An Agent Without a Verifier Isn’t an Agent. It’s a Pipeline That Hopes.
What four months of building a production AI agent taught me about the context layer most teams are still getting wrong

The line that survived four parts
I built this series over four months. I rewrote the architecture twice. I shipped working code against real codebases, measured it, broke it, fixed it, and measured it again. Out of all that, one line survived every revision:
An agent without a verifier isn’t an agent. It’s a pipeline that hopes.
The first time I wrote that line, it was a provocation. By the time I finished Part 4, it was an architectural conclusion. This article exists to explain how I got from one to the other, and why I think the production AI agent industry is going to spend the next twelve months catching up to it.
The state of “agent” in 2026
The word “agent” is doing too much work right now. It is applied to autocomplete-with-extra-steps, to chatbots with function-calling enabled, to RAG pipelines with one extra retrieval pass, and to genuinely autonomous multi-step systems that plan, execute, and self-correct. These are not the same thing. They cannot be. The architectural difference between the first and the last is not a feature. It is a structural rebuild.
The shorthand the industry has settled on — that an agent is “a model that can use tools” — is missing the substantive question. Tools are necessary. They are not what makes something an agent. What makes something an agent is the loop. And what makes the loop work is the context layer that supports it.
Most production agents I look at today have a context layer that is mostly broken. They retrieve from one or two sources, dump everything into the prompt, generate, and ship the output. There is no record of what the agent did last session. There is no structured recall of stable facts. There is no second pass that audits whether the answer was actually any good before it gets shipped. The agent runs once, produces text, and the system trusts that text by default.
This works for demos. It does not work for production.
The context layer is not one thing
The most consequential thing I learned from building the architectural-health-agent across the four parts of this series is that the context layer is four distinct concerns, not one. Each of them solves a different problem. Each of them has a different storage shape, retrieval cadence, and integration point in the agent loop. When you skip one, the system does not gracefully degrade. It fails silently and confidently.
The four layers, in the order they appear in a working agent loop:
Procedural memory — what the agent can actually do
This is the skills layer. It is the set of deterministic tools the agent can call, registered at startup, selected at runtime by the model based on the query. The critical word is deterministic. A procedural memory layer that returns probabilistic answers is not procedural memory. It is just another LLM call.
In the architectural-health-agent, procedural memory was three skills: get_architecture_summary, get_health_score, find_dead_code. Each one is a direct CLI call to Depwire, returning real symbol-level analysis of the target codebase. Not estimates. Not summaries. Actual structural truth, computed by static analysis.
The reason this matters is the alternative. If the agent has to “know” the architecture of a codebase without a deterministic tool to consult, it is hallucinating. Maybe accurately, maybe not. You cannot tell from the output. A real procedural memory layer removes that ambiguity. The agent knows what it can call, and what it calls returns ground truth.
Semantic memory — the facts that should not be rediscovered every session
Semantic memory is the cache for stable facts. Framework names, common architectural patterns, definitions, conventions. Things that are true across sessions and rarely change. In the architectural-health-agent, this is an in-memory Map with a 24-hour TTL.
The reason for semantic memory is not performance, though that is a nice side effect. The reason is that an agent that re-derives stable facts from first principles every session is doing work it should not be doing, and that work introduces variance. The agent that “knows” hono is a Cloudflare Workers framework should not be reasoning its way to that conclusion every time it sees the word “hono.” That fact should be cached, retrieved, and treated as settled.
Semantic memory is the least architecturally interesting of the four layers. It is also the one most teams already implement correctly, often without realizing it. If your agent has any kind of key-value cache for stable facts, you have semantic memory. The trap is treating semantic memory as the only memory, which is what most agents do.
Episodic memory — what the agent did, what it found, and what worked
Episodic memory is the record of past sessions. Every analysis, every finding, every decision the agent made, stored with timestamps and metadata, indexed for retrieval. In the architectural-health-agent, this is Neo4j with a full-text index across all prior session summaries.
The architectural point that matters most about episodic memory is when it gets retrieved. The default mistake is to retrieve after generation, as a post-hoc enrichment of the output. That is backward. Episodic memory has to be retrieved before generation, as a structural input to the prompt. The agent reads what it knows about the problem before it writes a single word.
This is the part of the architecture that produces the measurable improvement across sessions. The first time the agent analyzes a codebase, it has zero episodic memories. It produces an answer. The second time, it retrieves one memory, integrates it into the context, and produces a different — usually better — answer. The third time, two memories. And so on.
