End-to-end demo of the compiling-architecture skill workflow on an enterprise 4-agent hierarchical research-automation system.
Steps 1-2: author writes the agentic part of the spec;
the compiler REJECTS it because agentic-jumpstarter--anthropic
(a Claude Code Stop-hook workflow pattern) matched against the assumed
agentic shape but requires a key-value store that wasn't enabled. The
annotated rejection output shows every activation path that brought
the pattern in.
Steps 3-7: author iteratively addresses each signal — disallow the unwanted pattern, switch to a platform that fits multi-agent topologies (Dify), then commit to a real cost story to clear the ceiling overrun.
Steps 8-10: review the per-pattern assumed configs
(with Options annotations showing alternatives), override
the ones that matter for this workload, then promote every assumption
into the explicit spec body and prepend the
# STATUS: APPROVED comment header. The result is a
self-contained architecture.yaml the
skills/implementing-architecture skill reads as its input
contract.
The author writes the agentic part of the spec. Headline choices (in the highlight pill):
hosting: n8n — the team's existing workflow-
automation platform; choice will be revisited in steps 5/6.topology: hierarchical — a research coordinator
decomposes queries and dispatches workers; consistent with
the agent shape below.archetype — orchestrator (coordinator), two
extractors (web-searcher + document-analyzer), synthesis
(combines findings with provenance).models — both primary AND fallback candidates,
per agent. Primary picks the model the agent should normally
use (Opus for coordinator + synthesizer; Sonnet for
extractors). Fallback degrades to a cheaper / faster tier
when the primary fails or is unavailable (Sonnet fallback
for the Opus agents; Haiku fallback for the Sonnet agents).
The compiler has no opinion about who your fallback should
be, so this is always a spec-author decision — declaring
both roles up front is good practice.escalation.policy: never,
mutating_actions: false, dynamic_ui: false,
streaming: false, processing_mode: realtime,
session_strategy: stateless. These shape what
patterns can activate.integrations.slack: true declares the only external
system the agent talks to. Everything else
(caching, async_messaging, NFRs, cost intent, operating_model) is
left unspecified — the compiler fills it as assumptions.project:
name: research-agentic
domain: knowledge-management
functional:
summary: 'Multi-agent research system. A coordinator decomposes user queries,
dispatches web-search and document-analysis workers in parallel,
and a synthesizer combines findings with provenance. Notify on Slack.
'
constraints:
cloud: agnostic
language: python
platform: api
features:
ai_inference: true
agentic_system:
hosting: n8n
topology: hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents:
- agent: research-coordinator
archetype: orchestrator
purpose: Decompose research queries, dispatch workers, evaluate synthesis,
post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor
purpose: Analyze internal documents for query-relevant content; return findings
with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
The compiler rejects the spec based on its assumptions — every unspecified field gets a default value, the full pattern set is evaluated against the combined explicit+assumed view, and the rejection trips on a pattern that activated but couldn't be satisfied. Three things to read carefully in the verbose output:
# pattern-id shows which patterns activated on
that spec value. Look for
# agentic-jumpstarter--anthropic entries — those
are the activation gates that brought the rejected pattern in
(cloud, agentic_system, archetype, host_platform).# ❌ rejection line: the
gate the pattern failed —
/constraints/features/key_value_store == True.
The pattern needs a KV store for phase-state persistence
between Stop-hook continuations; the spec didn't enable one.💡 Suggestions trailer: the
full list of activation paths so the spec author knows which
field to adjust to redirect away from this pattern.assumptions block): caching=false,
async_messaging=false, low default throughput, 0-engineer ops
team, tight default ceilings, etc. These assumptions feed back
into pattern matching too — a different assumption set might
activate different patterns.# ─── ❌ COMPILER REJECTED THIS SPEC ───
❌ Constraints/NFRs trade-off requirements not met:
[agentic-jumpstarter--anthropic] /constraints/features/key_value_store == True
→ Pattern requires a key-value store for phase state persistence between Stop hook continuations. Without features.key_value_store == true, the supporting infrastructure is missing.
