Argmin AIArgmin AI
About usOptimize your agent
RLHFBasic RAGPrompt OptimizationAgentic RAGQuantizationSafety BenchmarksLLM-as-a-JudgeChain-of-ThoughtMulti-Agent SystemsFunction CallingEfficient InferenceHallucination Detection

Declarative agent spec plus a runtime that enforces safety, memory, and low-latency execution

Agentic AIAgent PipelinesPlanning with LLMsLong-term MemorySystem
February 27, 20267 min

Overview

Decision SnapshotNeeds Validation

The framework provides clear, implementable architectural patterns for enterprise agents, but most claims are conceptual and require engineering validation and benchmarks at scale.

Citations0

Evidence Strength0.60

Confidence0.85

Risk Signals9

Trust Signals

Findings with numeric evidence: 0/3

Findings with evidence refs: 3/3

Results with explicit delta: 0/0

Reproducibility

Status: No open assets linked

Open source: Partial

At A Glance

Cost impact: 70%

Production readiness: 70%

Novelty: 60%

Authors

Sheng Cao, Zhao Chang, Chang Li, Hannan Li, Liyao Fu, Ji Tang

Links

Abstract / PDF

Why It Matters For Business

A declarative agent spec plus a governed runtime cuts vendor lock-in, makes agent behavior auditable, and reduces operational risk by enforcing safety before actions are emitted.

Who Should Care

CTOProduct ManagerML EngineerEngineering LeadFounder

Summary TLDR

This paper proposes a practical architecture for production autonomous agents. It splits agent definition (the declarative "Cognitive Blueprint" written in AgenticFormat) from execution (Runtime Engine / SDKs), enforces safety by projecting policies onto a token-level Constraint Manifold, provides a hierarchical memory system with a Reflector-driven consolidation pipeline, and reduces latency via dependency-based parallelism, speculative inference, and dynamic context pruning. The design is largely conceptual and engineering-focused; the paper describes mechanisms and APIs rather than benchmarks.

Problem Statement

LLMs output stochastic, loosely structured text while real-world tools and services require deterministic, schema-conformant inputs. This mismatch (the "Integration Paradox") and the lack of a standard agent definition cause vendor lock-in, brittle glue code, auditability gaps, and high operational cost.

Main Contribution

AgenticFormat: a language-agnostic, declarative schema to specify agent identity, tools, memory, output contracts, and safety constraints.

Constraint Manifold: enforce safety by projecting the raw policy onto a formally defined safe subspace at token decode time.

Key Findings

Decoupling agent specification from runtime enables portable, auditable agents.

Practical UseDefine agents as declarative blueprints (JSON/YAML) so the same spec can run on different language runtimes and be versioned and audited.

Evidence RefSections 1-3 (AgenticFormat, Cognitive Blueprint separation)

Safety is enforced by policy projection: unsafe token sequences get zero probability via token-level masking.

Practical UseImplement token-level masking during generation rather than post-hoc filters to prevent unsafe actions before they occur.

Evidence RefSection 6 (Constraint Manifold, token masking to -∞ logits)

What To Try In 7 Days

Write a small AgenticFormat YAML for a simple task (e.g., PR reviewer) with an explicit output JSON schema.

Integrate one MCP connector (e.g., GitHub) and bind it in the blueprint to test tool permissions.

Prototype token-level constraint masking for one risky action and validate that unsafe outputs are prevented at decode time.