Without episodic memory, every session is the first session. The agent never improves. It just runs.
Metacognitive memory — the verifier
This is the layer most agentic systems skip, and it is the one this entire article is about.
Metacognitive memory is the agent’s ability to audit its own output before shipping it. Concretely, it is a second model call that takes the agent’s generated response and evaluates it against the original task, the skill output, and the retrieved memory context. The verifier produces a score, a pass/fail flag, a specific feedback sentence, and a list of flags identifying which parts of the response were weak.
The feedback sentence is the architectural payload. When the agent’s first attempt fails the verifier, the retry uses that feedback sentence as additional context. Not “try again.” A specific instruction like “the response did not address the circular dependency findings and the score should be lower given the dead code ratio.” The agent does not guess what to fix. It is told.
In the architectural-health-agent, this is what drove the score improvement from 62 to 92 on Run 2. The first attempt missed a structural finding. The evaluator named it. The retry incorporated it. The score moved.
The reason most agents skip this layer is cost — every action becomes two model calls — and complexity, because the verifier needs to be a real, structured evaluator, not a sentiment classifier. But the cost is not optional. Without metacognitive memory, the agent has no internal signal for whether its output is any good. It produces. The user judges. There is no feedback loop. The agent does not learn what “good” looks like for the problem it is solving.
This is what I mean when I say an agent without a verifier is a pipeline that hopes. It produces text, and the system trusts the text by default. That is not an agent. That is autocomplete with permissions.
The complete loop
When all four layers are present, the agent loop looks like this:
- Retrieve memory — both episodic (what did we do last time) and semantic (what is true in general)
- Select skill — the model decides which deterministic tool to call based on the query
- Generate — the model produces a response, with skill output and memory context as input
- Store memory — the new session gets written to episodic store, new stable facts get cached
- Evaluate — the verifier scores the output, and if it fails, one retry with feedback as context
Five steps. Every query. In this order. The order matters more than the steps. Retrieval happens before generation. Storage happens before evaluation, because the honest record includes outputs that did not pass on first attempt. Evaluation is the gate, not a post-hoc audit.
What this loop produces is an agent whose behavior is measurable. Score over sessions. Memory hit rate. Skill selection accuracy. Verifier failure modes. None of that is observable in an agent without these four layers. The single-pass, generate-and-ship architecture is a black box by construction. The four-layer architecture is an instrument.
🎬 See it running: Part 4 — The Complete Agent on YouTube
What this means for what you are building
If you are building agentic systems right now, the practical implication of this argument is a four-question audit:
Does your agent have deterministic skills, or is it inferring what it can do from the prompt?
Does your agent cache stable facts across sessions, or rediscover them every time?
Does your agent retrieve from prior sessions before generation, or only after?
Does your agent audit its own output before shipping, or trust the first generation by default?
Most teams will answer yes to one or two of these. Some will answer yes to three. The teams answering yes to all four are the teams whose agents are going to keep working as the production demands scale, and whose competitors’ agents are going to degrade silently in ways the logs will not surface.
This is not a feature list. It is an architectural baseline. And it is the baseline that is going to separate agentic systems that hold up in production from agentic systems that look fine in a demo and break two months in.
The honest close
There are open questions in this architecture that the series did not fully resolve. How to handle long-horizon episodic memory at scale. How to design verifiers that audit creative outputs, not just structural ones. How to compose multi-agent systems where each sub-agent has its own four layers. How to make the whole stack auditable from the outside, which is what the agent identity work I have been doing separately is for.
But the four-layer thesis itself is settled, at least for me. After four parts of building it, measuring it, and watching it work against real codebases, I am confident enough in it to draw the line at the top of this article and defend it: an agent without a verifier is not an agent. It is a pipeline that hopes.
The video that finalizes this argument is up. It shows the full agent running against two real codebases, with all four memory types active, measurable improvement across sessions, and an automatic cross-repo comparison. If you have followed the series, this is where everything ships in one project. If you have not, this is the place to start.
The context layer is the part of the agent architecture nobody talks about because it does not demo well in a tweet. But it is the part that decides whether your agent holds up when the demo ends and the production starts.
Watch the finale of The Context Layer Series:
Atef Ataya is the founder of Depwire and the author of The Architect’s Playbook: 5 Pillars of Production AI Agent Architecture. He writes about AI agent architecture at @atefataya on YouTube and atefataya.com. The companion video for this article — Part 4 of The Context Layer series — was produced with sponsorship support from Skywork.