💡 Suggestions — consider changing these activation fields:
agentic-jumpstarter--anthropic activated by:
/constraints/features/agentic_system != none
/constraints/features/agentic_system/agents[*]/archetype contains-any [orchestrator]
/constraints/features/agentic_system/agents[*]/models[*]/candidates[*]/host_platform contains-any [anthropic]
/constraints/cloud in [agnostic | aws | azure | gcp | on-prem | nvidia | n/a]
# ─── input spec with pattern-activation annotations ───
# Each `# pattern-id` shows the patterns that activated on this spec value.
cloud: agnostic # agentic-jumpstarter--anthropic
agentic_system: # agentic-jumpstarter--anthropic
archetype: orchestrator # agentic-jumpstarter--anthropic
- host_platform: anthropic # agentic-jumpstarter--anthropic
- host_platform: anthropic # agentic-jumpstarter--anthropic
archetype: extractor # agentic-jumpstarter--anthropic
- host_platform: anthropic # agentic-jumpstarter--anthropic
- host_platform: anthropic # agentic-jumpstarter--anthropic
archetype: extractor # agentic-jumpstarter--anthropic
- host_platform: anthropic # agentic-jumpstarter--anthropic
- host_platform: anthropic # agentic-jumpstarter--anthropic
archetype: synthesis # agentic-jumpstarter--anthropic
- host_platform: anthropic # agentic-jumpstarter--anthropic
- host_platform: anthropic # agentic-jumpstarter--anthropic
# ─── what the compiler FILLED IN as assumptions ───
assumptions:
constraints:
tenantCount: 1
features:
caching: false
async_messaging: false
multi_tenancy: false
batch_processing: false
distributed_transactions: false
real_time_streaming: false
vector_search: false
document_store: false
key_value_store: false # ❌ agentic-jumpstarter--anthropic
graph_database: false
time_series_db: false
oltp_workload: true
olap_workload: false
cold_archive_tiering: false
messaging_delivery_guarantee: null
nfr:
rpo_minutes: 60
rto_minutes: 60
latency:
p95Milliseconds: 500
p99Milliseconds: 1000
jobStartP95Seconds: null
jobStartP99Seconds: null
throughput:
peak_jobs_per_hour: null
peak_query_per_second_read: 5
peak_query_per_second_write: 1
data:
retention_days: 90
pii: false
compliance:
consistency:
needsReadYourWrites: false
durability:
strict: false
security:
# … (more defaults below; expand the full output to see them)
project:
name: research-agentic
domain: knowledge-management
functional:
summary: "Multi-agent research system. A coordinator decomposes user queries,
dispatches web-search and document-analysis workers in parallel,
and a synthesizer combines findings with provenance. Notify on Slack.
"
constraints:
cloud: agnostic # agentic-jumpstarter--anthropic
language: python
platform: api
features:
ai_inference: true
agentic_system: # agentic-jumpstarter--anthropic
hosting: n8n
topology: hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents:
- agent: research-coordinator
archetype: orchestrator # agentic-jumpstarter--anthropic
purpose: Decompose research queries, dispatch workers, evaluate synthesis, post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-jumpstarter--anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic # agentic-jumpstarter--anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor # agentic-jumpstarter--anthropic
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-jumpstarter--anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic # agentic-jumpstarter--anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor # agentic-jumpstarter--anthropic
purpose: Analyze internal documents for query-relevant content; return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-jumpstarter--anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic # agentic-jumpstarter--anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis # agentic-jumpstarter--anthropic
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-jumpstarter--anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic # agentic-jumpstarter--anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
assumptions:
constraints:
saas-providers:
disallowed-saas-providers:
ai-inference-platforms:
disallowed-ai-inference-platforms:
model-vendors:
disallowed-model-vendors:
tenantCount: 1
features:
caching: false
async_messaging: false
multi_tenancy: false
batch_processing: false
distributed_transactions: false
real_time_streaming: false
vector_search: false
document_store: false
