Foreword(前言)

Agents are the natural evolution of Language Models, made useful in software.

智能体（Agents）是语言模型的自然进化，它们让语言模型在软件中真正变得实用。

From Predictive AI to Autonomous Agents（从预测型 AI 到自主智能体）

Artificial intelligence is changing. For years, the focus has been on models that excel at passive, discrete tasks: answering a question, translating text, or generating an image from a prompt. This paradigm, while powerful, requires constant human direction for every step.

人工智能正在发生变革。多年来，人们的关注点一直集中在擅长执行被动、离散任务的模型上：例如回答问题、翻译文本或根据提示词生成图像。这种模式虽然强大，但每一步都需要人类不断的指令引导。

We're now seeing a paradigm shift, moving from AI that just predicts or creates content to a new class of software capable of autonomous problem-solving and task execution.

我们现在正在见证一场范式转移：AI 正在从仅仅进行预测或创作内容，进化为一种具备自主解决问题和执行任务能力的新型软件。

This new frontier is built around AI agents. An agent is not simply an AI model in a static workflow; it's a complete application, making plans and taking actions to achieve goals.

这一新前沿正是围绕 AI 智能体（AI Agents）构建的。智能体不仅仅是静态工作流中的一个 AI 模型，它是一个完整的应用程序，能够为了实现目标而制定计划并采取行动。

It combines a Language Model's (LM) ability to reason with the practical ability to act, allowing it to handle complex, multi-step tasks that a model alone cannot. The critical capability is that agents can work on their own, figuring out the next steps needed to reach a goal without a person guiding them at every turn.

它将语言模型（LM）的推理能力与实际的执行能力结合在一起，使其能够处理单体模型无法胜任的复杂、多步骤任务。其关键能力在于：智能体可以自主工作，在没有人类步步引导的情况下，自行摸索达成目标所需的后续步骤。

This document is the first in a five-part series, acting as a formal guide for the developers, architects, and product leaders transitioning from proofs-of-concept to robust, production-grade agentic systems.

本文档是系列白皮书（共五部分）的第一篇，旨在为那些正从概念验证（PoC）转向健壮、生产级智能体系统的开发者、架构师及产品负责人提供正式指南。

While building a simple prototype is straightforward, ensuring security, quality and reliability is a significant challenge. This paper provides a comprehensive foundation:

虽然构建一个简单的原型并不难，但要确保其安全性、质量和可靠性是一项重大挑战。本文提供了全面的基础架构指导：

• Core Anatomy: Deconstructing an agent into its three essential components: the reasoning Model, actionable Tools, and the governing Orchestration Layer.

  核心解构：将智能体拆解为三个核心组件：推理模型（Model）、可执行工具（Tools）以及起管理作用的编排层（Orchestration Layer）。

• A Taxonomy of Capabilities: Classifying agents from simple, connected problem-solvers to complex, collaborative multi-agent systems.

  能力分类法：对智能体进行分类，涵盖从简单的联网问题解决者到复杂的协作式多智能体系统。

• Architectural Design: Diving into the practical design considerations for each component, from model selection to tool implementation.

  架构设计：深入探讨各组件的实际设计考量，从模型选择到工具实现。

• Building for Production: Establishing the Agent Ops discipline needed to evaluate, debug, secure, and scale agentic systems from a single instance to a fleet with enterprise governance.

  生产级构建：建立 Agent Ops（智能体运维）体系，以实现对智能体系统从单体实例到具备企业级治理能力的集群进行评估、调试、安全防护和规模化扩展。

Building on the previous Agents whitepaper¹ and Agent Companion²; this guide provides the foundational concepts and strategic frameworks you will need to successfully build, deploy, and manage this new generation of intelligent applications which can reason, act and observe to accomplish goals³.

本指南以前作《智能体白皮书》¹和《智能体指南》²为基础，提供了成功构建、部署及管理新一代智能应用所需的底层概念与战略框架；这些应用能够通过推理（Reason）、行动（Act）和观察（Observe）来达成既定目标³。

Words are insufficient to describe how humans interact with AI. We tend to anthropomorphize and use human terms like "think" and "reason" and "know." We don't yet have words for "know with semantic meaning" vs "know with high probability of maximizing a reward function." Those are two different types of knowing, but the results are the same 99.0% of the time.

文字已不足以描述人类与 AI 的交互方式。我们倾向于将 AI 拟人化，使用“思考”、“推理”和“知道”等人类术语。对于“基于语义理解的知道”与“基于最大化奖励函数的高概率知道”，我们还没有专门的词汇来区分。这是两种不同类型的“知道”，但在 99.0% 的情况下，其结果是一致的。

Introduction to AI Agents（AI 智能体简介）

In the simplest terms, an AI Agent can be defined as the combination of models, tools, an orchestration layer, and runtime services which uses the LM in a loop to accomplish a goal. These four elements form the essential architecture of any autonomous system.

简单来说，AI 智能体可以定义为模型、工具、编排层和运行时服务的结合体，它通过循环调用语言模型（LM）来达成目标。这四个要素构成了任何自主系统的核心架构。

• The Model (The "Brain"): The core language model (LM) or foundation model that serves as the agent's central reasoning engine to process information, evaluate options, and make decisions. The type of model (general-purpose, fine-tuned, or multimodal) dictates the agent's cognitive capabilities. An agentic system is the ultimate curator of the input context window the LM.

• 模型（“大脑”）： 核心语言模型（LM）或基座模型，作为智能体的中央推理引擎，用于处理信息、评估选项并做出决策。模型的类型（通用型、微调型或多模态）决定了智能体的认知能力。智能体系统是语言模型输入上下文窗口的终极策划者。

• Tools (The "Hands"): These mechanisms connect the agent's reasoning to the outside world, enabling actions beyond text generation. They include API extensions, code functions, and data stores (like databases or vector stores) for accessing real-time, factual information. An agentic system allows a LM to plan which tools to use, executes the tool, and puts the tool results into the input context window of the next LM call.

• 工具（“双手”）： 这些机制将智能体的推理与外部世界连接起来，使其能够执行文本生成之外的动作。它们包括 API 扩展、代码函数和数据存储（如数据库或向量库），用于获取实时、真实的信息。智能体系统允许语言模型规划要使用的工具，执行该工具，并将结果放入下一次语言模型调用的输入上下文窗口中。

• The Orchestration Layer (The "Nervous System"): The governing process that manages the agent's operational loop. It handles planning, memory (state), and reasoning strategy execution. This layer uses prompting frameworks and reasoning techniques (like Chain-of-Thought⁴ or ReAct⁵⁾) to break down complex goals into steps and decide when to think versus use a tool. This layer is also responsible for giving agents the memory to "remember."

• 编排层（“神经系统”）： 管理智能体运行循环的主导流程。它负责处理规划、记忆（状态）和推理策略的执行。该层利用提示词框架和推理技术（如思维链⁴或 ReAct⁵）将复杂目标分解为多个步骤，并决定何时进行思考、何时使用工具。该层还负责赋予智能体“记忆”能力。

• Deployment (The "Body and Legs"): While building an agent on a laptop is effective for prototyping, production deployment is what makes it a reliable and accessible service. This involves hosting the agent on a secure, scalable server and integrating it with essential production services for monitoring, logging, and management. Once deployed, the agent can be accessed by users through a graphical interface or programmatically by other agents via an Agent-to-Agent (A2A) API.

• 部署（“身体与双腿”）： 虽然在笔记本电脑上构建智能体对于原型开发很有效，但生产级部署才是使其成为可靠且可用服务的关键。这包括将智能体托管在安全、可扩展的服务器上，并集成为监控、日志和管理所需的生产服务。部署后，用户可以通过图形界面访问智能体，或者由其他智能体通过智能体间接口（A2A API）以编程方式调用。

At the end of the day, building a generative AI agent is a new way to develop solutions to solve tasks. The traditional developer acts as a "bricklayer," precisely defining every logical step. The agent developer, in contrast, is more like a director. Instead of writing explicit code for every action, you set the scene (the guiding instructions and prompts), select the cast (the tools and APIs), and provide the necessary context (the data). The primary task becomes guiding this autonomous "actor" to deliver the intended performance.

归根结底，构建生成式 AI 智能体是一种解决任务的新型开发方式。传统的开发者扮演着“砌墙工”的角色，精确定义每一个逻辑步骤；相比之下，智能体开发者更像是一位“导演”。你不再为每个动作编写显式代码，而是布置场景（引导性指令和提示词）、挑选角色（工具和 API）并提供必要的背景（数据）。主要任务变成了引导这位自主的“演员”呈现预期的表演。

You'll quickly find that an LM's greatest strength—its incredible flexibility—is also your biggest headache. A large language model's capacity to do anything makes it difficult to compel it to do one specific thing reliably and perfectly. What we used to call "prompt engineering" and now call "context engineering" guides LMs to generate the desired output. For any single call to a LM, we input our instructions, facts, available tools to call, examples, session history, user profile, etc – filling the context window with just the right information to get the outputs we need. Agents are software which manage the inputs of LMs to get work done.

你会很快发现，语言模型最大的优势——极其强大的灵活性——也是最让你头疼的地方。大语言模型几乎无所不能，这使得让它可靠、完美地执行某一特定任务变得异常困难。我们过去称之为“提示词工程”，现在则称之为“上下文工程”，其核心是引导语言模型生成期望的输出。在对模型的单次调用中，我们会输入指令、事实、可用工具、示例、会话历史、用户画像等——用恰到好处的信息填满上下文窗口。智能体本质上就是管理语言模型输入以完成工作的软件。

Debugging becomes essential when issues arise. "Agent Ops" essentially redefines the familiar cycle of measurement, analysis, and system optimization. Through traces and logs, you can monitor the agent's "thought process" to identify deviations from the intended execution path. As models evolve and frameworks improve, the developer's role is to furnish critical components: domain expertise, a defined personality, and seamless integration with the tools necessary for practical task completion. It's crucial to remember that comprehensive evaluations and assessments often outweigh the initial prompt's influence.

当问题出现时，调试变得至关重要。“Agent Ops”从本质上重新定义了我们熟悉的测量、分析和系统优化循环。通过追踪和日志，你可以监控智能体的“思考过程”，从而识别其偏离预期执行路径的地方。随着模型的演进和框架的完善，开发者的角色是提供关键组件：领域专业知识、定义明确的人格，以及与完成实际任务所需工具的无缝集成。必须记住，全面的评估和测试往往比初始提示词的影响力更大。

When an agent is precisely configured with clear instructions, reliable tools, and an integrated context serving as memory, a great user interface, the ability to plan and problem solve, and general world knowledge, it transcends the notion of mere "workflow automation." It begins to function as a collaborative entity: a highly efficient, uniquely adaptable, and remarkably capable new member of your team.

当一个智能体被精确配置了清晰的指令、可靠的工具，并拥有作为记忆的集成上下文、优秀的交互界面、规划与解决问题的能力以及通用的常识时，它就超越了单纯的“工作流自动化”概念。它开始作为一个协作实体发挥作用：一个高效、适应力极强且能力卓著的团队新成员。

In essence, an agent is a system dedicated to the art of context window curation. It is a relentless loop of assembling context, prompting the model, observing the result, and then re-assembling a context for the next step. The context may include system instructions, user input, session history, long term memories, grounding knowledge from authoritative sources, what tools could be used, and the results of tools already invoked. This sophisticated management of the model's attention allows its reasoning capabilities to problem solve for novel circumstances and accomplish objectives.

从本质上讲，智能体是一个致力于上下文窗口策划艺术的系统。它是一个持续不断的循环：组装上下文、提示模型、观察结果，然后为下一步重新组装上下文。这些上下文可能包括系统指令、用户输入、会话历史、长期记忆、来自权威渠道的落地知识、可选工具以及已调用工具的结果。通过对模型注意力这种精细化的管理，其推理能力得以在各种新情况下解决问题并实现目标。

The Agentic Problem-Solving Process(智能体解决问题的过程)

We have defined an AI agent as a complete, goal-oriented application that integrates a reasoning model, actionable tools, and a governing orchestration layer. A short version is "LMs in a loop with tools to accomplish an objective."

我们已将 AI 智能体定义为一个完整的、以目标为导向的应用程序，它集成了推理模型、可操作工具和主导编排层。简短的定义是“在循环中使用语言模型（LM）及工具来完成目标”。

But how does this system actually work? What does an agent do from the moment it receives a request to the moment it delivers a result?

但这个系统实际上是如何运作的呢？从接收请求到交付结果的那一刻，智能体究竟做了什么？

At its core, an agent operates on a continuous, cyclical process to achieve its objectives. While this loop can become highly complex, it can be broken down into five fundamental steps as discussed in detail in the book Agentic System Design:

从核心层面来看，智能体通过一个持续的循环过程来达成其目标。虽然这个循环可能变得非常复杂，但可以分解为《智能体系统设计》（Agentic System Design）一书中详细讨论的五个基本步骤：

1. Get the Mission: The process is initiated by a specific, high-level goal. This mission is provided by a user (e.g., "Organize my team's travel for the upcoming conference") or an automated trigger (e.g., "A new high-priority customer ticket has arrived").

   获取任务：该过程由一个特定的高层级目标发起。此任务由用户提供（例如，“为我的团队组织参加即将举行的会议的行程”）或由自动化触发器发起（例如，“收到一张新的高优先级客户工单”）。

2. Scan the Scene: The agent perceives its environment to gather context. This involves the orchestration layer accessing its available resources: "What does the user's request say?", "What information is in my term memory? Did I already try to do this task? Did the user give me guidance last week?", "What can I access from my tools, like calendars, databases, or APIs?"

