A prototype AI agent can often be described in one diagram: a model receives a prompt, calls a few tools, and returns an answer.

A long-running autonomous system is different. It may operate for hours or days. It can open subprocesses, exchange messages with other workers, accumulate conversation history, retrieve prior knowledge, create summaries, update business records, use paid model capacity, control a browser, and leave behind durable work products.

At that point, the central data question is no longer simply:

What should we store?

It becomes five separate questions:

What happened? What did it mean? What remains true? What is useful now? What can be restored?

Those questions lead to different data products with different owners and lifecycles. A tool event is valuable for runtime observation, but it is not automatically useful long-term memory. A customer email can be both a semantic message and a business obligation, but those records have different authority. A summary can be useful working context while remaining a disposable derivation of exact source material. A Git commit can restore code while leaving a live database, browser profile, or job queue unchanged.

Across several generations of autonomous-system infrastructure, we found that the most useful design is not one universal “agent memory” database. It is a typed architecture that separates operational truth, semantic memory, business state, derived working context, and recovery custody—while linking them through stable identities.

This article explains that architecture and the practical patterns we used to make long-running systems easier to operate, inspect, compress, and recover.


The Four Data Planes of an Autonomous System

The cleanest starting point is to separate four planes of state.

Four distinct data planes for long-running autonomous systems

Figure 1. Long-running autonomy becomes easier to reason about when operational events, semantic memory, business state, and recovery custody remain distinct.

1. The operational plane: what the system did

This plane records observable runtime behavior:

  • model and tool events;
  • process lifecycle;
  • thread and turn events;
  • token and cost observations;
  • command execution;
  • browser actions and receipts;
  • daemon and host health;
  • queue state;
  • raw append-only runtime logs.

These records support replay, debugging, cost attribution, liveness checks, and operator supervision. They are often high-volume and highly specific to the runtime.

They are useful because they tell us what the system actually did—not merely what the final answer claimed happened.

2. The semantic plane: what the work meant

This plane contains meaning-bearing units suitable for durable memory and later reasoning:

  • user instructions;
  • final model responses;
  • explicit communications between autonomous workers;
  • directives and work results;
  • messages and message blocks;
  • durable constraints and identity;
  • segments and multiscale summaries;
  • exact source-coverage relationships.

Admission into this plane should be semantic. A record does not become memory simply because it contains a text field or arrived through a message-shaped wrapper.

A command transcript may be operationally important while remaining irrelevant to future reasoning. Conversely, a brief human correction may deserve long-term retention because it changes the system’s future behavior.

3. The business plane: what remains true in the domain

The business plane represents domain facts and obligations:

  • customer conversations and requests;
  • current deliverables;
  • task completion and delivery state;
  • application attempts and outcomes;
  • publication status;
  • contracts, orders, or account state;
  • externally verified receipts;
  • revenue-bearing or customer-facing outcomes.

These records should retain domain ownership. An email transport can prove that a message was sent. It should not redefine whether the customer’s request was fulfilled. A browser runtime can prove that a form was submitted. It should not become the authoritative model of the business process that submission represents.

4. The custody and recovery plane: what can be restored

This plane sits outside the autonomous system’s semantic authority. Its job is to make mutable reality recoverable.

It may own:

  • data-object inventory;
  • durable backing locations;
  • live database versions;
  • repository snapshots;
  • process and runtime-namespace custody;
  • rollback plans;
  • cleanup scopes;
  • restore verification;
  • current operational manifests.

This separation is powerful because it allows an outside control layer to observe, capture, stop, restore, and verify a system without becoming the owner of the system’s memory or business judgment.


One Event Can Produce Several Legitimate Records

The planes are separate, but they are not isolated.

Consider a customer email asking for a software correction.

That one event may produce several linked records:

One inbound event producing linked transport, semantic, business, work, and delivery records

Figure 2. One source event can create several linked data products without those products becoming interchangeable.

The transport receipt answers: Did we receive it?

The semantic message answers: What was said?

The business request answers: What obligation now exists?

The work assignment answers: Who is responsible, and what should be produced?

The delivery record answers: Was the requested result actually delivered?

Collapsing these into one generic message table hides the distinctions that matter most during autonomous work. Linking them through stable identities preserves both simplicity and accountability.

This same pattern appears across many domains:

  • a model response can be an operational event, a semantic result, and a candidate source for a summary;
  • a browser action can be a tool event, an external-effect receipt, and a step in a business workflow;
  • a code change can be a repository artifact, a trial result, and a deliverable under review;
  • a summary can be a semantic unit, a coverage node over source material, and an ingredient in a later context build.

The architecture should allow one source event to participate in several meanings while preserving one owner for each meaning.