key_value_store: false # ❌ agentic-jumpstarter--anthropic
graph_database: false
time_series_db: false
oltp_workload: true
olap_workload: false
cold_archive_tiering: false
messaging_delivery_guarantee: null
nfr:
availability:
target: 0.95
rpo_minutes: 60
rto_minutes: 60
latency:
p95Milliseconds: 500
p99Milliseconds: 1000
jobStartP95Seconds: null
jobStartP99Seconds: null
throughput:
peak_jobs_per_hour: null
peak_query_per_second_read: 5
peak_query_per_second_write: 1
data:
retention_days: 90
pii: false
compliance:
gdpr: false
gdpr_rtbf: false
ccpa: false
hipaa: false
sox: false
consistency:
needsReadYourWrites: false
durability:
strict: false
security:
auth: oauth2_oidc
tenant_isolation: n/a
audit_logging: false
agentic_system:
target:
prompt_injection_block_rate_min: 0.95
output_safety_pass_rate_min: 0.99
pii_leak_rate_max: 0.01
jailbreak_detection_rate_min: 0.9
hallucination_rate_max: 0.1
toxic_output_rate_max: 0.005
operating_model:
on_call: false
deploy_freq: weekly
ops_team_size: 0
single_resource_monthly_ops_usd: 10000
amortization_months: 24
cost:
intent:
priority: minimize-opex
ceilings:
monthly_operational_usd: 500
one_time_setup_usd: 1000
preferences:
prefer_free_tier_if_possible: true
prefer_saas_first: false
patterns:
meta:
agentic-multi-agent-required:
agentic-system-required:
P0:
arch-serverless:
function_runtime_model: faas
cold_start_optimization: minimal
state_management: external
event_sources: api_gateway
observability_level: standard
db-managed-postgres:
provider: supabase
instance_size: small
storage_gb: 8
backup_retention_days: 7
connection_pooling: true
high_availability: false
ssl_mode: require
arch-serverless-pay-per-use:
compute_type: function
memory_size_mb: 1024
timeout_seconds: 30
cold_start_optimization: standard
concurrency_model: auto
agentic-topology--hierarchical:
message_envelope_shape: structured_json
response_envelope_shape: structured_json
failure_policy_retry_max: 2
failure_policy_retry_backoff: exponential
failure_policy_retry_initial_ms: 1000
failure_policy_on_terminal_failure: surface_partial
failure_policy_cancel_siblings_on_failure: false
aggregation_strategy: concat_with_attribution
agentic-jumpstarter--anthropic:
agentic-session--stateless:
hosting-agentic-workflow-automation--n8n:
agentic-model-vendor--anthropic:
enable_token_efficient_tool_use_beta: true
prompt_caching_recommended_blocks:
- system_prompt
- tool_definitions
- long_context_documents
agentic-inference--anthropic:
enable_token_efficient_tool_use_beta: true
iac-terraform:
state_backend: s3
workspace_strategy: single
module_structure: monorepo
ci_cd_integration: github-actions
drift_detection: false
P1:
agentic-output-safety-guardrail:
detection_action: redact-and-continue
obs-agentic-system:
log_full_prompts: false
agentic-input-safety-guardrail:
fallback_on_guardrail_failure: fail-closed
block_action: reject-with-explanation
agentic-tool-scoped-credentials:
fail_action_on_credential_error: fail-closed
agentic-multi-pass-review:
review_session_isolation: fully_independent
api-rest-resource-oriented:
pagination_style: offset
max_page_size: 100
versioning_strategy: uri
filtering_style: query_params
cache_strategy: etag
id_format: uuid
response_envelope: false
agentic-validation-retry-loop:
sync-request-reply-rest:
timeout_seconds: 30
retry_strategy: exponential_backoff
max_retries: 3
circuit_breaker_enabled: true
rate_limiting_strategy: token_bucket
idempotency_required: false
agentic-tool-use-extraction:
composes:
layered_after:
- agentic-output-safety-guardrail
deploy-rolling:
batch_size: 25_percent
health_check_grace_period: 30
rollback_on_failure: true
deployment_strategy: replace_one_by_one
max_unavailable: 0_percent
composes:
layered_after:
- iac-terraform
sec-auth-oauth2-oidc:
oauth_flow: authorization_code
token_storage: secure_storage
pkce_enabled: true
scope_strategy: minimal
token_refresh: automatic
id_token_validation: strict
composes:
wraps:
- api-rest-resource-oriented
crud-single-model:
api_style: rest
validation_strategy: server-side
soft_delete: false
audit_logging: false
pagination_default_size: 20
finops-cost-allocation-tags:
tagging_strategy: hierarchical
enforcement_level: required
cost_allocation_model: showback
tag_inheritance: true
automated_tagging: true
release-feature-flags:
flag_storage: config_file
evaluation_strategy: simple_boolean
targeting_capability: none
