Classical software
executed instructions.
Agents generate them.

Identity → Delegated Capability

OldClassical identity maps cleanly to actors: a user, a service account, a workload identity. Permissions attach to the actor and check at request time.

NewAgents shatter this. A single user request spawns a planner, a researcher, a browser, a code executor, a memory consolidator, and a reviewer — each with distinct risk profiles, tool access, and failure modes. The question is no longer who you are but what you are allowed to do right now, on whose behalf, for what reason, with what evidence, under what budget, and with what expiration. Identity becomes dynamic delegation.

• Attenuated capability tokens for every agent-to-agent handoff
• Delegation chain: every tool call carries initiator, sub-agent, policy, budget, expiry
• OPA policy decisions logged as first-class telemetry
• Provenance-bound tool invocations — every action traceable to the goal that spawned it

Storage → Context Compilation

OldDatabases were built for applications that knew what they wanted. The programmer defined the schema, wrote the query, understood the join path.

NewAgents begin with goals, not queries — "investigate the incident," "prepare me for this meeting," "find why the customer is upset." They don't know which table matters. They need context assembled on demand, under constraints of relevance, freshness, permissioning, and cost. Long context windows are a brute-force trick that works until it doesn't. Storage stops being persistence and becomes context compilation.

• Behavior graph as the queryable context layer
• Blueprint-declared context sources with permissioning, freshness, and cost metadata
• PII redaction at the L7 boundary so context compilation never leaks sensitive data
• Compliance-as-context: "no agent in team X used a model not on the approved list" becomes a query, not a log grep

Messaging → Intent Coordination

OldDistributed systems moved facts between services — queues, logs, topics, RPC. Beautiful abstractions for explicit coordination.

NewBut agents don't pass messages; they pass work: a goal, a plan fragment, a confidence estimate, a rejection with critique, a handoff, a partial artifact. Agent-native messaging needs propose, accept, reject, revise, checkpoint, escalate, resume. And critically: cognition must be separable from commitment. Agents can explore branches internally; they cannot leak five versions of an invoice into the world because the model was thinking out loud.

• Four-tier HITL: READ_ONLY · REVERSIBLE · SIDE_EFFECT · DESTRUCTIVE
• Propose / approve / reject / revise task semantics
• Idempotent tool boundary: internal deliberation is fluid; external side effects are durable and signed
• ReAct loop as the internal deliberation surface, with trajectory export for audit

Memory → Cognitive Stack

OldMost applications have thin memory: a session store, a user profile, a conversation transcript. Enough when the program logic already knows how to behave.

NewAgents need much deeper memory because different kinds of memory play different computational roles. Working memory: the active state of the task. Episodic: trajectories across time. Semantic: durable facts about users, systems, domains. Procedural: how this class of task should generally be approached. Resource: where things live. Collapse these into a single transcript or vector store and the system gets confused. Agent-native memory needs consolidation rules, forgetting policies, trust boundaries, and selective recall — more cognitive architecture than database feature.

• Structured memory types exposed through sandbox APIs
• Behavior graph as episodic and semantic memory, versioned and queryable
• Blueprints as procedural memory — declarative policy for how a class of task runs
• Consolidation passes and summarization inside the behavior queue

Execution → Durable Trajectory

OldTraditional runtimes are built around request-response: a request arrives, code runs, a result returns.

NewAgents are loops. An agent observes, plans, acts, inspects, revises, repeats — over seconds, minutes, hours, or days. The first answer may be a rough sketch; the third may be correct. The system does not execute a path, it discovers one. This requires durable execution: checkpointed state, crash recovery, deterministic side-effect wrappers, replay for debugging, and mid-flight human intervention. The primary object is no longer the request — it is the trajectory.

• ReAct loop with state-machine enforcement (Thought → Action → Observation)
• Sandbox lifecycle: pause, resume, inspect, approve, branch, rollback — all first-class APIs
• Trajectory replay for post-hoc debugging and audit
• Kernel-level isolation (Landlock, seccomp, network namespaces) per trajectory

Observability → Behavioral Forensics

OldClassical observability asks what happened: traces, logs, metrics, errors. Enough when the application's behavior is already encoded in code.

NewAgents demand why: why did the agent choose that tool, what context did it retrieve, what alternatives did it consider, what evidence did it find persuasive, what policy boundaries were in effect? The debugging unit is no longer the request — it is the decision trajectory. Traces must preserve goals, context selections, reasoning artifacts, tool choices, confidence levels, revisions, and verifier outputs. The postmortem reads like a behavioral forensic analysis, not an infrastructure incident report.

• Behavior graph with semantic depth (goals, context, tool choices, confidence, revisions)
• Drift detection (KL divergence, PSI) and hallucination indices via LLM-as-judge
• Compliance reports mapped to NIST AI RMF, EU AI Act, ISO 42001
• Telemetry export API for parametric AI insurance oracles