Slack Engineering: Managing Context in Long-Run Agents

Slack’s engineering blog on managing context in their multi-agent security investigation service. Director orchestrates, Experts gather evidence, Critic reviews findings.

Key Claims

  • LLM APIs are stateless — caller must provide complete message history, creating hard context limits
  • Complex security investigations span hundreds of inference requests and generate megabytes of output
  • Each agent needs a tailored view — too much sharing stifles creativity, too little causes incoherence
  • Three complementary context channels solve this:
    1. Director’s Journal: structured working memory (decisions, observations, hypotheses, questions)
    2. Critic’s Review: annotated findings with credibility scores
    3. Critic’s Timeline: consolidated chronological findings

Architecture Details

  • Director has 6 entry types: decision, observation, finding, question, action, hypothesis
  • Critic uses tools to inspect evidence: get_tool_call, get_tool_result, get_toolset_info, list_toolsets
  • Five-level credibility scale: Trustworthy (0.9-1.0), Highly-plausible (0.7-0.89), Plausible (0.5-0.69), Speculative (0.3-0.49), Misguided (0.0-0.29)
  • Over 170K findings: 37.7% Trustworthy, 25.4% Highly-plausible, 15.4% Misguided
  • Stronger model for Critic (fewer hallucinations, better nuance interpretation)

Takeaways

  • The Journal pattern is powerful: structured working memory with typed entries gives the Director continuity across rounds
  • ~26% of Expert findings don’t meet plausibility threshold — Critic is essential
  • Separation of concerns: Director doesn’t see raw evidence, Critic doesn’t make strategic decisions
  • The “bimodal read” pattern: deep inspection of one trace + fast iteration across many traces

Connections