Agent Features

Memory
hierarchical memory (short-term event stream, long-term semantic/episodic/procedural)Reflector-driven consolidationembedding-based retrieval from vector stores
Planning
think-before-act reasoning tracesspeculative planning (lookahead predictions)parallel plan execution via DAG analysis
Tool Use
MCP-based tool connectorsexplicit tool bindings in AgenticFormat blueprinttoken-level masking for unsafe tool outputs
Frameworks
AgenticFormatAgentic AI Platform SDK (agentic-py, agentic-java)Model Context Protocol (MCP)
Is Agentic

Yes

Architectures
augmented POMDP with latent reasoning spacefactorized policy (reasoning then action)declarative blueprint/runtime separation
Collaboration
local agents composition (blueprint can reference local agents)runtime SDKs enabling cross-language deployment

Optimization Features

Token Efficiency
token budget controller with KKT-based shadow pricingbudget-aware biasing of reasoning depth
Infra Optimization
cross-language SDKs for low-latency runtimes (Java)asynchronous tool call execution and commit/rollback
Model Optimization
SFT
System Optimization
token-level masking to enforce constraint manifolddependency analyzer to bound critical path latency
Training Optimization
self-purified dataset filtering of correct trajectoriesGRPO
Inference Optimization
Cognitive Map-Reduce (parallel DAG execution)speculative inference (prediction + lookahead)dynamic KV-cache pruning via attention scores

Reproducibility

Code AvailableNo
Data AvailableNo
Open Source StatusPartial
LicenseUnknown

Risks & Boundaries

Limitations

Paper is mostly architectural and conceptual; lacks empirical benchmarks demonstrating latency or safety gains.

Implementing token-level constraint masking and a full Reflector pipeline requires substantial engineering effort.

When Not To Use

For quick prototypes where simple scripts are faster to ship.

When the team lacks resources to implement a custom runtime and safety enforcement.

Failure Modes

Mis-specified blueprints or constraints could block valid actions or permit unsafe ones if predicates are incorrect.

Reflector consolidation may extract incorrect 'lessons' and bias future behavior.

Core Entities

Models

LLMs (unspecified)gemini-3-pro-preview (example in listing)

Context Entities

Models

ReAct, Chain-of-Thought (referenced prior work)

You May Also Want to Read

Survey of safe interfaces, threat models, and standards for LLM-driven agents that act on blockchains

0.40
0.55
0.65
0

Connecting AI agents to blockchains can automate treasury, trading and governance but also creates irreversible financial and governance risk; invest in intent typing, policy gates, hardened custody, and MEV-aware execution before granting any agent signing power.

Key finding

Systematic literature review found 317 relevant works from 3,270 records.

Numbers: 317 studies selected from 3,270 records

Diffusion-backed agents match accuracy but run ~30% faster and can reach up to 8× speedups in some cases

0.60
0.60
0.70
0

Replacing an AR backbone with a diffusion backbone can cut agent runtime and tool costs without lowering final task accuracy, but it requires additional training for reliable tool calls.

Key finding

DLLM and AR agents achieved the same benchmark accuracy on the 110-question BrowseComp-ZH subset.

Numbers: Accuracy: AR 15.5% vs DLLM 15.5%

TOOLMAKER: agents that turn scientific GitHub repos into executable LLM tools

0.60
0.70
0.60
3

Automates converting published code into reusable tools, cutting expert setup time and enabling rapid integration of domain-specific methods into production agents at a low per-tool cost.

Key finding

TOOLMAKER implemented 80% of benchmark tools (12 of 15)

Numbers: 12/15 tools correct

TrustBench: a runtime safety gate for agents that cuts harmful actions and runs in under 200 ms

0.70
0.50
0.60
0

Insert fast, actionable checks before agents act to avoid costly or dangerous mistakes. TrustBench-style verification cuts harmful actions substantially while staying fast enough for real use.

Key finding

TrustBench-equipped agents produced far fewer harmful actions in evaluation.

Numbers: harmful actions reduced by 87% (aggregate)

ERI: 57,750 engineering instruction-response items across 9 fields to test LLM reasoning and agent tool-use

0.70
0.60
0.70
0

ERI lets teams measure engineering-specific failure modes (units, constraints, verification) so you can route tasks to cheaper models when safe and reserve frontier models for high-risk work.

Key finding

ERI contains 57,750 instruction-response records with explicit metadata.

Numbers: 57,750 records; 1,155 metadata cells (50 per cell)