Why Every Agent Event Should Not Become Memory

Long-running agents generate a tremendous number of events. Tool calls, shell commands, streaming deltas, status notifications, retry records, and subtask updates are valuable to operators. Most are not useful as durable conversational memory.

A reliable system therefore needs an admission boundary.

Classification boundary for operational, semantic, communication, business, and quarantined events

Figure 3. The admission boundary preserves operational visibility while keeping durable memory semantically useful.

A practical classifier can consider:

  • event method;
  • actor role;
  • semantic kind;
  • evidence class;
  • whether the event is a final response or a stream fragment;
  • whether it represents communication;
  • whether it has business-domain meaning;
  • whether the record is complete enough to materialize.

We used this approach to preserve high-fidelity audit and watch streams while keeping durable memory focused on human instructions, explicit communications, final responses, and meaningful work results.

That separation improved several downstream operations at once:

  • summary inputs became cleaner;
  • long-term retrieval became more relevant;
  • active working context contained fewer low-value runtime details;
  • operator tools retained complete command and process visibility;
  • business workflows could rely on domain-specific records rather than interpreting raw tool logs.

The principle is broader than agents:

Operational visibility and durable knowledge are different products. A mature system should support both without forcing them into the same semantic table.


A Context Window Is a Compiled Data Product

Once semantic memory is available, the next challenge is deciding what should be visible to the model now.

A context window should not be assembled by concatenating the top search results. It should be compiled under a policy.

In one implementation, context policy was represented as configuration rather than hard-coded prompt logic. A policy could declare:

  • pinned material for a role, task, or worker;
  • candidate sources;
  • selection strategies and their weights;
  • synthetic summaries or constraints;
  • total token budget;
  • per-source and per-session limits;
  • required and forbidden tags;
  • coverage behavior;
  • the number of source exemplars retained under a summary.

That allowed the same context-building engine to serve several kinds of autonomous work while preserving distinct policies.

Multi-stage context compilation under relevance, diversity, and token budgets

Figure 4. Context assembly is a multi-pass compilation process with explicit policy, budgets, coverage, and a receipt.

Gatherers: where candidates come from

Candidate sources can include:

  • hybrid lexical and semantic search;
  • pinned role or task material;
  • recent sessions;
  • prior compacted context;
  • synthetic summaries;
  • prior decisions;
  • current planning notes;
  • active business obligations.

Each source can have its own cap so that one high-volume namespace does not overwhelm the rest of the context.

Selectors: different ways to value a candidate set

A selector may optimize for different goals:

  • greedy packing under a token budget;
  • top-k relevance;
  • knapsack-style value-per-token selection;
  • diversity across sessions or namespaces;
  • exact inclusion of pinned requirements;
  • recency-aware ranking.

Rather than forcing one universal algorithm, selectors can produce proposals that are fused into a final score or rank.

Constructors: creating higher-value context

The pipeline can also synthesize new context units from selected source material:

  • a compact task recap;
  • a set of constraints or invariants;
  • an identity and authority frame;
  • a summary of a prior session;
  • a concise decision record.

These synthetic units should retain provenance and exact coverage relationships to their source material.

Coverage-aware compression

One of the most useful patterns is the covers relationship.

If a selected summary exactly covers several lower-level chunks, the finalizer can omit the covered chunks while retaining:

  • pinned source material;
  • one or more exemplars;
  • exact expansion handles.

This reduces context duplication without losing the route back to the source.

Long-range summary
    ├── exact medium-range child
    │       ├── exact short-range child
    │       │       └── exact source messages
    │       └── exact short-range child
    └── exact medium-range child

Compression becomes reversible. The model can begin with a concise overview and expand only the branch needed for the current task.

Receipts make context inspectable

A context-build receipt can record:

  • policy identity;
  • candidate-source counts;
  • selector proposals;
  • final selected identities;
  • token estimates;
  • pinned material;
  • coverage decisions;
  • omitted source identities;
  • summary or synthesis provenance.

That makes prompt construction observable. When an autonomous system behaves unexpectedly, an operator can inspect not only the model trace, but also the exact context build that shaped the model’s decision.


Immutable Sources, Derived Views, and Rebuildable Context

Another durable pattern is the separation between source records and current projections.

A long-running system benefits from three layers:

  1. Immutable or versioned source records — events, messages, communications, business facts, artifacts, versions.
  2. Derivations — summaries, scores, classifications, links, review decisions, context builds.
  3. Replaceable projections — dashboards, active working context, reports, current manifests, operator packets.

Rebuildable current views derived from immutable source records

Figure 5. Current views should be disposable because they can be regenerated from durable source records and versioned derivations.

This model offers several advantages.

