Deterministic software
- Use for
- Rules, validation, database queries, API calls, and predictable application logic.
- Signal
- The same input should reliably produce the same output.
- Avoid
- Adding a model to ordinary branching logic.
Follow the decision tree from problem definition through classification, composition, evaluation, and iteration. The goal is not to avoid agents; it is to use exactly as much agency as the problem needs.
Begin with the six-phase overview, open one topic at a time, then select a concept when you want its full guidance.
Nothing has been removed: search spans every concept, while “All 51” preserves the complete source canvas as a reference.
Overview first · details on demand
The complete design loop: define, decompose, compose, evaluate, and improve
How to explore: choose a topic, then select a node to reveal its guidance and connections.
6 concepts · 6 connections
A complete product may contain several of these. Classify each responsibility separately instead of assigning one architecture to everything.
Reaching an implementation node is not the end of classification. Record the boundary and reasoning so the part can be composed, evaluated, and replaced independently.
Ask what happens if the step is wrong, expensive, unsafe, irreversible, or difficult to verify.
Use deterministic checks when possible and human approval when cost, safety, privacy, legal, or irreversible consequences are high.
The goal is to resolve valid refund requests quickly without approving ineligible or suspicious claims. The system is a known workflow containing several implementation families, not one general-purpose agent.
intent -> [order lookup | risk score] -> eligibility -> response -> approval -> action
Classify intent and extract order number, product, reason, and requested action into a schema.
Known database and API calls should return authoritative records without model judgment.
Dates, product categories, prior refunds, and policy limits can be evaluated explicitly.
A score over structured behavioral data can be validated against historical outcomes.
Generate a clear response grounded in the policy decision and retrieved account facts.
Validate the amount and permissions, require review above a threshold, then call an idempotent refund API.
Policy accuracy, false approvals, resolution rate, human-review rate, latency, and cost.
Ask for missing information, decline safely when checks fail, or send uncertain cases to a reviewer.
Only for exceptional investigations where the next information source or recovery step cannot be known in advance.
When the available categories and their destinations are known, ask the model for a constrained label or schema. Then let deterministic application code select and start the next task.
This removes agent descriptions from the prompt, reduces token cost and ambiguity, and makes routing testable. Keep an orchestrator only for the genuinely exceptional path.
Use when every step requires the previous output. Validate the contract at each boundary.
Use when branches are independent until synthesis. It can reduce latency and isolate failures.
Use when some, but not all, steps depend on one another. This is common in production systems.
Use only when dependencies emerge at runtime. Bound it with tools, permissions, budgets, and stop conditions.
These concerns matter across the system, but answering them too early overloads the opening architecture decision. Attach them once each part has a defined responsibility.
What information is needed, where does it live, and how should it be selected?
Choose deterministic selection for known context, semantic retrieval for discovery, and dynamic selection only when runtime evidence requires it.
What can the system do, and which actions are safe?
Define permissions, approvals, timeouts, idempotency, rollback paths, and ownership before exposing a tool to an agent.
What must persist, and what should never be remembered?
Separate temporary working state from durable memory. Define retention, correction, privacy, and evaluation behavior.
When should the system retry, clarify, fall back, or stop?
Bound attempts and cost. Prefer a safer model, explicit rules, human escalation, or a no-op over uncontrolled repetition.
How are unsafe, private, prohibited, or irreversible actions handled?
Apply controls before and after model calls, and require human approval where consequences are high.
What gets logged, inspected, and converted into an evaluation case?
Trace decisions, tool calls, latency, cost, validation failures, recovery paths, and reviewer corrections.
Evaluation starts before architecture and continues in production. It should test individual components and the complete system, including operational behavior and recovery.
Start small but concrete. Include common cases, edge cases, known failures, risky examples, and examples from real usage when possible.
Use exact labels where possible. For fuzzy work, score correctness, completeness, grounding, format compliance, usefulness, and safety.
Measure task success, error rate by type, regression rate, cost, latency, tool failures, human-review rate, and failure recovery.
For every change, ask what improved, what regressed, what became cheaper or faster, and what became riskier. Keep a regression set.
Collect traces, user corrections, reviewer decisions, drift signals, cost and latency trends, and failure reports after launch.
Clarify the task first, then improve checks, data, prompts and schemas, retrieval and tools, workflows, and finally agent policy.
Write down the desired outcome, inputs, triggers, expected output or action, stakeholder, value, failure impact, and how failure will be detected and fixed.
Create a representative dataset, expected outputs or labels, rubrics for fuzzy outputs, and success, cost, latency, and risk metrics before choosing architecture.
Ask whether explicit code can solve the complete system. If yes, build deterministic software. If no, decompose it and repeat the question at smaller levels.
Split the system into loops, subsystems, tasks, or subtasks. Give each an input, output, caller, context requirement, failure mode, and verification method.
Work on one responsibility at a time. This prevents the architecture of the most complex part from being applied unnecessarily to every other part.
Choose among deterministic logic, structured statistical prediction, bounded semantic work, a known LLM workflow, or a dynamic agentic loop. Add review where risk demands it.
Document what implementation family was chosen, what remains deterministic, why AI or agency is needed, interfaces, evaluation cases, failure handling, and dependencies.
Model dependencies as a sequential chain, parallel fan-out and fan-in, partial DAG, dynamic coordination, fallbacks, and human gates. Define every interface.
Return to the next subtask until the complete dependency graph has an intentional implementation choice for every responsibility.
Run the composed system against the evaluation set. Measure success, errors, cost, latency, safety, failure detection, and human-review burden end to end.
Find the weakest step, make the lowest-complexity improvement, update the evaluation set, and rerun the loop with evidence.
If a wrong result is expensive, unsafe, private, legally significant, or irreversible, add deterministic validation and human approval regardless of which architecture the tree recommends. Autonomy should shrink as consequences grow.