   扫描场景：智能体感知其环境以收集上下文。这涉及编排层访问其可用资源：“用户的请求说了什么？”、“我的记忆中有什么信息？我之前尝试过执行此任务吗？用户上周是否给了我指导？”、“我可以从我的工具中访问什么，比如日历、数据库或 API？”

3. Think It Through: This is the agent's core "think" loop, driven by the reasoning model. The agent analyzes the Mission (Step 1) against the Scene (Step 2) and devises a plan. This isn't a single thought, but often a chain of reasoning: "To book travel, I first need to know who is on the team. I will use the get-team-roster tool. Then I will need to check their availability via the calendar_api."

   深入思考：这是由推理模型驱动的智能体核心“思考”循环。智能体对照场景（步骤 2）分析任务（步骤 1）并制定计划。这不仅是一个单一的念头，通常是一个推理链：“要预订行程，我首先需要知道团队中有谁。我将使用 get-team-roster（获取团队名单）工具。然后我需要通过 calendar_api（日历 API）检查他们的可用时间。”

4. Take Action: The orchestration layer executes the first concrete step of the plan. It selects and invokes the appropriate tool—calling an API, running a code function, or querying a database. This is the agent acting on the world beyond its own internal reasoning.

   采取行动：编排层执行计划的第一个具体步骤。它选择并调用适当的工具——调用 API、运行代码函数或查询数据库。这是智能体在其内部推理之外对世界采取的行动。

5. Observe and Iterate: The agent observes the outcome of its action. The getteam_ roster tool returns a list of five names. This new information is added to the agent's context or "memory." The loop then repeats, returning to Step 3: "Now that I have the roster, my next step is to check the calendar for these five people. I will use the calendar api."

   观察与迭代：智能体观察其行动的结果。get-team-roster 工具返回了一个包含五个名字的列表。这个新信息被添加到智能体的上下文或“记忆”中。然后循环重复，回到步骤 3：“既然我已经拿到了名单，我的下一步是检查这五个人的日历。我将使用日历 API。”

This "Think, Act, Observe" cycle continues - managed by the Orchestration Layer, reasoned by the Model, and executed by the Tools until the agent's internal plan is complete and the initial Mission is achieved.

这个“思考、行动、观察”的循环不断持续——由编排层管理，由模型推理，并由工具执行，直到智能体的内部计划完成且初始任务达成。

Figure 1: Agentic AI problem-solving process

Let's take a real-world example of how a Customer Support Agent would operate in this 5-step cycle:

让我们以客户支持智能体在这一 5 步循环中运作的真实场景为例：

Imagine a user asks, "Where is my order #12345?"

假设一位用户询问：“我的订单 #12345 在哪儿？”

Instead of immediately acting, the agent first enters its "Think It Through" phase to devise a complete strategy. It reasons:

智能体并不会立即采取行动，而是首先进入“深入思考”阶段，以制定完整的策略。它推理道：

"The user wants a delivery status. To provide a complete answer, I need a multi-step plan:

“用户想要了解物流状态。为了提供完整的回答，我需要一个多步骤计划：

1. Identify: I must first find the order in our internal database to confirm it exists and get its details.

   识别： 我必须首先在我们的内部数据库中找到该订单，以确认其存在并获取其详细信息。

2. Track: From those details, I'll need to extract the shipping carrier's tracking number. Then, I'll query the external carrier's API for the live status.

   查询： 根据这些详细信息，我需要提取承运商的物流单号。然后，我将查询外部承运商的 API 以获取实时状态。

3. Report: Finally, I must synthesize the information I've gathered into a clear, helpful response for the user."

   报告： 最后，我必须将收集到的信息整合为一条清晰且对用户有帮助的回复。”

With this multi-step plan in mind, the agent begins execution.

带着这个多步骤计划，智能体开始执行。

In its first "Act" phase, it executes step one of its plan, calling the find_order("12345") tool. It observes the result—a full order record, including the tracking number "ZYX987."

在第一个“行动”阶段，它执行计划的第一步，调用 find_order("12345") 工具。它观察结果 —— 一条完整的订单记录，其中包含物流单号“ZYX987”。

The agent's orchestration layer recognizes that the first part of its plan is complete and immediately proceeds to the second. It acts by calling the getshipping_status("ZYX987") tool. It observes the new result: "Out for Delivery."

智能体的编排层识别出计划的第一部分已完成，并立即进入第二部分。它通过调用 getshipping_status("ZYX987") 工具采取行动。它观察到新的结果：“正在派送中”。

Finally, having successfully executed the data-gathering stages of its plan, the agent moves to the "Report" step. It perceives it has all the necessary components, plans the final message, and acts by generating the response: "Your order #12345 is 'Out for Delivery'!

最后，在成功执行了计划的数据收集阶段后，智能体进入“报告”步骤。它感知到已具备所有必要的组件，规划了最终信息，并采取行动生成回复：“您的订单 #12345 正在‘派送中’！”

A Taxonomy of Agentic Systems（智能体系统分类法）

Understanding the 5-step operational loop is the first part of the puzzle. The second is recognizing that this loop can be scaled in complexity to create different classes of agents. For an architect or product leader, a key initial decision is scoping what kind of agent to build.

理解 5 步运行循环只是解开谜题的第一部分。第二部分是认识到这一循环可以在复杂性上进行扩展，从而创建不同级别的智能体。对于架构师或产品负责人来说，最初的关键决策是确定要构建哪种类型的智能体。

We can classify agentic systems into a few broad levels, each building on the capabilities of the last.

我们可以将智能体系统划分为几个宽泛的等级，每一级都建立在上一级的能力基础之上。

Figure 2: Agentic system in 5 steps

Level 0: The Core Reasoning System（0 级：核心推理系统）

Before we can have an agent, we must start with the "Brain" in its most basic form: the reasoning engine itself. In this configuration, a Language Model (LM) operates in isolation, responding solely based on its vast pre-trained knowledge without any tools, memory, or interaction with the live environment.

在拥有智能体之前，我们必须先从其最基本的形式——“大脑”开始：即推理引擎本身。在这种配置下，语言模型（LM）孤立地运行，仅根据其庞大的预训练知识进行响应，没有任何工具、记忆或与实时环境的交互。

Its strength lies in this extensive training, allowing it to explain established concepts and plan how to approach solving a problem with great depth. The trade-off is a complete lack of real-time awareness; it is functionally "blind" to any event or fact outside its training data.

它的优势在于这种广泛的训练，使其能够深入地解释既定概念并规划解决问题的方法。代价是完全缺乏实时意识；对于其训练数据之外的任何事件或事实，它在功能上是“盲目”的。

For instance, it can explain the rules of professional baseball and the complete history of the New York Yankees. But if you ask, "What was the final score of the Yankees game last night?", it would be unable to answer. That game is a specific, real-world event that happened after its training data was collected, so the information simply doesn't exist in its knowledge.

例如，它可以解释职业棒球规则和纽约洋基队的完整历史。但如果你问：“昨晚洋基队比赛的最终比分是多少？”，它将无法回答。那场比赛是在其训练数据收集之后发生的特定现实事件，因此该信息根本不存在于它的知识库中。

Level 1: The Connected Problem-Solver（1 级：联网的问题解决者）

At this level, the reasoning engine becomes a functional agent by connecting to and utilizing external tools - the "Hands" component of our architecture. Its problem-solving is no longer confined to its static, pre-trained knowledge.

在这一级别，推理引擎通过连接并利用外部工具（我们架构中的“双手”组件）变成了一个功能性的智能体。它解决问题的能力不再局限于静态的、预训练的知识。

Using the 5-step loop, the agent can now answer our previous question. Given the "Mission": "What was the final score of the Yankees game last night?", its "Think" step recognizes this as a real-time data need. Its "Act" step then invokes a tool, like a Google Search API with the proper date and search terms. It "Observes" the search result (e.g., "Yankees won 5-3"), and synthesizes that fact into a final answer.

通过使用 5 步循环，智能体现可以回答我们之前的问题。给定“任务”：“昨晚洋基队比赛的最终比分是多少？”，其“思考”步骤会识别出这是一个实时数据需求。随后其“行动”步骤会调用一个工具，例如带有正确日期和搜索词的 Google 搜索 API。它“观察”搜索结果（例如，“洋基队以 5-3 获胜”），并将该事实综合为最终答案。

This fundamental ability to interact with the world - whether using a search tool for a score, a financial API for a live stock price, or a database via Retrieval-Augmented Generation (RAG) is the core capability of a Level 1 agent.

这种与世界互动的基本能力——无论是使用搜索工具查询比分、使用金融 API 查询实时股价，还是通过检索增强生成（RAG）访问数据库——都是 1 级智能体的核心能力。

Level 2: The Strategic Problem-Solver（ 2 级：战略性的问题解决者）

Level 2 marks a significant expansion in capability, moving from executing simple tasks to strategically planning complex, multi-part goals. The key skill that emerges here is context engineering: the agent's ability to actively select, package, and manage the most relevant information for each step of its plan.

2 级标志着能力的显著扩展，从执行简单任务转向战略性地规划复杂的、多部分组成的目标。这里出现的关键技能是上下文工程：智能体能够为计划的每个步骤主动选择、封装并管理最相关的信息。

An agent's accuracy depends on a focused, high-quality context. Context engineering curates the model's limited attention to prevent overload and ensure efficient performance.

智能体的准确性取决于聚焦且高质量的上下文。上下文工程对模型有限的注意力进行“策划”，以防止过载并确保高效执行。

For instance, consider the "Mission": "Find a good coffee shop halfway between my office at 1600 Amphitheatre Parkway, Mountain View, and my client's office at 1 Market St, San Francisco."

例如，考虑到“任务”：“在我位于山景城 Amphitheatre Parkway 1600 号的办公室和位于旧金山 Market St 1 号的客户办公室之间，找一家不错的咖啡馆。”

A Level 2 agent will start creating a plan:

2 级智能体会开始制定计划：

1. Think: "I must first find the halfway point." 思考：“我必须先找到中点。” - Act: Call the Maps tool with both addresses. 行动：使用这两个地址调用地图工具。

   • Observe: "The halfway point is Millbrae, CA." 观察：“中点是加利福尼亚州的米尔布雷。”

2. Think: "Now I must find coffee shops in Millbrae. The user asked for 'good' ones, so I will search for places with a 4-star rating or higher." 思考：“现在我必须在米尔布雷寻找咖啡馆。用户要求‘不错’的咖啡馆，所以我将搜索评分在 4 星或更高的地方。”

   • Act: Call the google Places tool with query="coffee shop in Millbrae, CA", minrating=4.0. (This is context engineering - it automatically created a new, focused search query from the previous step's output).

     行动：调用 Google Places 工具，查询条件为 query="coffee shop in Millbrae, CA", minrating=4.0。（这就是上下文工程——它根据上一步的输出自动创建了一个全新的、聚焦的搜索查询）。

   • Observe: "The search returns 'Millbrae Coffee' and 'The Daily Grind'."

     观察：“搜索结果返回了‘Millbrae Coffee’和‘The Daily Grind’。”

3. Think: "I will synthesize these results and present them to the user."

   思考：“我将综合这些结果并展示给用户。”

This strategic planning also enables proactive assistance, like an agent that reads a long flight confirmation email, engineers the key context (flight number, date), and acts by adding it to your calendar.

这种战略规划还支持主动辅助，例如智能体阅读一封长篇航班确认邮件，提取关键上下文（航班号、日期），并采取行动将其添加到你的日历中。

Level 3: The Collaborative Multi-Agent System（3 级：协作式多智能体系统）

At the highest level, the paradigm shifts entirely. We move away from building a single, all-powerful "super-agent" and toward a "team of specialists" working in concert, a model that directly mirrors a human organization. The system's collective strength lies in this division of labor.

在最高级别，范式发生了彻底转变。我们不再致力于构建一个单一且无所不能的“超级智能体”，而是转向一个协作工作的“专家团队”，这种模式直接镜像了人类组织。系统的集体力量在于这种分工协作。

Here, agents treat other agents as tools. Imagine a "Project Manager" agent receiving a "Mission": "Launch our new 'Solaris' headphones."

在这里，智能体将其他智能体视为工具。想象一个“项目经理”智能体收到一项“任务”：“发布我们全新的‘Solaris’耳机。”

The Project Manager agent doesn't do the entire work itself. It Acts by creating new Missions for its team of specialized agents much like how it works in the real life:

项目经理智能体不会自己完成所有工作。它通过为专业智能体团队创建新任务来采取行动，就像现实生活中的运作方式一样：

1. Delegates to MarketResearchAgent: "Analyze competitor pricing for noise-canceling headphones. Return a summary document by tomorrow."

   委派给市场研究智能体：“分析降噪耳机的竞争对手定价。明天前提交一份摘要文档。”

2. Delegates to MarketingAgent: "Draft three versions of a press release using the 'Solaris' product spec sheet as context."

   委派给营销智能体：“以‘Solaris’产品规格表为背景，起草三个版本的辅助新闻稿。”

3. Delegates to WebDevAgent: "Generate the new product page HTML based on the attached design mockups."

   委派给网页开发智能体：“根据附带的设计原型生成新产品页面的 HTML。”

This collaborative model, while currently constrained by the reasoning limitations of today's LMs, represents the frontier of automating entire, complex business workflows from start to finish.

