Every production AI agent in 2026 sits on top of the same seven layers — model, orchestration, tools/MCP, memory, observability, evals and guardrails. The interesting question isn't whether you need each layer (you do); it's where you buy, where you build, and which reference stack matches your scale. This is the buyer's-view architecture, with concrete vendor picks for three sizes of company.
We've reviewed 88 AI agents on the leaderboard and the pattern across the ones that actually ship is depressingly consistent: the model gets the headlines, the rest of the stack does the work. A frontier model on top of a clumsy stack underperforms a mid-tier model on top of a disciplined one. This guide is a reference for the disciplined option.
If you've read our AI agent design patterns guide, this is the layer below — the physical architecture that those patterns run on.
The seven layers at a glance
| # | Layer | What it does | "Buy" defaults | "Build" question |
|---|---|---|---|---|
| 1 | Foundation model | The reasoning engine | Claude, GPT, Gemini, Llama | Almost always buy |
| 2 | Orchestration | Runs the loop / graph | LangGraph, OpenAI Agents SDK, CrewAI, n8n | Build the logic, buy the framework |
| 3 | Tools / MCP | Lets the agent act | MCP servers, custom functions | Build wrappers around your own systems |
| 4 | Memory & retrieval | Long + short-term context | Pinecone, Weaviate, Chroma, pgvector | Buy infra, build retrieval logic |
| 5 | Observability | Traces, logs, replay | LangSmith, Langfuse, Helicone, Arize | Almost always buy |
| 6 | Evaluation | Grades quality over time | LangSmith Evals, Braintrust, Promptfoo | Buy harness, write the rubrics yourself |
| 7 | Guardrails & safety | Catches unsafe behavior | Guardrails AI, NeMo Guardrails, Lakera | Buy starter policies, customize for your domain |
The rule of thumb: buy at the edges, build in the middle. Layers 1, 5, 6 and 7 are infrastructure problems that vendor specialists solve better than you will. Layers 2, 3 and 4 encode your product logic and shouldn't be outsourced.
Layer 1 — Foundation model
The thing the agent runs on. Three categories matter in 2026:
Frontier closed models. Claude Sonnet/Opus, GPT-class models, Gemini Pro/Flash. These set the ceiling on agent capability. See Claude vs ChatGPT 2026, Claude vs GPT-5, and Gemini Deep Research vs ChatGPT for the head-to-heads.
Frontier open-weight models. Llama-family, Qwen, Mistral large, DeepSeek. Used heavily for self-hosted deployments, regulated industries, or cost-driven workloads with predictable shape. See open-source vs closed agents for the trade-off.
Small / fine-tuned / local models. Used as classifiers in routing, as evaluators (LLM-as-judge), or for high-volume narrow tasks. See local LLM glossary entry.
Decisions you actually make at this layer:
- Cloud API vs self-hosted (governance / cost / latency trade-off).
- One model for everything, or model routing with a cheap model for easy queries and a frontier model for hard ones. Routing typically cuts model spend 40–70% on real workloads.
- Function calling / structured output quality — varies sharply between providers, matters more than benchmarks for agent work.
Layer 2 — Orchestration
The control plane that runs the reasoning loop, manages state, retries failures, and (in multi-agent setups) coordinates workers.
The 2026 landscape:
- LangGraph. State-machine framework on top of LangChain. The dominant choice when you want explicit control over the agent graph, branching, retries and checkpointing. See our LangGraph glossary entry.
- OpenAI Agents SDK. OpenAI's first-party orchestration, more opinionated than LangGraph, tight integration with their tool/function-calling story. Strong default for OpenAI-first stacks.
- CrewAI. Higher-level abstraction around multi-agent role-playing patterns ("researcher", "writer", "editor"). Faster to prototype, less control at the edges.
- AutoGen / Microsoft. Strong multi-agent / agent-conversation primitives, good fit if you're already deep in the Microsoft stack.
- Smolagents (Hugging Face). Minimal Python framework — basically "ReAct in 1,000 LOC." Great when you want to read every line of orchestration code yourself.
- No-code / workflow-driven. n8n Agents, Zapier Agents, Make.com Agents, Tines AI, Lindy. For ops-style automations and workflows where the orchestration is a visual graph rather than code. See our Zapier vs Make vs n8n vs Lindy comparison.
What you build at this layer:
- The system prompt and tool routing logic.