Current state can be compact

An operator dashboard does not need to contain every event. It can show the current run state, latest meaningful progress, cost window, active obligations, and next intervention point.

History remains trustworthy

Rebuilding a dashboard does not rewrite the event history. A new summary does not erase the messages it covers. A current manifest can change without changing the stable declaration of what data the system owns.

Projections can have service-level indicators

Because projections are explicit products, they can be monitored:

  • How far behind is the current view?
  • Which source records lack a materialized projection?
  • Does every summary have valid coverage links?
  • Is the active context based on the current generation?
  • Can the view be rebuilt deterministically?

We used SQL-driven projections with freshness measurements, provenance checks, invariants, and automated acceptance gates. That turned “current memory” from an informal file into an operated data product.

One projection owner reduces drift

Several renderers may contribute, but one transaction should own the rebuild. This prevents migrations, pollers, runtime bridges, and helper commands from independently rewriting the same current view with slightly different assumptions.


Business Truth Should Stay With the Business Domain

Autonomous systems often interact with the external world through email, browser automation, publishing APIs, customer records, and workflow systems.

A common temptation is to place every external event into the memory layer and let the agent infer what it means later. That loses domain structure.

A better model keeps transport, semantic memory, and business meaning distinct.

Consider a completed technical task that must be sent to a customer:

work result created              implementation truth
result reviewed                  quality decision
customer delivery drafted       communication intent
outbound message sent            transport truth
customer thread updated          conversation truth
obligation marked delivered      business truth

Each step is useful. None is a substitute for the others.

This separation enables stronger automation:

  • exactly-once outbound delivery;
  • correct reply-thread continuity;
  • clear distinction between task completion and customer delivery;
  • explicit review before a deliverable becomes externally visible;
  • independent retry of transport without duplicating the business action;
  • durable business status even if a browser or mail adapter changes.

The same pattern applies to content publication, job applications, purchasing, customer onboarding, and support workflows.

The general rule is:

Transport owns transmission. Tools own mechanics. Domain systems own meaning. Working memory receives a useful representation, not authority over the business fact.


Why Git Rollback Is Not Data Rollback

Source control is excellent at restoring repository state. Long-running autonomous systems also mutate state outside the repository:

  • live SQLite databases;
  • queues;
  • browser profiles;
  • generated artifacts;
  • runtime namespaces;
  • process groups;
  • uploaded or published state;
  • local reference data;
  • caches and indexes with different rebuild costs.

A complete recovery model therefore separates code versions from data versions and composes both into one rollback plan.

Coordinated recovery across code, mutable data, processes, and runtime namespaces

Figure 6. Recovery is a composition across code, mutable data, processes, and runtime namespaces.

Data maps and current manifests serve different purposes

A stable data map should declare:

  • what an object represents;
  • who owns it;
  • where it normally lives;
  • whether it is durable, ephemeral, derived, or rebuildable;
  • its capture and restore policy;
  • explicit exclusions.

A current manifest should report:

  • which concrete paths exist now;
  • their size and freshness;
  • which declared objects are missing;
  • which observed objects are undeclared;
  • which items are stale, suspicious, or removable.

The map is architectural. The manifest is observational.

Keeping them separate allows the filesystem and runtime to change without rewriting the conceptual ownership model every time a new run directory appears.

Live SQLite requires database-aware capture

A live database should not be treated as an ordinary file copy.

A safer versioning transaction can:

  1. open the source database with an appropriate busy timeout;
  2. use SQLite’s backup API;
  3. clear stale staged journal, shared-memory, and WAL sidecars;
  4. run PRAGMA integrity_check on the captured version;
  5. store a manifest describing the capture method and result;
  6. restore into the declared target;
  7. verify the restored state.

We used this pattern to capture a live database, change the source, restore the named version, and verify that the prior data returned correctly.

Rollback can be data-only

Not every recovery requires a code reset. A code version may remain correct while a mutable data object needs restoration.

Supporting data-only recovery makes incident response more precise and reduces unnecessary disruption.

Exclude ephemeral ownership artifacts

Not every file under a durable-looking directory belongs in a snapshot. Lock files, leases, process markers, browser singleton ownership, and other active runtime artifacts may need to be recreated rather than restored.

A capture policy should distinguish:

  • durable source truth;
  • mutable authoritative data;
  • rebuildable indexes and caches;
  • current projections;
  • ephemeral locks and ownership state;
  • secrets requiring separate custody.

Recovery quality depends as much on what is deliberately excluded as on what is captured.


Session Continuity as a Data Transaction

Long-running autonomous work eventually reaches a context boundary. Continuing indefinitely in one conversation can become expensive and difficult to manage, while beginning a blank session discards useful continuity.

A practical solution is session rotation.

