This is a significant problem for anyone designing agent state schemas that treat chain-of-thought output as the rationale field. If you're capturing CoT traces as your decision provenance record, you may be capturing post-hoc rationalization rather than actual decision logic — and you won't know the difference from the trace alone. That's not a reason to discard CoT entirely, but it's a strong reason not to treat it as a sufficient audit trail without additional signals.

The test-time compute angle connects to behavioral drift in a specific way: when an agent's inference budget changes — due to cost controls, model version updates, or dynamic throttling — its visible reasoning behavior changes in ways that may not correlate cleanly with output quality changes. An agent running at reduced compute may produce shorter, sparser reasoning traces that look like drift in your observability tooling even when the outputs remain correct. Schema design needs to capture compute budget as a first-class field alongside the reasoning trace, so you can distinguish reasoning compression from reasoning degradation.

The precise design implication: if you're using a reasoning model in any step of a long-running agent pipeline, your checkpoint schema for that step should include the inference parameters (temperature, thinking budget, model version) alongside whatever reasoning trace you capture. Without that, your behavioral drift detection is comparing outputs across different computational conditions and may generate false positive drift signals every time you roll a model update or adjust cost controls.

Why this matters: Reasoning traces produced by test-time compute models are governance artifacts with known reliability limitations — using them as primary provenance records without capturing the inference conditions that shaped them is a specific and avoidable observability gap in agent state schemas.

Source: Why We Think — Lilian Weng (https://lilianweng.github.io/posts/2025-05-01-thinking/)


Trend Signals

  • Intent as a schema primitive, not documentation. Multiple pieces today — Osmani on intent debt, Yan on context infrastructure, Boykis on cognitive memory loss — converge on the same gap: systems record execution without recording authorization scope. The field is starting to name this precisely, which usually precedes tooling and standards for addressing it. Expect structured intent fields in agent state schemas to become a de facto governance requirement in the next generation of platform frameworks.
  • Role-scoped agents as the unit of observability. Google's Agentic RAG decomposition and the Endava delivery redesign both reflect a pattern where multi-agent pipelines become observable by aligning agent boundaries with diagnostic boundaries. The trend is away from monolithic chains where drift is hard to attribute, toward role-scoped agents where you can ask "which agent's decision caused this?" and get a meaningful answer.
  • Context injection as a first-class governance concern. The MCP server piece and Yan's context-as-infrastructure framing both point at a maturing recognition that what agents receive as context is as important to govern as what they decide. Tool interfaces that inject external state without provenance records are becoming a recognized audit liability — the tooling ecosystem will start reflecting this.
  • Reasoning trace reliability as an open problem. Weng's survey surfaces something the field hasn't fully reckoned with yet: chain-of-thought traces from reasoning models are unreliable as primary provenance records. As reasoning models proliferate in agentic pipelines, the gap between "visible reasoning" and "actual decision logic" will force schema designers to treat CoT as a supplementary signal rather than a ground truth — which has direct implications for audit trail design.
  • Memory taxonomy as schema architecture. The short-term / working / long-term memory distinction that Boykis uses to describe human cognition is increasingly being applied to agent state design as a practical schema concern — not as metaphor, but as a separation of concerns that determines what gets checkpointed, at what granularity, and for how long.

What to Actually Do With This

If you take one thing from today's set and apply it this week: audit your existing agent state schema — or design a new one — against three explicit layers. First, execution state: what happened, what tools were called, what outputs were produced. Most schemas already capture this. Second, working context: what the agent knew at each decision point, including what external context was injected and from where. Most schemas partially capture this but collapse it into execution logs rather than keeping it queryable. Third, task-level intent: the goal, constraints, and authorization scope the agent was operating under when each decision was made — including any updates to those as the task evolved. Almost no schemas capture this, and it's the layer that makes behavioral drift detectable as a policy violation rather than just an anomaly. Start with the intent layer first, because it's the one that can't be reconstructed retroactively — and it's the one that will determine whether your audit trail is useful or just expensive storage.