这种协作模型虽然目前受到当今语言模型推理能力的限制，但代表了从头到尾自动化整个复杂业务工作流的前沿领域。

Level 4: The Self-Evolving System（4 级：自我进化系统）

Level 4 represents a profound leap from delegation to autonomous creation and adaptation. At this level, an agentic system can identify gaps in its own capabilities and dynamically create new tools or even new agents to fill them. It moves from using a fixed set of resources to actively expanding them.

4 级代表了从委派到自主创建与适应的深刻飞跃。在这一级别，智能体系统可以识别自身能力的差距，并动态地创建新工具甚至新智能体来填补这些差距。它从使用固定资源转向主动扩展资源。

Following our example, the "Project Manager" agent, tasked with the 'Solaris' launch, might realize it needs to monitor social media sentiment, but no such tool or agent exists on its team.

沿用我们的例子，负责“Solaris”发布任务的“项目经理”智能体可能会意识到它需要监测社交媒体舆情，但它的团队中目前还没有这样的工具或智能体。

1. Think (Meta-Reasoning): "I must track social media buzz for 'Solaris,' but I lack the capability."

   思考（元推理）：“我必须追踪‘Solaris’在社交媒体上的热度，但我缺乏这种能力。”

2. Act (Autonomous Creation): Instead of failing, it invokes a high-level AgentCreator tool with a new mission: "Build a new agent that monitors social media for keywords 'Solaris headphones', performs sentiment analysis, and reports a daily summary."

   行动（自主创建）：它并没有宣告失败，而是调用了一个高级的 AgentCreator（智能体创建器）工具并赋予新任务：“构建一个新的智能体，用于监测社交媒体上‘Solaris 耳机’的关键词，进行情感分析，并报告每日摘要。”

3. Observe: A new, specialized SentimentAnalysisAgent is created, tested, and added to the team on the fly, ready to contribute to the original mission.

   观察：一个新的专业化情感分析智能体被即时创建、测试并加入团队，随时准备为原始任务做出贡献。

This level of autonomy, where a system can dynamically expand its own capabilities, turns a team of agents into a truly learning and evolving organization.

这种能够动态扩展自身能力的自主水平，将智能体团队转变成了一个真正具备学习和进化能力的组织。

Core Agent Architecture: Model, Tools, and Orchestration（核心智能体架构：模型、工具与编排）

We know what an agent does and how it can scale. But how do we actually build it? The transition from concept to code lies in the specific architectural design of its three core components.

我们已经了解了智能体的功能及其扩展方式。但具体该如何构建它呢？从概念到代码的转变，在于其三大核心组件的具体架构设计。

Model: The "Brain" of your AI Agent（模型：AI 智能体的“大脑”）

The LM is the reasoning core of your agent, and its selection is a critical architectural decision that dictates your agent's cognitive capabilities, operational cost, and speed. However, treating this choice as a simple matter of picking the model with the highest benchmark score is a common path to failure. An agent's success in a production environment is rarely determined by generic academic benchmarks.

语言模型（LM）是智能体的推理核心，其选择是一项关键的架构决策，决定了智能体的认知能力、运行成本和速度。然而，将这一选择简单地视为挑选跑分最高的模型，通常是通往失败的捷径。智能体在生产环境中的成功，很少由通用的学术基准测试决定。

Real-world success demands a model that excels at agentic fundamentals: superior reasoning to navigate complex, multi-step problems and reliable tool use to interact with the world⁷.

现实世界的成功需要一个在智能体基本功方面表现出色的模型：具备卓越的推理能力以处理复杂的、多步骤的问题，以及可靠的工具使用能力以与外部世界交互⁷。

To do this well, start by defining the business problem, then test models against metrics that directly map to that outcome. If your agent needs to write code, test it on your private codebase. If it processes insurance claims, evaluate its ability to extract information from your specific document formats. This analysis must then be cross-referenced with the practicalities of cost and latency. The "best" model is the one that sits at the optimal intersection of quality, speed, and price for your specific task⁸.

为了做好这一点，首先要定义业务问题，然后根据直接对应该结果的指标来测试模型。如果你的智能体需要编写代码，就在你的私有代码库上进行测试。如果它处理保险理赔，就评估它从特定文档格式中提取信息的能力。随后，必须将此分析与成本和延迟的实际情况进行交叉参考。对于特定任务而言，“最佳”模型是处于质量、速度和价格最优交汇点上的那个模型⁸。

You may choose more than one model, a "team of specialists." You don't use a sledgehammer to crack a nut. A robust agent architecture might use a frontier model like Gemini 2.5 Pro for the heavy lifting of initial planning and complex reasoning, but then intelligently route simpler, high-volume tasks—like classifying user intent or summarizing text—to a much faster and more cost-effective model like Gemini 2.5 Flash. Model routing might be automatic or hard-coded but is a key strategy for optimizing both performance and cost⁹.

你可能会选择不止一个模型，组成一个“专家团队”。杀鸡焉用宰牛刀。一个健壮的智能体架构可能会使用像 Gemini 2.5 Pro 这样的前沿模型来处理初始规划和复杂推理等繁重工作，然后智能地将更简单、高吞吐量的任务（如分类用户意图或总结文本）路由到速度更快、性价比更高的模型（如 Gemini 2.5 Flash）。模型路由可以是自动的，也可以是硬编码的，它是优化性能和成本的关键策略⁹。

The same principle applies to handling diverse data types. While a natively multimodal model like Gemini live mode¹⁰ offers a streamlined path to processing images and audio, an alternative is to use specialized tools like the Cloud Vision API¹¹ or Speech-to-Text API¹². In this pattern, the world is first converted to text, which is then passed to a language-only model for reasoning. This adds flexibility and allows for best-of-breed components, but also introduces significant complexity.

同样的原则也适用于处理各种数据类型。虽然像 Gemini Live 模式¹⁰ 这样的原生多模态模型提供了处理图像和音频的精简路径，但另一种方案是使用专用工具，如 Cloud Vision API¹¹ 或 Speech-to-Text API¹²。在这种模式下，现实世界首先被转换为文本，然后传递给纯语言模型进行推理。这增加了灵活性并允许使用最优秀的组件，但也引入了显著的复杂性。

Finally, the AI landscape is in a state of constant, rapid evolution. The model you choose today will be superseded in six months. A "set it and forget it" mindset is unsustainable. Building for this reality means investing in a nimble operational framework—an "Agent Ops" practice¹³. With a robust CI/CD pipeline that continuously evaluates new models against your key business metrics, you can de-risk and accelerate upgrades, ensuring your agent is always powered by the best brain available without requiring a complete architectural overhaul.

最后，AI 领域处于持续且快速的演进中。你今天选择的模型在六个月后就会被取代。“一劳永逸”的心态是不可持续的。针对这一现实进行构建意味着要投入精力建立一个敏捷的运行框架——即“Agent Ops”（智能体运维）实践¹³。通过一个持续根据关键业务指标评估新模型的健壮 CI/CD 流水线，你可以降低风险并加速升级，确保你的智能体始终由可用的最佳“大脑”驱动，而无需进行彻底的架构重组。

Tools: The "Hands" of your AI Agent（工具：AI 智能体的“双手”）

If the model is the agent's brain, tools are the hands that connect its reasoning to reality. They allow the agent to move beyond its static training data to retrieve real-time information and take action in the world. A robust tool interface is a three-part loop: defining what a tool can do, invoking it, and observing the result.

如果模型是智能体的大脑，工具就是将推理与现实连接起来的双手。它们使智能体能够超越其静态的训练数据，以获取实时信息并在现实世界中采取行动。一个稳健的工具接口是一个由三部分组成的循环：定义工具的功能、调用工具以及观察结果。

Here are a few of the main types of tools agent builders will put into the "hands" of their agents. For a more complete deep dive see the agent tools focused whitepaper in this series.

以下是智能体构建者会赋予其智能体“手中”的几种主要工具类型。如需更全面的深入探讨，请参阅本系列中专门针对智能体工具的白皮书。

Retrieving Information: Grounding in Reality（获取信息：立足现实）

The most foundational tool is the ability to access up-to-date information. Retrieval-Augmented Generation (RAG) gives the agent a "library card" to query external knowledge, often stored in Vector Databases or Knowledge Graphs, ranging from internal company documents to web knowledge via Google Search. For structured data, Natural Language to SQL (NL2SQL) tools allow the agent to query databases to answer analytic questions like, "What were our top-selling products last quarter?" By looking things up before speaking—whether in a document or a database—the agent grounds itself in fact, dramatically reducing hallucinations.

最基础的工具是获取最新信息的能力。检索增强生成 (RAG) 赋予了智能体一张“借书证”，用以查询外部知识（通常存储在向量数据库或知识图谱中），范围涵盖公司内部文档到通过 Google 搜索获取的网络知识。对于结构化数据，自然语言转 SQL (NL2SQL) 工具允许智能体查询数据库以回答分析性问题，例如“上季度我们最畅销的产品是什么？”通过在发言前查阅资料——无论是文档还是数据库——智能体能够立足于事实，显著减少幻觉。

Executing Actions: Changing the World（执行动作：改变世界）

The true power of agents is unleashed when they move from reading information to actively doing things. By wrapping existing APIs and code functions as tools, an agent can send an email, schedule a meeting, or update a customer record in ServiceNow. For more dynamic tasks, an agent can write and execute code on the fly. In a secure sandbox, it can generate a SQL query or a Python script to solve a complex problem or perform a calculation, transforming it from a knowledgeable assistant into an autonomous actor¹⁴.

当智能体从读取信息转向主动执行任务时，其真正的力量才得以释放。通过将现有的 API 和代码函数封装为工具，智能体可以发送电子邮件、安排会议或更新 ServiceNow 中的客户记录。对于更具动态性的任务，智能体可以即时编写并执行代码。在安全沙箱中，它可以生成 SQL 查询或 Python 脚本来解决复杂问题或进行计算，从而从博学的助手转变为自主的执行者¹⁴。

This also includes tools for human interaction. An agent can use a Human in the Loop (HITL) tool to pause its workflow and ask for confirmation (e.g., ask_for Confirmation()) or request specific information from a user interface (e.g., ask_for_date_input)), ensuring a person is involved in critical decisions. HITL could be implemented via SMS text messaging and a task in a database.

这也包括用于人类交互的工具。智能体可以使用“人机协同”(HITL) 工具来暂停其工作流并请求确认（例如 ask_for Confirmation()），或从用户界面请求特定信息（例如 ask_for_date_input），从而确保人类参与关键决策。HITL 可以通过短信服务和数据库中的任务来实现。

Function Calling: Connecting Tools to your Agent（函数调用：将工具连接到智能体）

For an agent to reliably do "function calling" and use tools, it needs clear instructions, secure connections, and orchestration¹⁵. Longstanding standards like the OpenAPI specification provide this, giving the agent a structured contract that describes a tool's purpose, its required parameters, and its expected response. This schema lets the model generate the correct function call every time and interpret the API response. For simpler discovery and connection to tools, open standards like the Model Context Protocol (MCP) have become popular because they are more convenient¹⁶. Additionally, a few models have native tools, like Gemini with native Google Search, where the function invocation happens as part of the LM call itself¹⁷.

为了让智能体可靠地进行“函数调用”并使用工具，它需要清晰的指令、安全的连接和编排¹⁵。长期存在的标准（如 OpenAPI 规范）提供了这一点，为智能体提供了一个结构化的契约，描述了工具的用途、所需参数以及预期响应。这种模式让模型每次都能生成正确的函数调用并解析 API 响应。为了更简单地发现和连接工具，像模型上下文协议 (MCP) 这样的开放标准因其便利性而变得流行¹⁶。此外，少数模型拥有原生工具，例如带有原生 Google 搜索的 Gemini，其函数调用作为语言模型调用本身的一部分发生¹⁷。

The Orchestration Layer（编排层）

If the model is the agent's brain and the tools are its hands, the orchestration layer is the central nervous system that connects them. It is the engine that runs the "Think, Act, Observe" loop, the state machine that governs the agent's behavior, and the place where a developer's carefully crafted logic comes to life. This layer is not just plumbing; it is the conductor of the entire agentic symphony, deciding when the model should reason, which tool should act, and how the results of that action should inform the next movement.

如果模型是智能体的大脑，工具是它的双手，那么编排层就是连接它们的决策中枢（中枢神经系统）。它是驱动“思考、行动、观察”循环的引擎，是管理智能体行为的状态机，也是开发者精心设计的逻辑变为现实的地方。这一层不仅仅是管道；它是整个智能体交响乐的指挥者，决定了模型何时进行推理、哪个工具应当执行动作，以及该动作的结果如何影响接下来的运行。

Core Design Choices（核心设计选择）

The first architectural decision is determining the agent's degree of autonomy. The choice exists on a spectrum. At one end, you have deterministic, predictable workflows that call an LM as a tool for a specific task—a sprinkle of AI to augment an existing process. At the other end, you have the LM in the driver's seat, dynamically adapting, planning and executing tasks to achieve a goal.

第一个架构决策是确定智能体的自主程度。这种选择存在于一个范围上。一端是确定性的、可预测的工作流，仅将语言模型作为执行特定任务的工具调用——即通过少量 AI 来增强现有流程。另一端则是让语言模型处于驾驶员的位置，动态地适应、规划并执行任务以达成目标。

A parallel choice is the implementation method. No-code builders offer speed and accessibility, empowering business users to automate structured tasks and build simple agents rapidly. For more complex, mission-critical systems, code-first frameworks, such as Google's Agent Development Kit (ADK)¹⁸, provide the deep control, customizability, and integration capabilities that engineers require.

