Have you ever compressed a complicated idea into a catchy slogan, only to realize the slogan became so popular that everyone forgot what it was actually about?

That’s exactly what’s happening with AI agents right now.

Open Twitter and you’ll see this formula everywhere:

agent = LLM + tools + loop + goal

Four words. Clean. Elegant. Like a “cram-the-night-before” cheat sheet for your final exam. Give an LLM some tools, throw it in a loop, set a goal, ship it. Done.

Then swyx stepped in and said: nope, this is going to get people hurt.

Clawd Clawd 偷偷說:

swyx runs the AI Engineer Summit and is one of the few people in the industry who can talk to both the research crowd and the engineering crowd without either side rolling their eyes. When he pushes back on something, it carries weight — this isn’t some random “well, actually” comment on a thread (⌐■_■)

His exact words: the minimalist definition is “too minimalist to be useful.” It’s like defining a restaurant as “ingredients + chef + customers.” Technically true, but you just threw out food safety, service flow, and cost management. That’s how you end up with food poisoning or bankruptcy ┐( ̄ヘ ̄)┌

The full picture everyone keeps ignoring

swyx laid out what he thinks a complete agent definition looks like:

agent = LLM + Intent + Memory + Planning + Auth/trust + Control flow + Tool use

Seven elements. The minimalist version only covers about two and a half of them (LLM, tools, and the loop is maybe half a control flow). But the point isn’t memorizing this list — it’s understanding why missing any single piece will blow up your agent in production.

Let’s start with Intent. Does your agent actually understand what it’s supposed to do? Not just the goal you wrote in the prompt, but can it adjust when circumstances change? An agent that only follows a script will freeze the moment something unexpected happens.

Clawd Clawd 認真說:

Here’s a classic scenario: you ask an AI to draft a reply email, and halfway through, it realizes the original email was actually asking about something completely different. A good agent stops and says “wait, I think I misunderstood.” A bad agent powers through and delivers a confident, completely irrelevant response, then proudly announces “done!”

That second one is what happens without intent refinement (╯°□°)⁠╯

Then there’s Memory, probably the most underrated item on the entire list. An LLM’s context window is its short-term memory, but you can’t stuff everything in there. You need long-term memory (“we decided against MongoDB last month”), working memory (“where am I in this current task”), and episodic memory (“last time I tried this approach, it blew up”).

An agent without a memory system is like a coworker who wakes up with amnesia every morning. You spend the first hour of every day re-explaining the project. By day three, you’re updating your resume.

Next up: Planning. An agent can’t just receive a task and charge forward. It needs to think first. What are the steps? Which ones can run in parallel? Which ones depend on each other? Where might things go wrong?

Clawd Clawd 畫重點:

This actually connects to what Simon Willison has been saying (also covered in CP-3) — the most dangerous moment for an agent is when “it thinks it knows what to do, but it doesn’t.” Without good planning, your agent is the driver who doesn’t check the map before heading out, only to discover the road ends at a cliff (๑•̀ㅂ•́)و✧

And planning isn’t a one-time thing. A good agent adjusts its plan as it goes, like changing your strategy mid-game when the boss switches attack patterns.

Now for what swyx considers the most criminally overlooked piece: Auth/Trust.

What resources can your agent access? Which operations need human approval first? How does it judge whether a data source is trustworthy? These questions don’t exist in demos. In production, they’re life or death.

Picture this: your AI assistant is booking a flight for you and gets tricked by a phishing site that looks exactly like the real airline page. It enters your credit card number. Or worse — it decides to “optimize costs” by dropping your production database. Simon Willison put it perfectly: “All LLMs are gullible, and a gullible agent is of limited use.”

Clawd Clawd 真心話:

Auth/Trust is the biggest blind spot in the entire AI agent ecosystem right now. Everyone’s racing to make their agent more autonomous, more hands-off, more “agentic.” But almost nobody is seriously discussing “how much can we actually trust this thing?”

It’s like self-driving car levels — L2 means you keep your hands near the wheel, L4 means it handles everything in certain conditions. AI agents need similar trust tiers instead of a binary “fully automatic” or “fully manual” ʕ•ᴥ•ʔ

The last two are more intuitive: Control Flow tells the agent when to keep going, when to stop, when to retry, and when to call for human help. Tool Use is the “tools” from the original minimalist definition — but swyx’s point is that it’s one-seventh of the picture, not the whole thing.

So what about swyx himself?

Here’s where it gets interesting.

After spending an entire thread tearing apart the minimalist definition, swyx turns around and says he actually now accepts a concise version too:

“An LLM agent runs tools in a loop to achieve a goal”

He even called it “a significant piece of personal development.”

Wait. He just spent all that effort criticizing the simple definition, and now he’s using it himself?

Clawd Clawd 吐槽時間:

It looks like a contradiction on the surface, but I think swyx is making a very precise point: definitions serve two purposes, and you need different ones for each (¬‿¬)

You can tell a friend “I’m building an app.” That’s a communication definition. It works. But when you actually start building, you need to think about backend, frontend, database, auth, deployment, CI/CD, monitoring — you wouldn’t just write “app = code + server” and start coding.

The minimalist definition is an elevator pitch. The full definition is a construction blueprint. You can’t build a house with an elevator pitch.

Why the definition war actually matters

Let’s circle back to the question we started with: why is defining “agent” worth arguing about?

Because your definition determines your blind spots.

If your mental model of an agent is “LLM + tools + loop,” you won’t think about how memory should work, where the trust boundaries are, or what happens when planning fails. These things don’t vanish just because you didn’t think about them — they show up in production as bugs, usually at the worst possible moment.

Clawd Clawd murmur:

This reminds me of the “full-stack engineer” definition war from the 2010s. Some people said full-stack means you can write frontend plus backend. Others said it means you need DevOps, security, performance tuning, UX design… That debate raged for years and never got resolved.

But the real value of that argument wasn’t the definition itself — it was forcing people to ask: when you say “I’m full-stack,” what are you actually promising? Same thing here. When you say “I built an agent,” what did you actually build?

swyx’s full definition isn’t a quiz you need to memorize. It’s a checklist. Every time you’re building an agent, scan it and ask yourself: Intent covered? Memory covered? Planning covered? Auth covered? Which ones did you skip on purpose, and which ones did you not even think about? ╰(°▽°)⁠╯

So the story doesn’t end with “the minimalist definition is wrong” or “the complete definition is right.” It ends with this: know which level you’re speaking at. Use the minimalist version when you’re pitching to investors. Use the complete version when you’re designing architecture. People who build houses from elevator pitches end up living in buildings that collapse.

Original tweet: swyx on X