- Your agent's graph topology (linear, fan-out, planner-executor — see agent design patterns).
- Retry/timeout/circuit-breaker policy for each tool.
- Per-tenant config (multi-customer SaaS).
Layer 3 — Tools and MCP
The hands of the agent. This is where the agent reads files, hits APIs, queries databases, talks to humans, sends emails, writes code.
MCP (Model Context Protocol) is the connective tissue that won 2025 and consolidated in 2026. Instead of every tool integration being a custom function bound to a specific SDK, MCP servers expose tools over a standard protocol that every major agent host speaks. See our MCP explainer, how to use MCP, and the 20 best MCP servers in 2026 for the working shortlist.
Tool design rules that survived the year:
- Keep tool count under ~15 per agent. Past that, models start to mix tools up.
- Use structured schemas with enums and required fields. A
query: stringparameter eats garbage. - Distinguish read tools (cheap, safe) from write tools (need confirmation / dry-run / human-in-the-loop).
- Provide an explicit
errorshape — agents recover much better from{"error": "rate_limited", "retry_after": 30}than from a 500 with no body.
For coding-agent specifics see our reviews of Cursor, Claude Code, Devin and the Cursor vs Windsurf comparison.
Layer 4 — Memory and retrieval
What the agent remembers across calls, sessions and tools.
Three sub-layers:
- Working memory. What's in the current context window. Managed by the orchestration layer. See context window.
- Session / short-term memory. State that survives across tool calls within a job. Usually a small key-value store or the orchestration framework's built-in state.
- Long-term memory. Vector database for semantic retrieval, plus optionally structured stores for user profiles, preferences, conversation history. See memory, RAG, vector database, vector embedding, and agentic RAG.
2026 vendor picks:
- Vector databases: Pinecone (managed, fast), Weaviate (open-source + managed), Chroma (developer-friendly), pgvector (when you already have Postgres and don't want a new system to run).
- Long-term memory frameworks: Letta (formerly MemGPT), Mem0, Zep. These give the agent persistent memory beyond the context window and let you query it semantically.
- Embedding models: OpenAI text-embedding-3, Cohere embed-v4, Voyage, BAAI/bge for open-weight. See embedding model and reranker glossary entries.
Build vs buy decision: buy the vector DB and embedding model, build the retrieval logic. The retrieval strategy (chunking, hybrid keyword + vector, reranking, filter pruning) is product-specific and won't transfer cleanly from a vendor template.
Layer 5 — Observability
Without observability, agent debugging is impossible. Period.
What to log per agent run:
- Full prompt sent to the model (including tool definitions and system prompt).
- Every tool call: name, params, result, latency.
- Every model response: reasoning, tool calls, final answer.
- Token counts (prompt, completion, cached) and cost.
- Total wall-clock and per-step latency.
- A unique trace ID propagated across all sub-agents.
Vendors in 2026:
- LangSmith. LangChain's first-party. Strong if you're already on LangGraph.
- Langfuse. Open-source, self-hostable, framework-agnostic. The default for teams that don't want vendor lock-in.
- Helicone. Proxy-based, drop-in for OpenAI/Anthropic, lightest integration footprint.
- Arize / Phoenix. Enterprise ML observability — heavier but stronger drift / eval integration.
See LLM observability and agent observability for the underlying concepts.
Layer 6 — Evaluation
Without evals, you can't tell if a prompt change made things better or worse. With evals, you ship confidently. The single highest-leverage investment a serious agent team makes.
Three eval flavors:
- Unit tests for prompts. A small set of canonical examples with known-good outputs. Runs on every PR.
- LLM-as-judge. A judge model scores generations against a rubric. Cheap, fast, decent correlation with humans on well-defined tasks. See LLM as a judge.
- Production replay. Sample real traffic, replay against a candidate change, compare.
Tooling: LangSmith Evals, Braintrust, Promptfoo, Helicone Evals, or rolled by hand on top of your observability traces.
For full background see how to evaluate AI agent, AI evals and benchmark.
Layer 7 — Guardrails and safety
What stops the agent from doing something embarrassing, dangerous or illegal.
The four guardrail families:
- Input filters. Strip secrets, classify intent, refuse out-of-scope queries before they hit the model.
- Output filters. PII redaction, profanity, hallucination check, policy compliance.