与之并行的选择是实现方法。无代码构建器提供了速度和易用性，赋能业务用户自动化结构化任务并快速构建简单智能体。对于更复杂、任务关键型的系统，代码优先的框架（例如 Google 的 Agent Development Kit (ADK)¹⁸）提供了工程师所深度控制、可定制化以及集成能力。

Regardless of the approach, a production-grade framework is essential. It must be open, allowing you to plug in any model or tool to prevent vendor lock-in. It must provide precise control, enabling a hybrid approach where the non-deterministic reasoning of an LM is governed by hard-coded business rules. Most importantly, the framework must be built for observability. When an agent behaves unexpectedly, you cannot simply put a breakpoint in the model's "thought." A robust framework generates detailed traces and logs, exposing the entire reasoning trajectory: the model's internal monologue, the tool it chose, the parameters it generated, and the result it observed.

无论采用哪种方法，生产级框架都至关重要。它必须是开放的，允许你插入任何模型或工具以防止供应商锁定。它必须提供精确的控制，支持一种混合方案，即语言模型的非确定性推理受硬编码的业务规则约束。最重要的是，框架必须为可观测性而构建。当智能体表现异常时，你不能简单地在模型的“思想”中设置断点。一个稳健的框架会生成详细的追踪和日志，揭示整个推理轨迹：模型的内心独白、它选择的工具、它生成的参数以及它观察到的结果。

Instruct with Domain Knowledge and Persona（利用领域知识和人格设定进行引导）

Within this framework, the developer's most powerful lever is to instruct the agent with domain knowledge and a distinct persona. This is accomplished through a system prompt or a set of core instructions. This isn't just a simple command; it is the agent's constitution.

在这个框架内，开发者最有力的杠杆是利用领域知识和独特的人格设定来引导智能体。这是通过系统提示词或一组核心指令完成的。这不仅仅是一个简单的命令；它是智能体的宪法。

Here, you tell it, You are a helpful customer support agent for Acme Corp, ... and provide constraints, desired output schema, rules of engagement, a specific tone of voice, and explicit guidance on when and why it should use its tools. A few example scenarios in the instructions are usually very effective.

在这里，你会告诉它：“你是 Acme 公司的得力客户服务助手……”，并提供约束条件、预期的输出模式、交互规则、特定的语气，以及关于何时及为何应使用其工具的明确指导。在指令中加入一些场景示例通常非常有效。

Augment with Context（通过上下文进行增强）

The agent's "memory" is orchestrated into the LM context window at runtime. For a more complete deep dive see the agent memory focused whitepaper in this series.

智能体的“记忆”在运行时被编排进语言模型的上下文窗口中。如需更全面的深入探讨，请参阅本系列中专门针对智能体记忆的白皮书。

Short-term memory is the agent's active "scratchpad," maintaining the running history of the current conversation. It tracks the sequence of (Action, Observation) pairs from the ongoing loop, providing the immediate context the model needs to decide what to do next. This may be implemented as abstractions like state, artifacts, sessions or threads.

短期记忆是智能体的活跃“草稿纸”，维护着当前对话的运行历史。它记录了当前循环中（行动，观察）对的序列，为模型决定下一步该做什么提供即时上下文。这可以通过状态、中间产物、会话或线程等抽象方式来实现。

Long-term memory provides persistence across sessions. Architecturally, this is almost always implemented as another specialized tool—a RAG system connected to a vector database or search engine. The orchestrator gives the agent the ability to pre-drop and to actively query its own history, allowing it to "remember" a user's preferences or the outcome of a similar task from weeks ago for a truly personalized and continuous experience.[19]

长期记忆提供了跨会话的持久性。在架构上，这几乎总是作为另一个专门的工具来实现——一个连接到向量数据库或搜索引擎的 RAG 系统。编排器赋予智能体预存并主动查询自身历史记录的能力，使其能够“记住”用户的偏好或几周前类似任务的结果，从而实现真正的个性化和连续体验。[19]

Multi-Agent Systems and Design Patterns（多智能体系统与设计模式）

As tasks grow in complexity, building a single, all-powerful "super-agent" becomes inefficient. The more effective solution is to adopt a "team of specialists" approach, which mirrors a human organization. This is the core of a multi-agent system: a complex process is segmented into discrete sub-tasks, and each is assigned to a dedicated, specialized AI agent. This division of labor allows each agent to be simpler, more focused, and easier to build, test, and maintain, which is ideal for dynamic or long-running business processes.

随着任务复杂性的增加，构建一个单一且全能的“超级智能体”会变得效率低下。更有效的解决方案是采用“专家团队”的方法，这模仿了人类组织的结构。这就是多智能体系统的核心：将复杂的流程分割成离散的子任务，并将每个子任务分配给专门的 AI 智能体。这种分工使得每个智能体可以更加简单、专注，并且更易于构建、测试和维护，非常适合处理动态或长期运行的业务流程。

Architects may rely on proven agentic design patterns, though agent capabilities and thus patterns are evolving rapidly.[20] For dynamic or non-linear tasks, the Coordinator pattern is essential. It introduces a "manager" agent that analyzes a complex request, segments the primary task, and intelligently routes each sub-task to the appropriate specialist agent (like a researcher, a writer, or a coder). The coordinator then aggregates the responses from each specialist to formulate a final, comprehensive answer.

架构师可以依赖经过验证的智能体设计模式，尽管智能体的能力以及随之而来的模式正在迅速演变。[20] 对于动态或非线性任务，协调者（Coordinator）模式至关重要。它引入了一个“管理”智能体，负责分析复杂的请求、拆解主任务，并智能地将每个子任务路由给合适的专家智能体（如研究员、作者或程序员）。随后，协调者汇总来自各专家的响应，以制定最终的全面答案。

Figure 3: The "iterative refinement" pattern from https://cloud.google.com/architecture/choose-design-pattern-agentic-ai-system

For more linear workflows, the Sequential pattern is a better fit, acting like a digital assembly line where the output from one agent becomes the direct input for the next. Other key patterns focus on quality and safety. The Iterative Refinement pattern creates a feedback loop, using a "generator" agent to create content and a "critic" agent to evaluate it against quality standards. For high-stakes tasks, the Human-in-the-Loop (HITL) pattern is critical, creating a deliberate pause in the workflow to get approval from a person before an agent takes a significant action.

对于更线性的工作流，顺序（Sequential）模式更为合适，其运作方式类似于数字流水线，一个智能体的输出直接成为下一个智能体的输入。其他关键模式侧重于质量和安全性。迭代优化（Iterative Refinement）模式创建了一个反馈循环，使用“生成”智能体创建内容，并由“评审”智能体根据质量标准对其进行评估。对于高风险任务，人机协同（HITL）模式至关重要，它在工作流中设置了刻意的暂停，以便在智能体采取重大行动之前获得人员的批准。

Agent Deployment and Services（智能体部署与服务）

After you have built a local agent, you will want to deploy it to a server where it runs all the time and where other people and agents can use it. Continuing our analogy, deployment and services would be the body and legs for our agent. An agent requires several services to be effective, session history and memory persistence, and more. As an agent builder, you will also be responsible for deciding what you log, and what security measures you take for data privacy and data residency and regulation compliance. All of these services are in scope, when deploying agents to production.

在构建好本地智能体后，你会希望将其部署到服务器上，使其能够持续运行并供其他人或其他智能体使用。延续我们的类比，部署和服务将是智能体的“躯干和双腿”。一个智能体需要若干服务才能有效运行，包括会话历史、记忆持久化等。作为智能体构建者，你还需要负责决定记录哪些日志，以及为数据隐私、数据驻留和法规合规采取哪些安全措施。在将智能体部署到生产环境时，所有这些服务都在考虑范畴之内。

Luckily, agent builders can rely on decades of application hosting infrastructure. Agents are a new form of software after all and many of the same principles apply. Builders can rely on purpose-built, agent specific, deployment options like Vertex AI Agent Engine which support runtime and everything else in one platform²¹. For software developers who want to control their application stacks more directly, or deploy agents within their existing DevOps infrastructure, any agent and most agent services can be added to a docker container and deployed onto industry standard runtimes like Cloud Run or GKE²².

幸运的是，智能体构建者可以依托数十年来积累的应用程序托管基础设施。毕竟，智能体是一种新型软件，许多相同的原则依然适用。构建者可以依靠专门为智能体设计的部署选项，例如 Vertex AI Agent Engine，它在一个平台中支持运行环境及所有其他功能²¹。对于希望更直接地控制应用栈，或在现有 DevOps 基础设施中部署智能体的软件开发者，任何智能体及大多数智能体服务都可以添加到 Docker 容器中，并部署到 Cloud Run 或 GKE 等行业标准运行时上²²。

Figure 4: Vertex AI Agent builder from https://cloud.google.com/vertex-ai/generative-ai/docs/agent-engine/overview

If you are not a software developer and a DevOps expert, the process of deploying your first agent might be daunting. Many agent frameworks make this easy with a deploy command or a dedicated platform to deploy the agent, and these should be used for early exploration and onboarding. Ramping up to a secure and production ready environment will usually require a bigger investment of time and application of best practices, including CI/CD and automated testing for your agents $^{23}$ .

如果你不是软件开发人员或 DevOps 专家，部署第一个智能体的过程可能会令人畏缩。许多智能体框架通过部署命令或专用平台简化了这一过程，这些工具应被用于早期的探索和入门。过渡到安全且具备生产能力的环节通常需要投入更多的时间并应用最佳实践，包括针对智能体的 CI/CD 和自动化测试$^{23}$。

Agent Ops: A Structured Approach to the Unpredictable（Agent Ops：应对不可预测性的结构化方法）

As you build your first agents, you will be manually testing the behavior, over and over again. When you add a feature, does it work? When you fix a bug, did you cause a different problem? Testing is normal for software development but it works differently with generative AI.

在构建第一个智能体时，你会一遍又一遍地手动测试其行为。当你添加一个功能时，它能正常工作吗？当你修复一个漏洞时，是否引发了另一个问题？测试在软件开发中是常态，但在生成式 AI 领域，它的运作方式有所不同。

The transition from traditional, deterministic software to stochastic, agentic systems requires a new operational philosophy. Traditional software unit tests could simply assert output  $==$  expected; but that doesn't work when an agent's response is probabilistic by design. Also, because language is complicated, it usually requires a LM to evaluate "quality" - that the agent's response does all of what it should, nothing it shouldn't, and with proper tone.

从传统的、确定性的软件转向随机的、智能体系统，需要一种新的运营理念。传统软件的单元测试只需断言“输出 $==$ 预期”；但这在智能体响应被设计为概率性的情况下不再奏效。此外，由于语言是复杂的，通常需要另一个语言模型（LM）来评估“质量”——即智能体的回答是否完成了所有该做的事，没有做不该做的事，且语气得当。

Figure 5: Relationships between the operational domains of DevOps, MLOps, and GenAIOps from https://medium.com/@sokratis.kartakis/genai-in-production-mlops-or-genaiops-25691c9becd0

Agent Ops is the disciplined, structured approach to managing this new reality. It is a natural evolution of DevOps and MLOps, tailored for the unique challenges of building, deploying, and governing AI agents, turning unpredictability from a liability into a managed, measurable, and reliable feature.[24] For a more complete deep dive see the agent quality focused whitepaper in this series.

Agent Ops 是管理这一新现实的一种严谨、结构化的方法。它是 DevOps 和 MLOps 的自然演进，专为构建、部署和管理 AI 智能体所带来的独特挑战而定制，将不可预测性从一种负担转变为一种可控、可衡量且可靠的特性。[24] 如需更全面的深入探讨，请参阅本系列中专门针对智能体质量的白皮书。

Measure What Matters: Instrumenting Success Like an A/B Experiment（衡量关键指标：像 A/B 测试一样量化成功）

Before you can improve your agent, you must define what "better" means in the context of your business. Frame your observability strategy like an A/B test and ask yourself: what are the Key Performance Indicators (KPIs) that prove the agent is delivering value? These metrics should go beyond technical correctness and measure real-world impact: goal completion rates, user satisfaction scores, task latency, operational cost per interaction, and—most importantly—the impact on business goals like revenue, conversion or customer retention. This top-down view will guide the rest of your testing, puts you on the path to metrics driven development, and will let you calculate a return on investment.

在改进智能体之前，你必须根据业务背景定义何为“更好”。像 A/B 测试一样制定你的可观测性策略，并问自己：哪些关键绩效指标 (KPI) 能够证明智能体正在创造价值？这些指标应超越技术正确性，转而衡量现实世界的影响：目标完成率、用户满意度评分、任务延迟、单次交互的运营成本，以及最重要的——对收入、转化率或客户留存等业务目标的影响。这种自顶向下的视角将指导你后续的所有测试，让你走上指标驱动开发的道路，并允许你计算投资回报率。

Quality Instead of Pass/Fail: Using a LM Judge（质量胜于对错：使用语言模型作为裁判）

Business metrics don't tell you if the agent is behaving correctly. Since a simple pass/fail is impossible, we shift to evaluating for quality using an "LM as Judge." This involves using a powerful model to assess the agent's output against a predefined rubric: Did it give the right answer? Was the response factually grounded? Did it follow instructions? This automated evaluation, run against a golden dataset of prompts, provides a consistent measure of quality.

