While 2023 focused almost exclusively on prompt engineering, the real challenge for 2025 will be Context Engineering.

If we accept the metaphor that the Large Language Model is the new CPU, then its context window—even in million-token variants—is “the new RAM”: fast, powerful, but critically finite. Currently, many systems treat this high-speed memory as if it were an unlimited hard drive. The structural result of this approach is context rot.

The scenario is familiar: an agent that performs perfectly in a demo starts to degrade after a few weeks in production. It hallucinates obsolete instructions, confuses tools, or contradicts recent data with old session history. This is not a random bug, but a structural failure in managing the model’s “working memory.”

Let’s analyze the engineering principles necessary to transform context from an unmanaged liability into a curated, high-performance asset.

The Structural Limit: The Attention Budget

At the core of context rot is an architectural constraint of the Transformer: the attention budget. For a sequence of tokens, the model may need to compute relationships. As $N$ grows toward the context limit, the model must distribute its fixed attention capacity over an exponentially larger set of connections.

The practical impact is evident in “Needle-in-a-Haystack” benchmarks. As the context length (the “haystack”) increases, the model’s ability to reliably retrieve a single relevant piece of information decreases. Long context represents a capacity increase, not a guarantee of perfect recall.

In agent development, we tend to add information incrementally: system prompts, user history, RAG results, tool outputs, Chain-of-Thought scratchpads, and execution logs. Often, nothing is deleted. By the sixtieth interaction, the model is paying an “attention tax” on forty turns of irrelevant noise. Studies (such as those conducted by Microsoft/Salesforce) have shown performance degradation of up to 20% when partial or incorrect intermediate outputs are retained in the active context.

Context rot manifests primarily in four failure modes:

1. Context Poisoning: An error or hallucination (e.g., an obsolete API specification retrieved via RAG) enters the context and is treated as ground truth in subsequent steps, solidifying the error in the agent’s working memory.

2. Context Distraction: The model focuses excessively on a verbose example at the beginning of the prompt or an obscure historical edge case, overweighting the prompt content at the expense of generalized knowledge derived from pre-training.

3. Context Confusion: The problem of tool proliferation. Exposing a dozen tools, each with lengthy descriptions and ambiguous decision boundaries, creates an unmanageable decision surface. If a human engineer cannot quickly select the correct tool by reading the prompt, the model will face similar difficulties.

4. Context Clash: Two high-signal pieces of information in the prompt contradict each other (e.g., historical records indicate one customer location, a recent tool call indicates another). The model must arbitrate this conflict, often leading to unpredictable behavior.

Context Observability: The X-Ray of Working Memory

You cannot optimize what you do not measure. Traditional observability focuses on latency, costs, and token counts. Solving context rot requires Context Observability: a granular view of the composition of the model’s working memory over time.

It is necessary to implement tools that parse conversation logs, semantically segment long messages, and label each block by component type: System Instructions, User Query, Tool Output, RAG Knowledge, etc. Visualizing these components as stacked timelines reveals when low-signal components, such as raw, uncompressed tool outputs, dominate context. The next generation of tooling must make context composition a first-class engineering concern.

The Context Engineering Playbook

To regain control of the attention budget, we must shift from passive accumulation to active context architecture. This requires implementing a playbook built on four fundamental engineering pillars: Isolation, Selection, Compression, and External Writing.

1. Isolation: Decompose the Problem

Isolation involves breaking a monolithic problem into specialized units, ensuring that no single context window has to hold the state of the entire workflow.

The most effective implementation is through multi-agent systems, where a lead agent orchestrates specialized sub-agents (e.g., Researcher, Planner, Executor). Each sub-agent maintains a context window strictly limited to its task, preventing execution logs and irrelevant tool descriptions from accumulating in a single global prompt. Sandboxing techniques are a form of isolation in which heavy objects (code logs, images, intermediate arrays) remain external, with only targeted, compressed results reinserted into the LLM context.

2. Selection: Maximize Signal-to-Noise

Selection is the principle of maximizing the signal-to-noise ratio of every token. RAG is the most common form of knowledge selection, but the technique must be generalized.

It is critical to implement tool loadouts: dynamically retrieving and exposing only the tools relevant to the immediate request, rather than presenting the entire universe of tools at every call. This drastically reduces Context Confusion. Similarly, instead of blindly retrieving all long-term memory, semantic selection must be used to extract only memory fragments relevant to the current task. Progressive Disclosure is the dynamic ideal: giving the agent the ability to query external data stores on demand, keeping the active prompt lean while the accessible knowledge base remains vast.

3. Compression: Distill the Essence

When preserving the essence of a long interaction or voluminous output is necessary, but raw text is too costly, compression becomes mandatory.

This involves summarization and compaction. Agents can be configured to automatically compact conversation history once a threshold is exceeded, using the LLM itself to summarize the state into a succinct representation. For greater rigor, specialized fine-tuned summarization models can be employed at agent boundaries to ensure distilled knowledge transfer. The most aggressive form is pruning, where systems like Provence identify and remove entire sections of a document that are statistically irrelevant to the current query, avoiding the computational cost of generative summarization.

4. External Writing: State Offloading

The fourth lever is accepting that not all state belongs in the prompt. We must offload persistent or temporary state into external data stores, making it accessible only via explicit tool calls.

The simplest pattern is the scratchpad or notepad tool, where the agent can write intermediate plans, notes, or reflections into an external JSON or database. This allows the agent to maintain high-level reasoning without clogging the current attention window with the detailed trace of the thought process. Long-term memories (as in Reflexion) are the persistent version of this approach, accessible only through controlled retrieval.

The Foundation: High-Signal Chunking

All these strategies fail if the underlying unit of information, the chunk, is poorly defined. The art of chunking consists of finding units that are semantically coherent but small enough for flexible retrieval and recombination.

Chunking based on fixed token counts is insufficient. It is necessary to move to semantic chunking, which uses embedding similarity to detect topic boundaries. Additionally, contextual chunking involves using an LLM to generate a brief summary for each chunk describing its meaning in the context of the entire document. This enriched representation is then embedded, thereby improving retrieval accuracy and robustness.

Architectural Mandate: Standardization with MCP

To move beyond bespoke architectures, standardization is essential. The Model Context Protocol (MCP), proposed by Anthropic, offers a path forward. It defines a standardized interface (similar to JSON-RPC) for interaction between models, tools, and data.

MCP acts as a “USB-C for AI,” providing a consistent schema for tool discovery and operation invocation. This consistency radically simplifies the implementation of complex context management strategies—such as dynamic tool loadouts and controlled external writing—reducing Context Clash and allowing components to be reused across different frameworks without excessive “glue code.”

Conclusion

Context Engineering is about finding the smallest possible set of high-signal tokens that maximizes the probability of the desired behavior. Every vague instruction, redundant field, or verbose tool description is stealing attention from a more critical token.

For system prompts, this means finding the right “altitude”: avoiding fragile pseudo-code while maintaining structured instructions (via XML or Markdown). For tools, output must be token-efficient. Finally, few-shot examples must be canonical demonstrations of the desired pattern, not exhaustive documentation.

If you are building an agent today, you are designing and operating its dynamic working memory. Instead of asking “Why did the model hallucinate?”, the correct question is: “What was in its ‘head’ at that moment, what was it paying the attention budget for, and which of those tokens truly deserved to be there?”