kill_switch_enabled: true
audit_logging: false
obs-telemetry-backend:
metrics_retention_days: 15
log_retention_days: 7
backend_ha: false
obs-open-telemetry-baseline:
export_backend: otlp
trace_sampling_strategy: parent-based
trace_sampling_rate: 1.0
metrics_export_interval: 60
log_correlation: true
resource_detection: true
propagation_format: w3c-tracecontext
composes:
co_runs_with:
- api-rest-resource-oriented
secrets-env-vars:
injection_method: runtime
secret_rotation_support: false
prefix_convention: APP_SECRET_
validation_on_startup: true
finops-budget-guardrails:
budget_period: monthly
alert_thresholds:
- 50
- 80
- 100
enforcement_action: alert
tagging_strategy: mandatory
policy_enforcement: soft
cost_allocation_level: project
ops-slo-error-budgets:
slo_target_percentage: 99.9
measurement_window_days: 30
error_budget_policy: halt-deployments
sli_type: availability
alerting_threshold_percentage: 80
agentic-provenance-tracking:
P2:
api-versioning-header:
version_header_name: API-Version
version_format: date-based
fallback_behavior: latest-stable
content_negotiation: false
deprecation_policy: warning-header
gov-system-manifest:
manifest_path: docs/architecture/manifest.yaml
manifest_format: yaml
manifest_scope:
- agent-tools
- agent-skills
- agent-models
- agent-prompts
pin_versions: true
ci_validation: required
drift_policy: fail-build
composes:
layered_after:
- iac-terraform
co_runs_with:
- release-feature-flags
- gov-adrs-mandatory
- ops-runbooks
P3:
ops-runbooks:
runbook_format: markdown
incident_severity_levels: 4
escalation_policy: tiered
automation_integration: manual
review_frequency: quarterly
gov-adrs-mandatory:
adr_format: madr
storage_location: docs/adrs
decision_threshold: significant
review_requirement: peer-review
❌ Constraints/NFRs trade-off requirements not met:
[agentic-jumpstarter--anthropic] /constraints/features/key_value_store == True
→ Pattern requires a key-value store for phase state persistence between Stop hook continuations. Without features.key_value_store == true, the supporting infrastructure is missing.
💡 Suggestions — consider changing these activation fields:
agentic-jumpstarter--anthropic activated by:
/constraints/features/agentic_system != none
/constraints/features/agentic_system/agents[*]/archetype contains-any [orchestrator]
/constraints/features/agentic_system/agents[*]/models[*]/candidates[*]/host_platform contains-any [anthropic]
/constraints/cloud in [agnostic | aws | azure | gcp | on-prem | nvidia | n/a]
# ❌ line shows
the gate it failed, the 💡 Suggestions trailer
tells you what to change. In this case the team doesn't run
long-autonomous Stop-hook workflows, so the right move isn't
to add a KV store — it's to disallow the pattern (step 3).The team doesn't run long-autonomous Stop-hook workflows, so they
explicitly tell the compiler to never consider that pattern by
adding it to disallowed-patterns. This is the spec
author's escape hatch when a pattern matches the shape but isn't
operationally a fit. Expand the inline-spec disclosure below to
see the spec at this stage.
disallowed-patterns:
- agentic-jumpstarter--anthropic
project:
name: research-agentic
domain: knowledge-management
functional:
summary: 'Multi-agent research system. A coordinator decomposes user queries,
dispatches web-search and document-analysis workers in parallel,
and a synthesizer combines findings with provenance. Notify on Slack.
'
constraints:
cloud: agnostic
language: python
platform: api
features:
ai_inference: true
agentic_system:
hosting: n8n
topology: hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents:
- agent: research-coordinator
archetype: orchestrator
purpose: Decompose research queries, dispatch workers, evaluate synthesis,
post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor
purpose: Analyze internal documents for query-relevant content; return findings
with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
disallowed-patterns:
- agentic-jumpstarter--anthropic
No more rejection. The compiler accepts the spec and produces a
complete pattern selection. Verbose mode adds two
kinds of information beyond plain compile: (a) every spec field
gets an inline # pattern-id, pattern-id, ...
annotation listing the patterns that activated on it; (b) the
rejected-patterns.yaml side file gets per-pattern
reasoning for everything the compiler considered and dropped.