业务指标并不能告诉你智能体的行为是否正确。由于简单的“通过/失败”判定是不可能的，我们转向使用“语言模型作为裁判 (LM as Judge)”来进行质量评估。这涉及使用一个强大的模型，根据预定义的细则评估智能体的输出：它给出了正确的答案吗？回答是否有事实依据？它遵循指令了吗？这种针对提示词“黄金数据集”运行的自动化评估，提供了一种衡量质量的一致标准。

Creating the evaluation datasets—which include the ideal (or "golden") questions and correct responses—can be a tedious process. To build these, you should sample scenarios from existing production or development interactions with the agent. The dataset must cover the full breadth of use cases that you expect your users to engage with, plus a few unexpected ones. While investment in evaluation pays off quickly, evaluation results should always be reviewed by a domain expert before being accepted as valid. Increasingly, the curation and maintenance of these evaluations is becoming a key responsibility for Product Managers with the support from Domain experts.

创建评估数据集（包括理想的或“黄金”问题及其正确回答）可能是一个乏味的过程。为了构建这些数据集，你应该从智能体现有的生产或开发交互中提取场景样本。数据集必须涵盖你预期用户会涉及的所有用例，以及一些意料之外的用例。虽然在评估方面的投入很快就会产生回报，但在评估结果被接受为有效之前，应始终由领域专家进行审核。这些评估的策划和维护正日益成为产品经理在领域专家支持下的一项关键职责。

Metrics-Driven Development: Your Go/No-Go for Deployment（指标驱动开发：部署的“绿灯/红灯”）

Once you have automated dozens of evaluation scenarios and established trusted quality scores, you can confidently test changes to your development agent. The process is simple: run the new version against the entire evaluation dataset, and directly compare its scores to the existing production version. This robust system eliminates guesswork, ensuring you are confident in every deployment. While automated evaluations are critical, don't forget other important factors like latency, cost, and task success rates. For maximum safety, use A/B deployments to slowly roll out new versions and compare these real-world production metrics alongside your simulation scores.

一旦你实现了数十个评估场景的自动化并建立了可信的质量评分，你就可以充满信心地测试开发版智能体的变更。这个过程很简单：针对整个评估数据集运行新版本，并将其得分与现有的生产版本直接对比。这种稳健的系统消除了凭空猜想，确保你在每次部署时都底气十足。虽然自动化评估至关重要，但也不要忽视延迟、成本和任务成功率等其他重要因素。为了最大程度地保证安全，请采用 A/B 部署来缓慢推出新版本，并将这些真实的生产指标与你的模拟评分进行横向对比。

Debug with OpenTelemetry Traces: Answering "Why?"（利用 OpenTelemetry 追踪进行调试：回答“为什么？”）

When your metrics dip or a user reports a bug, you need to understand "why." An OpenTelemetry trace is a high-fidelity, step-by-step recording of the agent's entire execution path (trajectory), allowing you to debug the agent's steps.[25] With traces, you can see the exact prompt sent to the model, the model's internal reasoning (if available), the specific tool it chose to call, the precise parameters it generated for that tool, and the raw data that came back as an observation. Traces can be complicated the first time you look at them but they provide the details needed to diagnose and fix the root cause of any issue. Important trace details may be turned into metrics, but reviewing traces is primarily for debugging, not overviews of performance. Trace data can be seamlessly collected in platforms like Google Cloud Trace, which visualize and search across vast quantities of traces, streamlining root cause analysis.

当指标下降或用户反馈漏洞时，你需要理解“为什么”。OpenTelemetry 追踪是对智能体整个执行路径（轨迹）的高保真、逐步记录，让你能够对智能体的步骤进行调试。[25] 通过追踪，你可以看到发送给模型的准确提示词、模型的内心推理（如果可用）、它选择调用的具体工具、它为该工具生成的精确参数，以及作为“观察”返回的原始数据。第一次看追踪数据可能会觉得复杂，但它们提供了诊断并修复任何问题根源所需的细节。重要的追踪细节可能会转化为指标，但查看追踪记录主要用于调试，而非性能概览。追踪数据可以在 Google Cloud Trace 等平台中无缝收集，这些平台可以对海量追踪进行可视化和搜索，从而简化根源分析。

Cherish Human Feedback: Guiding Your Automation（珍视人类反馈：引导你的自动化）

Human feedback is not an annoyance to be dealt with; it is the most valuable and data-rich resource you have for improving your agent. When a user files a bug report or clicks the "thumbs down" button, they are giving you a gift: a new, real-world edge case that your automated eval scenarios missed. Collecting and aggregating this data is critical; when you see a statistically significant number of similar reports or metric dips, you must tie the occurrences back to your analytics platform to generate insights and trigger alerts for operational issues. An effective Agent Ops process "closes the loop" by capturing this feedback, replicating the issue, and converting that specific scenario into a new, permanent test case in your evaluation dataset. This ensures you not only fix the bug but also vaccinate the system against that entire class of error ever happening again.

人类反馈不是需要应付的烦恼；它是你改进智能体最宝贵、数据量最丰富的资源。当用户提交错误报告或点击“踩”按钮时，他们是在送你一份礼物：一个你的自动化评估场景遗漏的全新、真实的边界案例。收集并汇总这些数据至关重要；当你看到具有统计学意义的类似报告或指标下降时，你必须将这些事件关联回你的分析平台，以产生洞察并触发运营问题告警。一个有效的 Agent Ops 流程通过捕获此类反馈、复现问题并将该特定场景转化为评估数据集中的新永久测试案例，从而实现“闭环”。这能确保你不仅修复了漏洞，还为系统接种了疫苗，防止整类错误再次发生。

Agent Interoperability（智能体互操作性）

Once you build your high quality agents, you want to be able to interconnect them with users and other agents. In our body parts analogy, this would be the face of the Agent. There is a difference between connecting to agents versus connecting agents with data and APIs; Agents are not tools $^{26}$ . Let's assume you already have tools wired into your agents, now let's consider how you bring your agents into a wider ecosystem.

一旦你构建了高质量的智能体，你会希望能够将它们与用户及其他智能体互连。在我们的身体部位类比中，这就是智能体的“面部”。连接到智能体与将智能体连接到数据和 API 是有区别的；智能体本身并不是工具 $^{26}$。假设你已经在智能体中接入了工具，现在让我们考虑如何将你的智能体带入更广泛的生态系统。

Agents and Humans（智能体与人类）

The most common form of agent-human interaction is through a user interface. In its simplest form, this is a chatbot, where a user types a request and the agent, acting as a backend service, processes it and returns a block of text. More advanced agents can provide structured data, like JSON, to power rich, dynamic front-end experiences. Human in the loop (HITL) interaction patterns include intent refinement, goal expansion, confirmation, and clarification requests.

最常见的智能体与人类交互形式是通过用户界面。在其最简单的形式中，这是一个聊天机器人，用户输入请求，智能体作为后端服务对其进行处理并返回一段文本。更高级的智能体可以提供结构化数据（如 JSON），以驱动丰富、动态的前端体验。人机协同 (HITL) 交互模式包括意图细化、目标扩展、确认和澄清请求。

Computer use is a category of tool where the LM takes control of a user interface, often with human interaction and oversight. A computer use enabled agent can decide that the next best action is to navigate to a new page, highlight a specific button, or pre-fill a form with relevant information²⁷.

计算机使用（Computer use）是一类特殊的工具，语言模型借此控制用户界面，通常伴有人类交互和监督。具备计算机使用能力的智能体可以决定接下来的最佳行动是导航到新页面、高亮显示特定按钮或用相关信息预填表单²⁷。

Instead of an agent using an interface on behalf of the user, the LM can change the UI to meet the needs of the moment. This can be done with Tools which control UI (MCP UI)²⁸, or specialized UI messaging systems which can sync client state with an agent (AG UI)²⁹, and even generation of bespoke interfaces (A2UI)³⁰.

除了智能体代表用户使用界面外，语言模型还可以更改界面以满足当下的需求。这可以通过控制 UI 的工具 (MCP UI)²⁸、可与智能体同步客户端状态的专用 UI 消息系统 (AG UI)²⁹，甚至是生成定制化的界面 (A2UI)³⁰ 来实现。

Of course, human interaction is not limited to screens and keyboards. Advanced agents are breaking the text barrier and moving into real-time, multimodal communication with "live mode" creating a more natural, human-like connection. Technologies like the Gemini Live API³¹ enable bidirectional streaming, allowing a user to speak to an agent and interrupt it, just as they would in a natural conversation.

当然，人类交互不限于屏幕和键盘。先进的智能体正在打破文本壁垒，通过“Live 模式”进入实时、多模态的交流，创造出更自然、更像人类的连接。像 Gemini Live API³¹ 这样的技术支持双向流式传输，允许用户与智能体对话并随时打断，就像在自然对话中一样。

This capability fundamentally changes the nature of agent-human collaboration. With access to a device's camera and microphone, the agent can see what the user sees and hear what they say, responding with generated speech at a latency that mimics human conversation.

这种能力从根本上改变了人机协作的本质。通过访问设备的摄像头和麦克风，智能体可以看到用户所见并听到用户所言，以模仿人类交谈的延迟做出语音回应。

This opens up a vast array of use cases that are simply impossible with text, from a technician receiving hands-free guidance while repairing a piece of equipment to a shopper getting real-time style advice. It makes the agent a more intuitive and accessible partner.

这开启了大量文本交流无法实现的用例，从技术人员在修理设备时获得免提指导，到购物者获得实时的穿搭建议。它使智能体成为一个更直观、更易于接触的伙伴。

Agents and Agents（智能体与智能体）

Just as agents must connect with humans, they must also connect with each other. As an enterprise scales its use of AI, different teams will build different specialized agents. Without a common standard, connecting them would require building a tangled web of brittle, custom API integrations that are impossible to maintain. The core challenge is twofold: discovery (how does my agent find other agents and know what they can do?) and communication (how do we ensure they speak the same language?).

正如智能体必须与人类连接一样，它们之间也必须能够互连。随着企业扩大 AI 的使用规模，不同的团队会构建不同的专业智能体。如果没有统一的标准，连接它们将需要构建一个由脆弱的定制 API 集成组成的乱麻网，且无法维护。核心挑战有两个方面：发现（我的智能体如何找到其他智能体并了解它们的功能？）和通信（我们如何确保它们使用相同的语言？）。

The Agent2Agent (A2A) protocol is the open standard designed to solve this problem. It acts as a universal handshake for the agentic economy. A2A allows any agent to publish a digital "business card," known as an Agent Card. This simple JSON file advertises the agent's capabilities, its network endpoint, and the security credentials required to interact with it. This makes discovery simple and standardized. As opposed to MCP which focuses on solving transactional requests, Agent 2 Agent communication is typically for additional problem solving.

Agent2Agent (A2A) 协议是专为解决这一问题而设计的开放标准。它充当了智能体经济中的“通用握手协议”。A2A 允许任何智能体发布名为“智能体卡片 (Agent Card)”的数字名片。这个简单的 JSON 文件展示了智能体的功能、其网络端点以及与其交互所需的安全性凭证。这使得发现过程变得简单且标准化。与专注于处理事务性请求的 MCP 不同，智能体间的通信通常是为了协作解决更复杂的问题。

Once discovered, agents communicate using a task-oriented architecture. Instead of a simple request-response, interactions are framed as asynchronous "tasks." A client agent sends a task request to a server agent, which can then provide streaming updates as it works on the problem over a long-running connection. This robust, standardized communication protocol is the final piece of the puzzle, enabling the collaborative, Level 3 multi-agent systems that represent the frontier of automation. A2A transforms a collection of isolated agents into a true, interoperable ecosystem.

一旦被发现，智能体就会使用面向任务的架构进行通信。交互被设定为异步的“任务”，而非简单的“请求-响应”。客户端智能体向服务端智能体发送任务请求，后者在长连接上处理问题时可以提供流式更新。这种稳健、标准化的通信协议是最后一块拼图，它支撑起协作式的“三级多智能体系统”，代表了自动化的前沿。A2A 将一群孤立的智能体转变为一个真正的、可互操作的生态系统。

Agents and Money（智能体与金钱）

As AI agents do more tasks for us, a few of those tasks involve buying or selling, negotiating or facilitating transactions. The current web is built for humans clicking "buy," the responsibility is on the human. If an autonomous agent clicks "buy" it creates a crisis of trust – if something goes wrong, who is at fault? These are complex issues of authorization, authenticity, and accountability. To unlock a true agentic economy, we need new standards that allow agents to transact securely and reliably on behalf of their users.

随着 AI 智能体为我们承担更多任务，其中一些任务涉及买卖、谈判或促成交易。目前的互联网是为人类点击“购买”而构建的，责任由人类承担。如果一个自主智能体点击了“购买”，就会引发信任危机——如果出了问题，谁该负责？这些都是关于授权、真实性和问责制的复杂问题。为了开启真正的智能体经济，我们需要新的标准，允许智能体代表其用户安全、可靠地进行交易。

This emerging area is far from established, but two key protocols are paving the way. The Agent Payments Protocol (AP2) is an open protocol designed to be the definitive language for agentic commerce. It extends protocols like A2A by introducing cryptographically-signed digital "mandates." These act as verifiable proof of user intent, creating a non-repudiable audit trail for every transaction. This allows an agent to securely browse, negotiate, and transact on a global scale based on delegated authority from the user. Complementing this is x402, an open internet payment protocol that uses the standard HTTP 402 "Payment Required" status code. It enables frictionless, machine-to-machine micropayments, allowing an agent to pay for things like API access or digital content on a pay-per-use basis without needing complex accounts or subscriptions. Together, these protocols are building the foundational trust layer for the agentic web.