The system can:

  1. identify that a session has crossed a configurable size threshold;
  2. select meaningful source material from the session;
  3. compact it into a bounded successor context;
  4. preserve pinned identity, role, and task constraints;
  5. create a new session with explicit predecessor lineage;
  6. record before-and-after token estimates, hashes, policy identity, and creation time;
  7. leave the original session intact.

This turns compaction into a reversible data transaction rather than an opaque prompt rewrite.

The successor session can carry:

  • rotated_from_session_id;
  • the context policy used;
  • a digest of the compacted source;
  • a durable pointer to the original session;
  • exact expansion handles;
  • the active objective and constraints.

We used the same context pipeline for prompt building, synthetic session seeding, compaction, overlays, and shared-memory initialization. Reusing one pipeline reduced policy drift across consumers and made long-horizon behavior more inspectable.


What We Used This Architecture For

These patterns were not designed only as theoretical abstractions. We used them across several practical workflows.

Role- and task-specific context assembly

Different autonomous workers received different pinned constraints, candidate namespaces, budgets, and selection policies without requiring separate prompt-building code for every role.

Long-horizon session rotation

Large sessions could be compacted into successor sessions with explicit lineage and retained source access, allowing work to continue with bounded context.

Searchable active conversations

Runtime event ingestion fed current human instructions and final model outputs into searchable semantic memory while preserving the raw event stream independently.

Operator-facing current state

SQL-driven projections combined source events, semantic materializations, freshness, provenance, and progress into compact operator views that could be regenerated and validated.

Shared context across autonomous workers

The same memory-building policy could seed multiple workers, compact prior work, and provide reusable summaries under explicit token budgets.

Business delivery workflows

Transport receipts, semantic messages, internal work, review state, and external delivery were represented separately, supporting clear end-to-end automation.

Reversible trials and runtime changes

Named data versions, repository snapshots, process custody, runtime namespaces, and restore manifests could be composed into a recovery plan rather than relying on source control alone.


Twelve Design Principles for Long-Running Agent Data

1. Preserve source events before interpreting them

Classification can improve later. Discarded source truth cannot.

2. Make memory admission semantic

Transport shape and field names are not enough to determine meaning.

3. Keep operational visibility separate from durable memory

A tool event can belong in a watch surface without belonging in long-term context.

4. Let business domains own business truth

Email, browser, and queue adapters should not redefine customer obligations or delivery state.

5. Treat context as a compiled product

Use explicit sources, policies, budgets, coverage rules, and receipts.

6. Make compression reversible

Summaries should retain exact direct-child relationships and expansion handles.

7. Keep current projections disposable

Dashboards, active context, and reports should be rebuildable from durable records.

8. Give each projection one writer

Shared renderers are useful; competing rebuild transactions are not.

9. Version derivations

A summary, score, classification, or context build should identify its inputs, transform version, output, and invalidation conditions.

10. Separate event time, ingest time, derivation time, and represented time

A summary written today may describe last month. Those timestamps answer different questions.

11. Version mutable data independently of code

Repositories, databases, browser state, and runtime namespaces require different restore mechanics.

12. Compose rollback

Recovery may need to coordinate code, data, processes, namespaces, and externally visible state.


The Real Data Problem Behind Autonomous Systems

The most visible part of an AI agent is the model. The most durable part is the state architecture around it.

Long-running autonomy produces a stream of activity, meaning, obligations, summaries, costs, artifacts, and external effects. Systems become easier to operate when those forms of state are not forced into one universal memory abstraction.

A strong architecture answers five questions explicitly:

  • What happened? Preserve source and operational records.
  • What did it mean? Admit semantic messages, communications, and work results.
  • What remains true? Maintain domain-owned business state.
  • What is useful now? Compile bounded, inspectable working context.
  • What can be restored? Version mutable data and compose recovery across the runtime.

That architecture gives autonomous systems something more valuable than a larger memory database. It gives them continuity without confusion, compression without amnesia, current context without rewriting history, and speed without sacrificing recoverability.

For teams moving from agent demos to persistent autonomous operations, this data layer is not supporting detail. It is core product architecture.


About Cognilode

Cognilode designs and implements advanced infrastructure for autonomous and agentic systems, including long-running memory, context engineering, retrieval, runtime control, business workflow automation, evaluation, cost attribution, and reversible operations.

The difficult part of deploying AI agents is rarely one model call. It is building the architecture that allows the system to remain coherent, observable, economical, and useful as work continues over time.

Build the substrate, not another demo

Need this architecture in your system?

Cognilode helps teams design and implement production-grade agent infrastructure—from retrieval and long-running memory to controlled execution, evaluation, and deployment.

Start a technical conversation