Two issues still need attention:
agentic-multi-agent-required —
n8n is workflow-automation, not a multi-agent
runtime.# ─── what the compiler FILLED IN as assumptions ───
assumptions:
constraints:
tenantCount: 1
features:
caching: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (19 more)
async_messaging: false # arch-serverless, agentic-output-safety-guardrail, obs-agentic-system, ... (20 more)
multi_tenancy: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
batch_processing: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (12 more)
distributed_transactions: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
real_time_streaming: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
vector_search: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
document_store: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
key_value_store: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
graph_database: false # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
time_series_db: false # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
oltp_workload: true # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
olap_workload: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
cold_archive_tiering: false
nfr:
rpo_minutes: 60 # secrets-env-vars, finops-budget-guardrails
rto_minutes: 60 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
latency:
p95Milliseconds: 500 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
p99Milliseconds: 1000 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
throughput:
peak_query_per_second_read: 5 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
peak_query_per_second_write: 1 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (3 more)
data:
retention_days: 90
pii: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
compliance:
consistency:
needsReadYourWrites: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (15 more)
durability:
strict: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
security:
auth: oauth2_oidc # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (15 more)
tenant_isolation: n/a # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
audit_logging: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
operating_model:
# … (more defaults below; expand the full output to see them)
# ─── Matched Patterns based on input spec ───
# meta = policy gates (always emitted when their feature flag is set)
# P0 = high priority — load-bearing architectural decisions
# P1 = mid priority — operational + observability + security baseline
# P2/P3 = lower priority — refinements + governance + docs
# Override priority by adding `patterns.<id>.recommended_priority: P0` to spec.
patterns:
meta: # (2 patterns)
- agentic-multi-agent-required # Meta-policy pattern that activates when an agentic system has 2 or more agents and enforces topology specification AND surfaces multi-agent-specific risk warnings.
- agentic-system-required # Meta-policy pattern that activates when agentic_system is enabled and enforces that the spec's agentic-system fields are correctly populated and reference valid platforms.
P0: # (9 patterns)
- arch-serverless # Structure the system as stateless, event-driven function handlers backed by managed services. No persistent servers — each function activates on demand, executes, and terminates. The architectural commitment is to build around events and cloud-managed primitives rather than long-running processes.
- db-managed-postgres # Use low-ops managed Postgres DBaaS providers (e.g., Supabase and managed cloud Postgres offerings) to reduce DB operations overhead; validate quotas, compliance, and scale limits.
- arch-serverless-pay-per-use # Eliminate idle infrastructure cost by running compute on a pay-per-execution billing model rather than paying for always-on instances. Well-suited to bursty or unpredictable workloads where provisioned servers would sit idle most of the time. This is a cost optimisation pattern, not an architectural style — it can apply to any workload that tolerates cold starts.
- agentic-topology--hierarchical # Central coordinator/orchestrator agent dynamically decomposes tasks, delegates to specialized worker agents (extractors, analyzers, synthesizers), and combines results.
- agentic-session--stateless # Each request is independent; the agent does not persist any conversation context between invocations.
- hosting-agentic-workflow-automation--n8n # n8n workflow orchestration platform with AI Agent node and tool nodes.
- agentic-model-vendor--anthropic # Architectural pattern for systems whose models are built by Anthropic (the Claude family: Opus, Sonnet, Haiku).
- agentic-inference--anthropic # LLM inference via Anthropic's direct API (api.anthropic.com).
- iac-terraform # Manage infra declaratively with Terraform modules, state, and pipelines.
P1: # (20 patterns)
- agentic-output-safety-guardrail # Post-LLM scan of agent outputs before delivery to users or external systems.
- obs-agentic-system # Production observability tailored for agentic systems. Adds agent-specific tracing (LLM call inputs/outputs, tool dispatch, step graph), cost attribution per archetype/tenant/task, token budget accounting, eval-metric streams, and agent lifecycle metrics. Composes on top of obs-open-telemetry-baseline. Selected unconditionally when agentic_system is declared.