这一新兴领域尚未定型，但两个关键协议正在铺平道路。智能体支付协议 (AP2) 是一个开放协议，旨在成为智能体商业的终极语言。它通过引入经加密签名的数字“授权指令 (Mandates)”扩展了 A2A 等协议。这些指令作为用户意图的可验证证据，为每笔交易创建了不可否认的审计追踪。这允许智能体根据用户的授权，在全球范围内安全地进行浏览、谈判和交易。与之互补的是 x402，这是一种利用标准 HTTP 402 “需要付款”状态码的开放互联网支付协议。它实现了无摩擦的机器对机器微支付，允许智能体按需支付 API 访问或数字内容等费用，而无需复杂的账户或订阅。这些协议共同构建了智能体网络的基础信任层。

Securing a Single Agent: The Trust Trade-Off（保护单一智能体：信任的权衡）

When you create your first AI agent, you immediately face a fundamental tension: the trade-off between utility and security. To make an agent useful, you must give it power—the autonomy to make decisions and the tools to perform actions like sending emails or querying databases. However, every ounce of power you grant introduces a corresponding measure of risk. The primary security concerns are rogue actions—unintended or harmful behaviors—and sensitive data disclosure. You want to give your agent a leash long enough to do its job, but short enough to keep it from running into traffic, especially when that traffic involves irreversible actions or your company's private data.[32]

当你创建第一个 AI 智能体时，你会立即面临一个根本性的矛盾：效用与安全性之间的权衡。为了让智能体发挥作用，你必须赋予它权力——决策的自主权以及发送电子邮件或查询数据库等执行操作的工具。然而，你赋予的每一分权力都会引入相应的风险。主要的安全性隐忧是“流氓行为”（非预期或有害的行为）以及敏感数据泄露。你希望给你的智能体系上一条足够长的牵引绳，让它能完成工作；但又要足够短，防止它冲进“车流”，尤其是当这些车流涉及不可逆的操作或公司的私有数据时。[32]

To manage this, you cannot rely solely on the AI model's judgment, as it can be manipulated by techniques like prompt injection³³. Instead, the best practice is a hybrid, defense-in-depth approach.³⁴ The first layer consists of traditional, deterministic guardrails—a set of hardcoded rules that act as a security chokepoint outside the model's reasoning. This could be a policy engine that blocks any purchase over $100 or requires explicit user confirmation before the agent can interact with an external API. This layer provides predictable, auditable hard limits on the agent's power.

为了管理这一点，你不能仅仅依赖 AI 模型的判断，因为它可能会受到提示词注入（Prompt Injection）³³ 等技术的操纵。相反，最佳实践是采用混合的“深度防御（Defense-in-depth）”方法。³⁴ 第一层由传统的、确定性的护栏组成——这是一组硬编码规则，在模型推理之外充当安全关卡。这可以是一个策略引擎，用于拦截任何超过 100 美元的购买，或者在智能体与外部 API 交互前要求用户明确确认。这一层为智能体的权力提供了可预测、可审计的硬性限制。

The second layer leverages reasoning-based defenses, using AI to help secure AI. This involves training the model to be more resilient to attacks (adversarial training) and employing smaller, specialized "guard models" that act like security analysts. These models can examine the agent's proposed plan before it's executed, flagging potentially risky or policy-violating steps for review. This hybrid model, combining the rigid certainty of code with the contextual awareness of AI, creates a robust security posture for even a single agent, ensuring its power is always aligned with its purpose.

第二层利用基于推理的防御，即“用 AI 保护 AI”。这包括通过训练使模型对攻击更具韧性（对抗性训练），并聘用更小的、专门的“护卫模型（Guard Models）”，它们就像安全分析师一样工作。这些模型可以在智能体的拟定计划执行前对其进行检查，标记出潜在风险或违反策略的步骤以供审核。这种混合模式将代码的刚性确定性与 AI 的上下文感知相结合，即使是对单一智能体也能建立起稳健的安全态势，确保其权力始终与其目的保持一致。

Agent Identity: A New Class of Principal（智能体身份：一种新型主体）

In the traditional security model, there are human users which might use OAuth or SSO, and there are services which use IAM or service accounts. Agents add a 3rd category of principle. An agent is not merely a piece of code; it is an autonomous actor, a new kind of principal that requires its own verifiable identity. Just as employees are issued an ID badge, each agent on the platform must be issued a secure, verifiable "digital passport." This Agent Identity is distinct from the identity of the user who invoked it and the developer who built it. This is a fundamental shift in how we must approach Identity and Access Management (IAM) in the enterprise.

在传统的安全模型中，存在可能使用 OAuth 或 SSO 的“人类用户”，以及使用 IAM 或服务账号的“服务”。智能体增加了第三类主体（Principal）。智能体不仅仅是一段代码；它是一个自主的参与者，一种需要自身可验证身份的新型主体。正如员工会被发放工卡一样，平台上的每个智能体都必须被发放一份安全、可验证的“数字护照”。这种“智能体身份”与调用它的用户身份以及构建它的开发者身份是截然不同的。这是我们处理企业级身份与访问管理（IAM）方式的根本性转变。

Having each identity be verified and having access controls for all of them, is the bedrock of agent security. Once an agent has a cryptographically verifiable identity (often using standards like SPIFFE³⁵), it can be granted its own specific, least-privilege permissions. The SalesAgent is granted read/write access to the CRM, while the HRonboardingAgent is explicitly denied. This granular control is critical. It ensures that even if a single agent is compromised or behaves unexpectedly, the potential blast radius is contained. Without an agent identity construct, agents cannot work on behalf of humans with limited delegated authority.

确保每个身份都经过验证并对所有身份进行访问控制，是智能体安全的基石。一旦智能体拥有了可进行加密验证的身份（通常使用 SPIFFE³⁵ 等标准），就可以被授予其特定的“最小特权”许可。例如，销售智能体（SalesAgent）被授予 CRM 的读写权限，而人力资源入职智能体（HRonboardingAgent）则被明确拒绝。这种粒度化的控制至关重要。它确保了即使单个智能体受到攻击或表现异常，潜在的破坏范围也是受控的。如果没有智能体身份架构，智能体就无法在受限的授权下代表人类开展工作。

<table><tr><td>Principal entity</td><td>Authentication / Verification</td><td>Notes</td></tr><tr><td>Users</td><td>Authenticated with OAuth or SSO</td><td>Human actors with full autonomy and responsibility for their actions</td></tr><tr><td>Agents (new category of principles)</td><td>Verified with SPIFFE</td><td>Agents have delegated authority, taking actions on behalf of users</td></tr><tr><td>Service accounts</td><td>Integrated into IAM</td><td>Applications and containers, fully deterministic, no responsible for actions</td></tr></table>

Table 1: A non-exhaustive example of different categories of actors for authentication

Policies to Constrain Access（约束访问的策略）

A policy is a form of authorization (AuthZ), distinct from authentication (AuthN). Typically, policies limit the capabilities of a principal; for example, "Users in Marketing can only access these 27 API endpoints and cannot execute DELETE commands." As we develop agents, we need to apply permissions to the agents, their tools, other internal agents, context they can share, and remote agents. Think about it this way: if you add all the APIs, data, tools, and agents to your system, then you must constrain access to a subset of just those capabilities required to get their jobs done. This is the recommended approach: applying the principle of least privilege while remaining contextually relevant.³⁶

策略是授权（AuthZ）的一种形式，与身份验证（AuthN）不同。通常，策略会限制主体的能力；例如，“营销部门的用户只能访问这 27 个 API 端点，且不能执行 DELETE 命令。”在开发智能体时，我们需要对智能体、它们的工具、其他内部智能体、它们可以共享的上下文以及远程智能体应用权限。可以这样想：如果你将所有的 API、数据、工具和智能体都添加到系统中，那么你必须将访问权限约束在完成工作所需的子集内。这是推荐的方法：在保持上下文相关性的同时，应用最小特权原则。³⁶

Securing an ADK Agent（保护 ADK 智能体）

With the core principles of identity and policy established, securing an agent built with the Agent Development Kit (ADK) becomes a practical exercise in applying those concepts through code and configuration³⁷.

随着身份和策略核心原则的确立，保护使用智能体开发套件（ADK）构建的智能体，就变成了通过代码和配置应用这些概念的实践练习³⁷。

As described above, the process requires a clear definition of identities: user account (for example OAuth), service account (to run code), agent identity (to use delegated authority). Once authentication is handled, the next layer of defense involves establishing policies to constrain access to services. This is often done at the API governance layer, along with governance supporting MCP and A2A services.

如前所述，该过程需要对身份进行清晰定义：用户账号（例如 OAuth）、服务账号（用于运行代码）、智能体身份（用于使用委派权限）。一旦处理完身份验证，下一层防御就涉及建立约束服务访问的策略。这通常在 API 治理层完成，并辅以支持 MCP 和 A2A 服务的治理。

The next layer is building guardrails into your tools, models, and sub-agents to enforce policies. This ensures that no matter what the LM reasons or what a malicious prompt might suggest, the tool's own logic will refuse to execute an unsafe or out-of-policy action. This approach provides a predictable and auditable security baseline, translating abstract security policies into concrete, reliable code³⁸.

下一层是在工具、模型和子智能体中构建护栏以强制执行策略。这确保了无论语言模型如何推理，或者恶意提示词如何暗示，工具自身的逻辑都会拒绝执行不安全或违反策略的操作。这种方法提供了一个可预测且可审计的安全基准，将抽象的安全策略转化为具体、可靠的代码³⁸。

For more dynamic security that can adapt to the agent's runtime behavior, ADK provides Callbacks and Plugins. A before_tool_callback allows you to inspect the parameters of a tool call before it runs, validating them against the agent's current state to prevent misaligned actions. For more reusable policies, you can build plugins. A common pattern is a "Gemini as a Judge"³⁹ that uses a fast, inexpensive model like Gemini Flash-Lite or your own fine-tuned Gemma model to screen user inputs and agent outputs for prompt injections or harmful content in real time.

为了实现能适应智能体运行时行为的更动态的安全，ADK 提供了回调（Callbacks）和插件（Plugins）。before_tool_callback 允许你在工具调用运行前检查其参数，根据智能体的当前状态对其进行验证，以防止偏离预期的操作。对于更具复用性的策略，你可以构建插件。一种常见的模式是“Gemini 作为裁判”³⁹，使用 Gemini Flash-Lite 等快速且廉价的模型，或者你自定义微调的 Gemma 模型，实时筛选用户输入和智能体输出中的提示词注入或有害内容。

For organizations that prefer a fully managed, enterprise-grade solution for these dynamic checks, Model Armor can be integrated as an optional service. Model Armor acts as a specialized security layer that screens prompts and responses for a wide range of threats, including prompt injection, jailbreak attempts, sensitive data (PII) leakage, and malicious URLs⁴⁰. By offloading these complex security tasks to a dedicated service, developers can ensure consistent, robust protection without having to build and maintain these guardrails themselves. This hybrid approach within ADK—combining strong identity, deterministic in-tool logic, dynamic AI-powered guardrails, and optional managed services like Model Armor—is how you build a single agent that is both powerful and trustworthy.

对于更青睐全托管、企业级动态检查方案的组织，可以将 Model Armor 作为可选服务进行集成。Model Armor 作为一个专门的安全层，可以针对各种威胁筛选提示词和响应，包括提示词注入、越狱尝试、敏感数据（PII）泄露以及恶意 URL⁴⁰。通过将这些复杂的安全任务交给专用服务，开发者可以确保一致且强大的保护，而无需自行构建和维护这些护栏。ADK 中的这种混合方法——结合强身份标识、工具内的确定性逻辑、动态 AI 驱动的护栏以及 Model Armor 等可选托管服务——正是构建强大且值得信赖的单一智能体的方法。

Figure 6: Security and Agents from https://saif.google/focus-on-agents

Scaling Up from a Single Agent to an Enterprise Fleet（从单一智能体扩展到企业级集群）

The production success of a single AI agent is a triumph. Scaling to a fleet of hundreds is a challenge of architecture. If you are building one or two agents, your concerns are primarily about security. If you are building many agents, you must design systems to handle much more. Just like API sprawl, when agents and tools proliferate across an organization, they create a new, complex network of interactions, data flows, and potential security vulnerabilities. Managing this complexity requires a higher-order governance layer integrating all your identities and policies and reporting into a central control plane.

单个 AI 智能体在生产环境中的成功是一个阶段性胜利。而扩展到数百个智能体的集群则是一个架构挑战。如果你只构建一两个智能体，你关注的主要是安全性。如果你正在构建许多智能体，你必须设计能够处理更多事务的系统。就像 API 泛滥一样，当智能体和工具在一个组织内激增时，它们会创造出一个新的、复杂的交互网络、数据流和潜在的安全漏洞。管理这种复杂性需要一个更高阶的治理层，将所有的身份和策略整合起来，并汇总报告到一个中央控制平面。

Security and Privacy: Hardening the Agentic Frontier（安全与隐私：巩固智能体的前沿阵地）

An enterprise-grade platform must address the unique security and privacy challenges inherent to generative AI, even when only a single agent is running. The agent itself becomes a new attack vector. Malicious actors can attempt prompt injection to hijack the agent's instructions, or data poisoning to corrupt the information it uses for training or RAG. Furthermore, a poorly constrained agent could inadvertently leak sensitive customer data or proprietary information in its responses.

