AI agent patterns I learned from building AIdaemon

When people talk about AI agent patterns, they usually describe them in the abstract. Here's how seven well-known patterns actually work inside AIdaemon, a self-hosted AI agent daemon I've been building in Rust.

The ReAct loop (Reason + Act)

ReAct is the foundation of most modern agents. Instead of thinking through an entire plan and executing it all at once, the agent alternates between reasoning about what to do next and actually doing it.

In AIdaemon, this shows up as a phase-based execution cycle. Each turn goes through message building, an LLM call, tool execution, and a stopping check. The agent reasons about its next move, takes an action, observes the result, and then reasons again. This loop continues until the agent decides it's done or hits an iteration limit.

The beauty of ReAct is adaptability. If a command fails or returns unexpected output, the agent doesn't blindly continue with the original approach. It re-evaluates and adjusts.

Planning

Planning means breaking a complex task into steps before diving in. Instead of immediately grabbing the first tool and starting work, a planning agent analyzes the request, identifies dependencies, and sequences operations in a logical order.

In AIdaemon, before the agent touches any tool, it can generate a structured plan with concrete steps. This prevents the common failure mode where an agent starts executing, realizes halfway through that it needed information from step 5 to complete step 2, and ends up going in circles.

Planning also helps with transparency. When you can see the agent's plan before it executes, you catch bad assumptions early rather than discovering them after the agent has already made changes.

Reflection

Reflection is the agent's ability to evaluate its own work. After completing an action, a reflective agent switches into critic mode. It checks for errors, verifies that constraints were met, and identifies gaps.

In AIdaemon, the reflection feedback loop kicks in when something goes wrong. If a tool call fails or produces unexpected results, the agent analyzes what happened, why it failed, and suggests a fix before retrying. Combined with evidence state tracking, the agent maintains concrete observations about what it's seen and done. Its reflections are grounded in actual results rather than assumptions.

Memory

Memory is how an agent retains information across conversations. Without it, every interaction starts from scratch.

AIdaemon uses SQLite-backed vector embeddings for semantic recall. Facts get extracted from conversations automatically and stored with embeddings so they can be retrieved by meaning, not just keywords. If you mentioned a project detail three weeks ago, the agent can recall it when it becomes relevant again.

The memory system also creates episode summaries for long-running sessions and consolidates facts daily, deduplicating and decaying old information that's no longer useful. It's the difference between an agent with amnesia and one that actually learns your context over time.

Guardrails

Guardrails define the hard boundaries of what an agent can and can't do. They're the safety net that catches edge cases that good prompting alone won't prevent.

AIdaemon implements guardrails at multiple layers. Command allowlists restrict which terminal commands the agent can execute. Tool filtering based on risk level means destructive operations require extra verification. Output sanitization strips sensitive data like API keys and tokens from responses before they reach the user. And iteration limits prevent runaway loops where the agent burns through tokens without making progress.

The industry has converged on this layered approach. Most production agent frameworks treat guardrails as defense-in-depth rather than a single checkpoint.

Human-in-the-loop

Human-in-the-loop is the pattern of pausing for human confirmation before taking high-risk actions. It's the recognition that some decisions shouldn't be fully automated.

AIdaemon uses an approval flow with three options for risky actions. Allow Once (proceed this time), Allow Always (trust this action going forward), and Deny (stop and try something else). The agent classifies actions by risk level automatically. Reading a file? No gate needed. Deleting files or running unfamiliar shell commands? The agent pauses and asks.

The key is risk-based gating rather than gating everything. Too many interruptions and the agent becomes unusable. Too few and you're trusting it with actions that could cause real damage.

Skill learning

Skill learning is when the agent turns successful patterns into reusable instructions. Most agents treat every task as a one-off. Skill learning lets the agent recognize when it's solved a type of problem multiple times and package that solution for future use.

In AIdaemon, if a procedure has been used 5 or more times with at least an 80% success rate, the system generates a skill draft. That draft still needs human review before it becomes active, which keeps the agent from learning the wrong lessons. Once approved, the next time a similar task comes up, the agent can reference that skill instead of figuring it out from scratch. Skills can also be loaded from files, URLs, or remote registries, so you can share them across setups.

This is one of those patterns that compounds over time. The longer the agent runs, the more skills it accumulates, and the faster it handles recurring work.