- agentic-input-safety-guardrail # Pre-flight inspection of user inputs and tool-returned content before they reach the agent's LLM.
- agentic-tool-scoped-credentials # Each tool call uses a credential narrowly scoped to that tool's operation, not a shared agent-wide credential.
- agentic-multi-pass-review # Architecture where one agent session generates output and a separate, independent session reviews it.
- api-rest-resource-oriented # REST API designed around resources (nouns) manipulated via standard HTTP verbs (GET, POST, PUT, DELETE, PATCH). Resources are identified by stable URLs, responses are cacheable by default, and pagination/filtering are expressed as query parameters. Simpler tooling and stronger HTTP cache semantics than GraphQL; well-suited to public APIs and CRUD-heavy domains.
- agentic-validation-retry-loop # Layered pattern that wraps any agent output with deterministic validation and retries with specific error feedback.
- sync-request-reply-rest # Synchronous HTTP APIs; simple integration; needs timeouts/retries/backpressure.
- agentic-tool-use-extraction # Single-shot structured data extraction using the tool_use mechanism with a forced tool_choice.
composes:
layered_after: ['agentic-output-safety-guardrail']
- deploy-rolling # Gradually replace instances; simplest for stateless services; requires backward-compatible changes.
composes:
layered_after: ['iac-terraform']
- sec-auth-oauth2-oidc # Use OAuth2 flows with OIDC identity tokens; standardized claims; delegated auth support.
composes:
wraps: ['api-rest-resource-oriented']
- crud-single-model # Simple CRUD on one canonical model; lowest complexity; best for straightforward domains.
- finops-cost-allocation-tags # Tagging/labeling strategy for per-tenant/product cost allocation and chargeback/showback.
- release-feature-flags # Decouple deploy from release; safer experiments; needs kill switches and governance.
- obs-telemetry-backend # Self-hosted observability backend combining Prometheus (metrics storage and alerting), Grafana (dashboards), and Loki (structured log aggregation). Provides the storage and query layer for traces, metrics, and logs; consumed by instrumentation and monitoring strategy patterns. Preferred when data residency, cost control, or customization requirements preclude a managed SaaS observability backend.
- obs-open-telemetry-baseline # Standardize traces/metrics/log correlation via OpenTelemetry; export to vendor or OSS backends.
composes:
co_runs_with: ['api-rest-resource-oriented']
- secrets-env-vars # Inject secrets as env vars; simple but risk of exposure; requires strict process controls.
- finops-budget-guardrails # Implement budgets, alerts, tagging, and policy-as-code guardrails to enforce cost ceilings and prevent runaway spend.
- ops-slo-error-budgets # Define SLOs and error budgets to balance reliability and velocity.
- agentic-provenance-tracking # Architectural pattern for synthesis agents that combine findings from multiple sources into a unified output.
P2: # (2 patterns)
- api-versioning-header # Version via headers/media types; keeps URLs stable; harder to debug and cache.
- gov-system-manifest # Pin and govern the inventory of components (agent-tools, agent-skills, agent-models, agent-prompts, services, data sources, external dependencies) the system depends on at a declared manifest path; CI validates on every PR and drift between manifest and built system fails the build.
composes:
layered_after: ['iac-terraform']
co_runs_with: ['release-feature-flags', 'gov-adrs-mandatory', 'ops-runbooks']
P3: # (2 patterns)
- ops-runbooks # Standard runbooks for incidents and routine ops; reduces MTTR and on-call stress.
- gov-adrs-mandatory # Record architecture decisions and tradeoffs; improves continuity; keep lightweight.