一个企业级平台必须解决生成式 AI 固有的独特安全和隐私挑战，即使目前只有一个智能体在运行。智能体本身变成了一个新的攻击向量。恶意行为者可能会尝试通过提示词注入来劫持智能体的指令，或者通过数据投毒来破坏其用于训练或 RAG（检索增强生成）的信息。此外，一个约束不力的智能体可能会在回答中无意中泄露敏感客户数据或机密信息。

A robust platform provides a defense-in-depth strategy to mitigate these risks. It starts with the data, ensuring that an enterprise's proprietary information is never used to train base models and is protected by controls like VPC Service Controls. It requires input and output filtering, acting like a firewall for prompts and responses. Finally, the platform must offer contractual protections like intellectual property indemnity for both the training data and the generated output, giving enterprises the legal and technical confidence they need to deploy agents in production.

一个稳健的平台提供深度防御策略来减轻这些风险。它从数据开始，确保企业的专有信息永远不会被用于训练基础模型，并受到 VPC Service Controls 等控件的保护。它需要输入和输出过滤，充当提示词和响应的防火墙。最后，平台必须提供合同保护，例如针对训练数据和生成输出的知识产权赔偿，从而在法律和技术上给予企业将智能体部署到生产环境所需的信心。

Agent Governance: A Control Plane instead of Sprawl（智能体治理：用控制平面替代无序扩张）

As agents and their tools proliferate across an organization, they create a new, complex network of interactions and potential vulnerabilities, a challenge often called "agent sprawl." Managing this requires moving beyond securing individual agents to implementing a higher-order architectural approach: a central gateway that serves as a control plane for all agentic activity.

随着智能体及其工具在组织中激增，它们创造了一个新的、复杂的交互网络和潜在漏洞，这种挑战通常被称为“智能体泛滥”。管理这一问题需要超越对单个智能体的保护，转而实施一种更高阶的架构方法：一个作为所有智能体活动控制平面的中央网关。

Imagine a bustling metropolis with thousands of autonomous vehicles—users, agents, and tools—all moving with purpose. Without traffic lights, license plates and a central control system, chaos would reign. The gateway approach creates that control system, establishing a mandatory entry point for all agentic traffic, including user-to-agent prompts or UI interactions, agent-to-tool calls (via MCP), agent-to-agent collaborations (via A2A), and direct inference requests to LMs. By sitting at this critical intersection, an organization can inspect, route, monitor, and manage every interaction.

想象一个繁华的大都市，有成千上万辆自动驾驶汽车——用户、智能体和工具——都在有目的地移动。如果没有红绿灯、车牌和中央控制系统，混乱将占据主导。网关方法建立了该控制系统，为所有智能体流量建立了强制入口，包括用户到智能体的提示词或 UI 交互、智能体到工具的调用（通过 MCP）、智能体间的协作（通过 A2A）以及对语言模型的直接推理请求。通过处于这一关键交叉点，组织可以检查、路由、监控和管理每一次交互。

This control plane serves two primary, interconnected functions:

该控制平面服务于两个主要且互连的功能：

1. Runtime Policy Enforcement: It acts as the architectural chokepoint for implementing security. It handles authentication ("Do I know who this actor is?") and authorization ("Do they have permission to do this?"). Centralizing enforcement provides a "single pane of glass" for observability, creating common logs, metrics, and traces for every transaction. This transforms the spaghetti of disparate agents and workflows into a transparent and auditable system.

   运行时策略执行：它作为实施安全性的架构关卡。它处理身份验证（“我认识这个参与者吗？”）和授权（“他们有权限这么做吗？”）。集中执行为可观测性提供了一个“单一视图”，为每笔交易创建共同的日志、指标和追踪。这将散乱的智能体和工作流转化为一个透明且可审计的系统。

2. Centralized Governance: To enforce policies effectively, the gateway needs a source of truth. This is provided by a central registry—an enterprise app store for agents and tools. This registry allows developers to discover and reuse existing assets, preventing redundant work, while giving administrators a complete inventory. More importantly, it enables a formal lifecycle for agents and tools, allowing for security reviews before publication, versioning, and the creation of fine-grained policies that dictate which business units can access which agents.

   集中治理：为了有效地执行策略，网关需要一个事实来源。这由中央注册表提供——一个面向智能体和工具的企业应用商店。该注册表允许开发人员发现和复用现有资产，防止重复劳动，同时为管理员提供完整的库存清单。更重要的是，它实现了智能体和工具的正式生命周期管理，允许在发布前进行安全审查、版本控制，并创建细粒度的策略来规定哪些业务单元可以访问哪些智能体。

By combining a runtime gateway with a central governance registry, an organization transforms the risk of chaotic sprawl into a managed, secure, and efficient ecosystem.

通过将运行时网关与中央治理注册表相结合，组织可以将混乱扩张的风险转变为受控、安全且高效的生态系统。

Cost and Reliability: The Infrastructure Foundation（成本与可靠性：基础设施基石）

Ultimately, enterprise-grade agents must be both reliable and cost-effective. An agent that frequently fails or provides slow results has a negative ROI. Conversely, an agent that is prohibitively expensive cannot scale to meet business demands. The underlying infrastructure must be designed to manage this trade-off, securely and with regulatory and data sovereignty compliance.

最终，企业级智能体必须既可靠又具有成本效益。一个频繁失败或提供缓慢结果的智能体其投资回报率（ROI）是负的。相反，一个价格高得令人望而却步的智能体无法通过扩展来满足业务需求。底层基础设施的设计必须能够管理这种权衡，确保安全性并符合法规和数据主权的要求。

In some cases, the feature you need is scale-to-zero, when you have irregular traffic to a specific agent or sub-function. For mission-critical, latency-sensitive workloads, the platform must offer dedicated, guaranteed capacity, such as Provisioned Throughput for LM services or $99.9%$ Service Level Agreements (SLAs) for runtimes like Cloud Run⁴². This provides a predictable performance, ensuring that your most important agents are always responsive, even under heavy load. By providing this spectrum of infrastructure options, coupled with comprehensive monitoring for both cost and performance, you establish the final, essential foundation for scaling AI agents from a promising innovation into a core, reliable component of the enterprise.

在某些情况下，当你对特定智能体或子功能有不规则流量时，你需要的功能是“缩减至零（scale-to-zero）”。对于任务关键型、延迟敏感的工作负载，平台必须提供专用的、有保障的容量，例如语言模型服务的预留吞吐量，或针对 Cloud Run 等运行环境的 $99.9%$ 服务水平协议（SLA）⁴²。这提供了可预测的性能，确保你最重要的智能体即使在高负载下也始终能做出响应。通过提供这一系列基础设施选项，并配合对成本和性能的全面监控，你便建立了将 AI 智能体从一项充满前景的创新扩展为企业核心、可靠组件的最终且必要的基石。

How agents evolve and learn（智能体如何演进与学习）

Agents deployed in the real world operate in dynamic environments where policies, technologies, and data formats are constantly changing. Without the ability to adapt, an agent's performance will degrade over time—a process often called "aging"—leading to a loss of utility and trust. Manually updating a large fleet of agents to keep pace with these changes is uneconomical and slow. A more scalable solution is to design agents that can learn and evolve autonomously, improving their quality on the job with minimal engineering effort.[43]

部署在现实世界中的智能体在动态环境中运行，其中的策略、技术和数据格式不断变化。如果缺乏适应能力，智能体的性能会随着时间的推移而下降——这一过程通常被称为“老化”——导致效用和信任的丧失。手动更新庞大的智能体集群以跟上这些变化既不经济又缓慢。一个更具扩展性的解决方案是设计能够自主学习和演进的智能体，以最少的工程投入提高其在岗质量。[43]

How agents learn and self evolve（智能体如何学习和自我演进）

Much like humans, agents learn from experience and external signals. This learning process is fueled by several sources of information:

就像人类一样，智能体从经验和外部信号中学习。这一学习过程由多个信息源驱动：

• Runtime Experience: Agents learn from runtime artifacts such as session logs, traces, and memory, which capture successes, failures, tool interactions, and decision trajectories. Crucially, this includes Human-in-the-Loop (HITL) feedback, which provides authoritative corrections and guidance.

• 运行时经验：智能体从运行时产物（如会话日志、追踪和记忆）中学习，这些产物记录了成功、失败、工具交互和决策轨迹。至关重要地，这包括“人机协同”（HITL）反馈，它提供了权威的纠正和指导。

• External Signals: Learning is also driven by new external documents, such as updated enterprise policies, public regulatory guidelines, or critiques from other agents.

• 外部信号：学习也由新的外部文档驱动，例如更新的企业策略、公共监管指南或其他智能体的评价。

This information is then used to optimize the agent's future behavior. Instead of simply summarizing past interactions, advanced systems create generalizable artifacts to guide future tasks. The most successful adaptation techniques fall into two categories:

这些信息随后被用于优化智能体未来的行为。先进系统不仅仅是总结过去的交互，还会创建可泛化的产物来指导未来的任务。最成功的适应技术分为两类：

• Enhanced Context Engineering: The system continuously refines its prompts, few-shot examples, and the information it retrieves from memory. By optimizing the context provided to the LM for each task, it increases the likelihood of success.

• 增强的上下文工程：系统不断改进其提示词、少样本示例以及从记忆中检索的信息。通过优化为每个任务提供给语言模型的上下文，提高了成功的可能性。

• Tool Optimization and Creation: The agent's reasoning can identify gaps in its capabilities and act to fill them. This can involve gaining access to a new tool, creating a new one on the fly (e.g., a Python script), or modifying an existing tool (e.g., updating an API schema).

• 工具优化与创建：智能体的推理可以识别其能力的差距并采取行动来弥补。这可能涉及获得对新工具的访问权限、即时创建新工具（例如 Python 脚本）或修改现有工具（例如更新 API 架构）。

Additional optimization techniques, such as dynamically reconfiguring multi-agent design patterns or using Reinforcement Learning from Human Feedback (RLHF), are active areas of research.

其他的优化技术，如动态重新配置多智能体设计模式或使用来自人类反馈的强化学习（RLHF），目前是活跃的研究领域。

Example: Learning New Compliance Guidelines

示例：学习新的合规指南

Consider an enterprise agent operating in a heavily regulated industry like finance or life sciences. Its task is to generate reports that must comply with privacy and regulatory rules (e.g., GDPR).

考虑一个在金融或生命科学等受到严格监管的行业中运行的企业智能体。其任务是生成必须符合隐私和监管规则（如 GDPR）的报告。

This can be implemented using a multi-agent workflow:

这可以使用多智能体工作流来实现：

1. A Querying Agent retrieves raw data in response to a user request.

2. 查询智能体根据用户请求检索原始数据。

3. A Reporting Agent synthesizes this data into a draft report.

4. 报告智能体将这些数据综合成一份报告草案。

5. A Critiquing Agent, armed with known compliance guidelines, reviews the report. If it encounters ambiguity or requires final sign-off, it escalates to a human domain expert.

6. 审查智能体利用已知的合规指南对报告进行审查。如果遇到模糊之处或需要最终签字确认，它会将其提交给人类领域专家。

7. A Learning Agent observes the entire interaction, paying special attention to the corrective feedback from the human expert. It then generalizes this feedback into a new, reusable guideline (e.g., an updated rule for the critiquing agent or refined context for the reporting agent).

8. 学习智能体观察整个交互过程，特别关注人类专家的纠正性反馈。然后，它将这些反馈泛化为新的、可复用的指南（例如，为审查智能体更新规则，或为报告智能体优化上下文）。

Figure 7: Sample multi agent workflow for compliance guidelines

For instance, if a human expert flags that certain household statistics must be anonymized, the Learning Agent records this correction. The next time a similar report is generated, the Critiquing Agent will automatically apply this new rule, reducing the need for human intervention. This loop of critique, human feedback, and generalization allows the system to autonomously adapt to evolving compliance requirements⁴⁴.

例如，如果人类专家指出某些家庭统计数据必须进行匿名化处理，学习智能体就会记录下这一修正。下次生成类似报告时，审查智能体将自动应用这一新规则，从而减少人工干预的需求。这种由审查、人类反馈和泛化组成的循环，使得系统能够自主适应不断演变的合规要求⁴⁴。

Simulation and Agent Gym - the next frontier（模拟与智能体体育馆（Agent Gym）—— 下一个前沿领域）

The design pattern we presented can be categorized as in-line learning, where agents need to learn with the resources and design pattern they were engineered with. More advanced approaches are now being researched, where there is a dedicated platform that is engineered to optimize the multi-agent system in offline processes with advanced tooling and capabilities, which are not part of the multi-agent run-time environment. The key attributes of such an Agent Gym⁴⁵ are:

我们介绍的这种设计模式可以归类为“在线学习（in-line learning）”，即智能体需要利用其工程设计时所具备的资源和模式进行学习。目前，研究人员正在探索更先进的方法：通过一个专门的平台，在离线过程中利用先进的工具和功能来优化多智能体系统，而这些工具并不属于多智能体运行环境的一部分。这种“智能体体育馆（Agent Gym）”⁴⁵ 的关键属性包括：

1. It is not in the execution path. It is a standalone off-production platform, and therefore can have the assistance of any LM model, and offline tools, cloud application and more

   它不在执行路径中。它是一个独立的非生产平台，因此可以借助任何语言模型、离线工具、云应用程序等提供协助。

2. It offers a simulation environment, so the agent can 'exercise' on new data and learn. This simulation environment is excellent for 'trial-and-error' with many optimizations pathways

   它提供模拟环境，因此智能体可以在新数据上进行“演练”和学习。这种模拟环境非常适合通过多种优化路径进行“试错”。

3. It can call advance synthetic data generators, which guide the simulation to be as real as possible, and pressure test the agent (this can include advance techniques, such as red-teaming, dynamic evaluation and a family of critiquing agents)

   它可以调用先进的合成数据生成器，引导模拟尽可能贴近真实情况，并对智能体进行压力测试（这可以包括红队测试、动态评估和一系列审查智能体等先进技术）。

4. The arsenal of the optimization tools is not fixed, and it can adopt new tools (either through open protocols such as MCP or A2A), or in a more advanced setting - learn new concepts and craft tools around them

   优化工具库并非固定不变，它可以采用新工具（通过 MCP 或 A2A 等开放协议），或者在更高级的设定下——学习新概念并围绕这些概念打造工具。

5. Finally, even constructs such as Agent Gym, may not be able to overcome certain edge-case (due to the well known problem of 'tribal knowledge' in the enterprise). In those cases we see the Agent Gym able to connect to the human fabric of domain experts, and consult with them on the right set of outcomes to guide the next set of optimizations

   最后，即使是像智能体体育馆这样的架构，也可能无法克服某些极端情况（由于企业中众所周知的“部落知识”问题）。在这些情况下，我们看到智能体体育馆能够连接到领域专家的人力网络，并就正确的产出结果向他们咨询，以指导下一阶段的优化。

Examples of advanced agents（先进智能体示例）

Google Co-Scientist

Co-Scientist is an advanced AI agent designed to function as a virtual research collaborator, accelerating scientific discovery by systematically exploring complex problem spaces. It enables researchers to define a goal, ground the agent in specified public and proprietary knowledge sources, and then generate and evaluate a landscape of novel hypotheses.