- Tool-call guards. Confirm before writes, dry-run irreversible actions, per-user rate limits, human-in-the-loop for high-risk actions.
- Adversarial defenses. Prompt injection detection, jailbreak detection, red-teaming harness in CI.
Vendors in 2026: Guardrails AI, NeMo Guardrails (NVIDIA), Lakera, LlamaFirewall, Protect AI.
For the broader framing see AI safety, AI alignment and our Guardrails AI glossary entry.
Three reference stacks
What the stack actually looks like at three sizes of company.
Stack A — Startup / solo builder (1–5 people)
Goal: ship in days, not weeks. Optimize for speed-to-first-customer.
| Layer | Pick |
|---|---|
| Model | Claude Sonnet or GPT for everything; no routing yet |
| Orchestration | OpenAI Agents SDK or Smolagents |
| Tools | 3–5 MCP servers + 2 custom functions |
| Memory | pgvector inside Postgres (no new DB) |
| Observability | Helicone (drop-in proxy) or Langfuse free tier |
| Evals | 20 prompt-unit-tests in Promptfoo |
| Guardrails | Guardrails AI starter policies |
Cost shape: $50–$500/mo all in. Build time: 1–2 weeks for first production agent.
Stack B — Series A/B SMB (10–50 people, 1–3 agent products)
Goal: sustainable engineering velocity, real observability, eval discipline.
| Layer | Pick |
|---|---|
| Model | Claude/GPT for hard tasks, Haiku/Mini for easy via router |
| Orchestration | LangGraph |
| Tools | 5–10 MCP servers + custom function set per agent |
| Memory | Pinecone or Weaviate managed + Letta for long-term |
| Observability | LangSmith or self-hosted Langfuse |
| Evals | LangSmith Evals + LLM-as-judge for production sampling |
| Guardrails | Guardrails AI + Lakera prompt-injection defense |
Cost shape: $2K–$15K/mo infra plus model spend. Build time: 4–8 weeks for first production agent.
Stack C — Enterprise (50+ people, multi-tenant SaaS or regulated industry)
Goal: auditability, compliance, multi-region, vendor diversity.
| Layer | Pick |
|---|---|
| Model | Multi-provider with provider-agnostic abstraction; some workloads on self-hosted open-weight |
| Orchestration | LangGraph or in-house framework on top of MCP |
| Tools | Internal MCP gateway; per-tenant tool scoping; signed tool calls |
| Memory | Per-tenant vector index + structured store; SOC 2 / HIPAA-compliant infra |
| Observability | Arize / Phoenix or self-hosted Langfuse with PII redaction |
| Evals | Full eval CI; golden datasets per high-risk path; red-team suite |
| Guardrails | Layered: input filter + tool-call confirmation + audit log + adversarial test suite |
Cost shape: $50K–$500K+/mo depending on volume. Build time: 3–6 months for first regulated-grade agent.
Decision flow for picking your stack
- What's the model budget? Cap it before you pick a stack — the model alone often dominates total cost.
- What level of audit do you need? Regulated industries skip straight to Stack C even at small headcount.
- What's the orchestration shape? Linear single-agent → Smolagents / OpenAI SDK. Multi-step with state → LangGraph. Role-based multi-agent → CrewAI. Workflow visual → n8n / Tines.
- What's your data gravity? If your data already lives in Postgres / Snowflake / Databricks, lean toward retrieval layers that integrate cleanly (pgvector, native vector inside Snowflake).
- Who owns the agent in production? If it's the engineering team, code-first. If it's ops, visual workflow tools.
What this means for buyers
If you're evaluating an agent off the leaderboard, or pitching an agentic AI vendor internally, use the seven layers as a checklist:
- Which layers does the vendor own? Which do they expect you to bring?
- What's their MCP / tool story? If they're a closed garden in 2026, that's a red flag.
- Can you see the trace of a real run before you sign? If observability is "coming soon," walk.
- Do they ship an eval harness, or just demos? Demos are not evidence.
- What guardrails ship by default vs require pro-services to customize?
See how to pick an AI agent, how to evaluate AI tool trial and our methodology for the broader scoring framework we apply on every agent in the directory.
The stack is rarely the differentiator at the product level — every serious vendor has roughly the same seven layers. What differentiates is the discipline with which each layer is operated. The teams that win are obsessed with layer 5 (observability) and layer 6 (evals); the teams that don't, get blindsided by drift six months after launch.