Complete System Architecture of AIAgent - Louis

Complete Architecture Structure

Intent Layer
Planning Layer
Execution Layer
Tool Layer
Memory Layer
Knowledge Layer
Policy & Guardrail Layer
Observability Layer
Persistence Layer
Governance Layer

1. First Layer: Intent Router

Router needs to determine whether to invoke Tools

Router Prompt:

prompt = '

	You are a task classifier.
	User query: {query}
 
	Classify the user query into one of:
 
	1. simple_qa
	2. retrieval
	3. tool_call
	4. multi_step
 
	Return JSON:
	{
  		"type": "..."
	}
’

2. Second Layer: ReAct Tool Core

simple_qa → LLM direct answer

retrieval → call vector database for direct retrieval / call Browser retrieval

tool_call → enter ReAct loop
multi_step → enter ReAct loop

ReAct Loop Architecture:

LLM decides next action
↓
Call one tool
↓
Append tool result
↓
Repeat

Sample Code:

while True:
 
    response = llm(messages, tools=tool_schema)
 
    if response.tool_calls:
        result = execute_tool(...)
        messages.append(tool_result)
 
    else:
        break

3. Third Layer: Structured Tool Layer

Here we adopt ChatGPT’s Function Calling concept, connecting LLM and Tools invocation by defining “Tools Schema”.

Enterprise-grade AIAgent: ReAct + Function calling: https://strictfrog.com/en/2026-02-17-enterprise-level-ai-agent-react-function-calling/

4. Fourth Layer: Guardrails & Policies

Maximum step limit:

max_steps = 15

Disallow sending sensitive emails:

if tool = send_mail:
	require confirmation

5. Fifth Layer: Memory Layer

Unified Memory system (long-term + short-term)

1️⃣ Short-term memory (Session Memory)
	•	current task state
	•	tool invocation history
	•	intermediate decision result
2️⃣ Long-term memory (Persistent Memory)
	•	user preferences history
	•	historical task records
	•	decision result archives
	•	email sending logs
Otherwise the system cannot:
	•	track back
	•	analyze
	•	audit
	•	learn and optimize

7. Seventh Layer: Policy & Guardrail Layer

Policy & Safety Layer (Security Controls)
Now it can send emails automatically.
Risky issues:
	•	prompt injection?
	•	user sending mass emails?
	•	sensitive info leakage?
	•	calling dangerous APIs?
A mature system must have:
Guardrails
	•	tool invocation whitelist
	•	parameter validation
	•	risk scoring
	•	human confirmation checkpoints
	•	rate limiting

8. Eighth Layer: Observability Layer

Observability
Must be able to answer:
	•	Which tool fails the most?
	•	Average steps per task execution?
	•	LLM token consumption?
	•	Email success rate?
	•	Which step takes the most time?
This requires:
	•	structured logging
	•	step-level tracing
	•	metrics
	•	visual dashboards
Otherwise optimization is impossible.

9. Ninth Layer: Persistence Layer

Task Persistence
Must support:
	•	task interruption recovery
	•	asynchronous execution
	•	multi-user concurrency
	•	failure retry
	•	delayed execution
Requires:
	•	Redis / DB to store state
	•	unique ID for each task
	•	state machine persistence
Otherwise it's just a script, not a system.

Tool Governance

When tools exceed 10, issues appear:
	•	tool conflicts
	•	parameter confusion
	•	incorrect routing
	•	LLM picking wrong tools
Mature systems require:
	•	tool registry
	•	tool capability descriptions
	•	tool prioritization
	•	tool invocation logs

Error Recovery Strategy

Currently:
 Error → Program crash

Mature systems must have:
	•	automatic retry
	•	backup models
	•	fallback strategy
	•	LLM self-healing prompts

Cost Control Layer

Mature systems must monitor:
	•	token usage
	•	tool invocation cost
	•	API fees
	•	model selection strategy (small models first)
Otherwise costs are uncontrollable.

Human-in-the-loop

When encountering:
	•	high-risk operations
	•	low confidence
	•	multiple ambiguous candidates
It must:
 Agent → request human confirmation

Otherwise it cannot be used in real business.

Mature System Architecture Diagram

		┌──────────────────┐
                │   API Gateway    │
                └──────────────────┘
                          ↓
                ┌──────────────────┐
                │ Intent Router    │
                └──────────────────┘
                          ↓
                ┌──────────────────┐
                │ ReAct Engine     │
                └──────────────────┘
                          ↓
          ┌───────────────┼────────────────┐
          ↓               ↓                ↓
   Tool Layer       Knowledge Layer     Memory Layer
          ↓               ↓                ↓
                ┌──────────────────┐
                │ Policy Layer     │
                └──────────────────┘
                          ↓
                ┌──────────────────┐
                │ Persistence DB   │
                └──────────────────┘
                          ↓
                ┌──────────────────┐
                │ Observability    │
                └──────────────────┘

Summary

Signs of a mature system
•	Serving 100+ users concurrently
•	Supporting long-chain tasks
•	Interruption recovery
•	Automatic failure repair
•	Complete audit logging
•	Cost accounting
•	Security policies
•	Human approval checkpoints

关于作者

我是Louis,一名长期从事iOS与AI相关工程实践的工程师,也是一个正在探索产品与商业可能性的准创始人.

这里的文章,更多是我在项目中用过,踩过坑,反复验证过的东西,而不是为了流量而写的“快内容”.

☕ 打赏

如果这篇文章对你有帮助,欢迎请我喝一杯咖啡☕️

PayPal
https://www.paypal.me/luochuan188

PayPay

You can support my work via PayPay by searching my PayPay ID:

PayPay ID: luochuan

微信支付

支付宝

你的支持会让我有更多时间,把真实项目中的经验持续整理和分享出来.

不打赏也完全没关系,感谢你读到这里.

联系与合作

如果你:

· 正在做iOS App / AI / 自动化相关的项目

· 对技术选型、架构设计、产品落地有困惑

· 或希望进行技术交流、合作探讨

欢迎通过以下邮箱联系我:

luochuanad@gmail.com