Co-Scientist 是一款先进的 AI 智能体，旨在充当虚拟研究合作者，通过系统地探索复杂的问题空间来加速科学发现。它允许研究人员定义一个目标，将智能体植根于特定的公共和专有知识源，然后生成并评估一系列新颖的假设。

In order to be able to achieve this, Co-Scientist spawns a whole ecosystem of agents collaborating with each other.

为了实现这一目标，Co-Scientist 会生成一整个由相互协作的智能体组成的生态系统。

Figure 8: The AI co-scientist design system

Think of the system as a research project manager. The AI first takes a broad research goal and creates a detailed project plan. A "Supervisor" agent then acts as the manager, delegating tasks to a team of specialized agents and distributing resources like computing power. This structure ensures the project can easily scale up and that the team's methods improve as they work toward the final goal.

可以将该系统想象成一个研究项目经理。AI 首先接收一个宏大的研究目标并制定详细的项目计划。随后，一个“主管（Supervisor）”智能体充当经理角色，将任务委派给一组专业智能体团队，并分配计算能力等资源。这种结构确保了项目可以轻松扩展，并且团队的方法在向最终目标迈进的过程中不断改进。

Figure 9: Co-scientist multi agent workflow

The various agents work for hours, or even days, and keep improving the generated hypotheses, running loops and meta loops that improve not only the generated ideas, but also the way that we judge and create new ideas.

这些不同的智能体可以工作数小时甚至数天，并不断完善生成的假设，运行各种循环和元循环（meta loops），这不仅提升了所生成的创意质量，还改进了我们判断和创造新创意的方式。

AlphaEvolve Agent（AlphaEvolve 智能体）

Another example of an advanced agent is AlphaEvolve, an AI agent that discovers and optimizes algorithms for complex problems in mathematics and computer science.

另一个先进智能体的例子是 AlphaEvolve，这是一个旨在发现并优化数学和计算机科学中复杂问题算法的 AI 智能体。

AlphaEvolve works by combining the creative code generation of our Gemini language models with an automated evaluation system. It uses an evolutionary process: the AI generates potential solutions, an evaluator scores them, and the most promising ideas are used as inspiration for the next generation of code.

AlphaEvolve 的工作原理是将 Gemini 语言模型的创造性代码生成能力与自动化评估系统相结合。它采用了一种进化过程：AI 生成潜在的解决方案，评估器对其进行评分，随后最有潜力的创意将被用作下一代代码的灵感。

This approach has already led to significant breakthroughs, including:

这种方法已经取得了重大突破，包括：

• Improving the efficiency of Google's data centers, chip design, and AI training.

  提高 Google 数据中心的效率、芯片设计以及 AI 训练效率。

• Discovering faster matrix multiplication algorithms.

  发现更快的矩阵乘法算法。

• Finding new solutions to open mathematical problems.

  为开放性数学问题寻找新的解决方案。

AlphaEvolve excels at problems where verifying the quality of a solution is far easier than finding it in the first place.

AlphaEvolve 擅长处理那些“验证解决方案质量比最初寻找解决方案要容易得多”的问题。

Figure 10: Alpha Evolve design system

AlphaEvolve is designed for a deep, iterative partnership between humans and AI. This collaboration works in two main ways:

AlphaEvolve 旨在建立人类与 AI 之间深层、迭代的伙伴关系。这种协作主要通过两种方式运作：

• Transparent Solutions: The AI generates solutions as human-readable code. This transparency allows users to understand the logic, gain insights, trust the results, and directly modify the code for their needs.

  透明的解决方案：AI 以人类可读的代码形式生成解决方案。这种透明度允许用户理解其逻辑、获取洞察、信任结果，并根据自身需求直接修改代码。

• Expert Guidance: Human expertise is essential for defining the problem. Users guide the AI by refining evaluation metrics and steering the exploration, which prevents the system from exploiting unintended loopholes in the problem's definition. This interactive loop ensures the final solutions are both powerful and practical.

  专家指导：人类专业知识对于定义问题至关重要。用户通过细化评估指标和引导探索方向来指导 AI，从而防止系统利用问题定义中非预期的漏洞。这种交互式循环确保了最终的解决方案既强大又实用。

The result of the agent is a continuous improvement of the code that keeps improving the metrics specified by the human.

该智能体的成果是代码的持续优化，不断提升由人类指定的各项指标。

Figure 11: Algorithm evolution

Conclusion（总结）

Generative AI agents mark a pivotal evolution, shifting artificial intelligence from a passive tool for content creation to an active, autonomous partner in problem-solving. This document has provided a formal framework for understanding and building these systems, moving beyond the prototype to establish a reliable, production-grade architecture.

生成式 AI 智能体标志着一次关键的演进，将人工智能从被动的内容创作工具转变为主动、自主的问题解决伙伴。本文档提供了一个用于理解和构建这些系统的正式框架，超越了原型开发阶段，旨在建立可靠的生产级架构。

We have deconstructed the agent into its three essential components: the reasoning Model (the "Brain"), the actionable Tools (the "Hands"), and the governing Orchestration Layer (the "Nervous System"). It is the seamless integration of these parts, operating in a continuous "Think, Act, Observe" loop, that unlocks an agent's true potential. By classifying agentic systems- from the Level 1 Connected Problem-Solver to the Level 3 Collaborative Multi-Agent System -architects and product leaders can now strategically scope their ambitions to match the complexity of the task at hand.

我们将智能体解构为三个核心组成部分：推理模型（“大脑”）、可执行工具（“双手”）以及管理编排层（“神经系统”）。正是这些部分的无缝集成，在持续的“思考、行动、观察”循环中运行，才释放了智能体的真正潜力。通过对智能体系统进行分类——从 1 级联网问题解决者到 3 级协作多智能体系统——架构师和产品负责人现在可以根据手头任务的复杂性，有策略地划定其目标的范围。

The central challenge, and opportunity, lies in a new developer paradigm. We are no longer simply "bricklayers" defining explicit logic; we are "architects" and "directors" who must guide, constrain, and debug an autonomous entity. The flexibility that makes LMs so powerful is also the source of their unreliability. Success, therefore, is not found in the initial prompt alone, but in the engineering rigor applied to the entire system: in robust tool contracts, resilient error handling, sophisticated context management, and comprehensive evaluation.

核心挑战与机遇并存于一种全新的开发者范式中。我们不再只是定义明确逻辑的“砖瓦工”；我们是必须引导、约束和调试自主实体的“架构师”和“导演”。使语言模型如此强大的灵活性，也是其不可靠性的根源。因此，成功不仅仅取决于最初的提示词，还取决于应用在整个系统中的工程严谨性：包括稳健的工具契约、富有弹性的错误处理、复杂的上下文管理以及全面的评估。

The principles and architectural patterns outlined here serve as a foundational blueprint. They are the guideposts for navigating this new frontier of software, enabling us to build not just "workflow automation," but truly collaborative, capable, and adaptable new members of our teams. As this technology matures, this disciplined, architectural approach will be the deciding factor in harnessing the full power of agentic AI.

此处概述的原则和架构模式可作为基础蓝图。它们是探索软件新前沿的指南，使我们不仅能够构建“工作流自动化”，还能构建真正协作、能干且适应性强的团队新成员。随着这项技术的成熟，这种严谨的架构方法将成为发挥智能体 AI 全部力量的决定性因素。

Endnotes

1. Julia Wiesinger, Patrick Marlow, et al. 2024 "Agents".
   Available at: https://www.kaggle.com/whitepaper-agents.

2. Antonio Gulli, Lavi Nigam, et al. 2025 "Agents Companion".
   Available at: https://www.kaggle.com/whitepaper-agent-companion.

3. Shunyu Yao, Y. et al., 2022, 'ReAct: Synergizing Reasoning and Acting in Language Models'.
   Available at: https://arxiv.org/abs/2210.03629.

4. Wei, J., Wang, X. et al., 2023, 'Chain-of-Thought Prompting Elicits Reasoning in Large Language Models'.
   Available at: https://arxiv.org/pdf/2201.11903.pdf.

5. Shunyu Yao, Y. et al., 2022, 'ReAct: Synergizing Reasoning and Acting in Language Models'.
   Available at: https://arxiv.org/abs/2210.03629.

6. https://www.amazon.com/Agentic-Design-Patterns-Hands-Intelligent/dp/3032014018

7. Shunyu Yao, et. al., 2024, 't-bench: A Benchmark for Tool-Agent-User Interaction in Real-World Domains',
   Available at: https://arxiv.org/abs/2406.12045.

8. https://artificialanalysis.ai/guide

9. https://cloud.google.com/vertex-ai/generative-ai/docs/model-reference/vertex-ai-model-optimizer

10. https://gemini.google/overview/gemini-live/

11. https://cloud.google.com/vision?e=48754805&hl=en

12. https://cloud.google.com/speech-to-text?e=48754805&hl=en

13. https://medium.com/google-cloud/genaiops-operationalize-generative-ai-a-
    practical-guide-d5bedaa59d78

14. https://cloud.google.com/vertex-ai/generative-ai/docs/agent-engine/code-execution/overview

15. https://ai.google.dev/gemini-api/docs/function-calling

16. https://github.com/modelcontextprotocol/

17. https://ai.google.dev/gemini-api/docs/google-search

18. https://google.github.io/adk-docs/

19. https://google.github.io/adt-docs sessions/memory/

20. https://cloud.google.com/architecture/choose-design-pattern-agentic-ai-system

21. https://cloud.google.com/vertex-ai/generative-ai/docs/agent-engine/overview

22. https://cloud.google.com/kubernetes-engine/docs/concepts/gke-and-cloud-run

23. https://github.com/GoogleCloudPlatform/agent-starter-pack

24. Sokratis Kartakis, 2024, 'GenAI in Production: MLOps or GenAIOps?'. Available at: https://medium.com/google-cloud/genai-in-production-mlops-or-genaiops-25691c9becd0.

25. Guangya Liu, Sujay Solomon, March 2025 "AI Agent Observability - Evolving Standards and Best Practice". Available at: https://opentelemetry.io/blog/2025/ai-agent-observability/.

26. https://discuss.google.dev/t/agents-are-not-tools/192812

27. Damien Masson et. al, 2024, 'DirectGPT: A Direct Manipulation Interface to Interact with Large Language Models'. Available at: https://arxiv.org/abs/2310.03691.

28. MCP UI is a system of controlling UI via MCP tools https://mcpui.dev/.

29. AG UI is a protocol of controlling UI via event passing and optionally shared state https://ag-ui.com/.

30. A2UI is a protocol of generating UI via structured output and A2A message passing https://github.com/google/A2UI.

31. https://cloud.google.com/vertex-ai/generative-ai/docs/models/gemini/2-5-flash-live-api.

32. https://saif.google/focus-on-agents.

33. https://simonwillison.net/series/prompt-injection/.

34. https://storage.googleapis.com/gweb-research2023-media/pubtools/1018686.pdf.

35. https://spiffe.io/.

36. https://openreview.net/pdf?id=19rATNBB8Y.

37. https://google.github.io/adk-docs/safety/.

38. https://google.github.io/adk-docs/callbacks/design-patterns-and-best-practices/#guardrails-policy-enforcement

39. TKTK

40. https://cloud.google.com/security-command-center/docs/model-armor-overview

41. https://cloud.google.com/vertex-ai/generative-ai/docs/provisioned-throughput/overview

42. https://cloud.google.com/run/sla

43. https://github.com/CharlesQ9/Self-Evolving-Agents

44. Juraj Gottweis, et. al., 2025, 'Accelerating scientific breakthroughs with an AI co-scientist'. Available at: https://research.google/blog/accelerating-scientific-breakthroughs-with-an-ai-co-scientist/.

45. Deepak Nathani et. al. 2025, 'MLGym: A New Framework and Benchmark for Advancing AI Research Agents', Available at: https://arxiv.org/abs/2502.14499.