# ─── warns and cost feasibility ───
# ============================================================
# Cost Feasibility Analysis (Summary)
# ============================================================
#
# Intent: minimize-opex
# Amortization: 24 months
# Total Patterns Selected: 35
#
# COST BREAKDOWN:
# ────────────────────────────────────────────────────────────
# Total CapEx (one-time): $ 80,450
# Pattern OpEx (monthly): $ 610
# Ops Team Cost (monthly): $ 0
# Total OpEx (monthly): $ 610
# Total TCO (24mo): $ 95,090
#
# COST CEILINGS:
# ────────────────────────────────────────────────────────────
# CapEx Ceiling: $ 1,000 ✗ FAIL
# OpEx Ceiling (monthly): $ 500 ✗ FAIL
#
# ⚠️ WARNINGS:
# ────────────────────────────────────────────────────────────
# [high] cost_opex_exceeds_ceiling:
# Total monthly operational cost ($610) exceeds ceiling ($500) by $110 (intent: minimize-opex)
#
# Suggestions:
# - Increase monthly ceiling to $610 or more
# - Remove high-cost patterns: ops-slo-error-budgets, agentic-topology--hierarchical, obs-agentic-system
# - Reduce ops_team_size from 0
#
# ============================================================
# ============================================================
# ⚠️ Pattern Advisory Warnings
# (Patterns are still SELECTED — review these before finalizing)
# ============================================================
#
# [warning] warn_constraints:
# agentic-multi-agent-required: Spec hosts a multi-agent system on a workflow-automation platform. These platforms model linear/branching node graphs, not multi-agent orchestration — they lack structured inter-agent envelopes, parallel agent execution with aggregation, hierarchical orchestration, and shared agent state. Sequential 2-agent flows can be expressed as LLM-node chains; hierarchical/parallel/routing/hybrid topologies typically cannot. Consider hosting-agentic-container (any cloud) or a managed agent platform (hosting-agentic-managed-ai-platform--aws-bedrock-agentcore / vertex-agent-builder / azure-ai-foundry-agents).
#
# Suggestions:
# - agentic-multi-agent-required: Spec hosts a multi-agent system on a workflow-automation platform. These platforms model linear/branching node graphs, not multi-agent orchestration — they lack structured inter-agent envelopes, parallel agent execution with aggregation, hierarchical orchestration, and shared agent state. Sequential 2-agent flows can be expressed as LLM-node chains; hierarchical/parallel/routing/hybrid topologies typically cannot. Consider hosting-agentic-container (any cloud) or a managed agent platform (hosting-agentic-managed-ai-platform--aws-bedrock-agentcore / vertex-agent-builder / azure-ai-foundry-agents).
#
# ============================================================
project:
name: research-agentic
domain: knowledge-management
functional:
summary: "Multi-agent research system. A coordinator decomposes user queries,\ndispatches web-search and document-analysis workers in parallel,\nand a synthesizer combines findings with provenance. Notify on Slack.\n"
constraints:
cloud: agnostic # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
language: python # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
platform: api # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
features:
ai_inference: true # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (11 more)
agentic_system: # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (12 more)
hosting: n8n # hosting-agentic-workflow-automation--n8n
topology: hierarchical # agentic-topology--hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents: # agentic-topology--hierarchical, agentic-multi-agent-required
- agent: research-coordinator
archetype: orchestrator # agentic-multi-pass-review
purpose: Decompose research queries, dispatch workers, evaluate synthesis, post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor # agentic-multi-pass-review, agentic-validation-retry-loop, agentic-tool-use-extraction
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor # agentic-multi-pass-review, agentic-validation-retry-loop, agentic-tool-use-extraction
purpose: Analyze internal documents for query-relevant content; return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis # agentic-provenance-tracking
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
disallowed-patterns:
- agentic-jumpstarter--anthropic
assumptions:
constraints:
saas-providers: []
disallowed-saas-providers: []
ai-inference-platforms: []
disallowed-ai-inference-platforms: []
model-vendors: []
disallowed-model-vendors: []
tenantCount: 1
features:
caching: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (19 more)
async_messaging: false # arch-serverless, agentic-output-safety-guardrail, obs-agentic-system, ... (20 more)
multi_tenancy: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
batch_processing: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (12 more)
distributed_transactions: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
real_time_streaming: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
vector_search: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
document_store: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
key_value_store: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
graph_database: false # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
time_series_db: false # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
oltp_workload: true # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
olap_workload: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
cold_archive_tiering: false
nfr:
availability:
target: 0.95 # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (12 more)
rpo_minutes: 60 # secrets-env-vars, finops-budget-guardrails
rto_minutes: 60 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
latency:
p95Milliseconds: 500 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
p99Milliseconds: 1000 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
throughput:
peak_query_per_second_read: 5 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
peak_query_per_second_write: 1 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (3 more)
data:
retention_days: 90
pii: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
compliance:
gdpr: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
gdpr_rtbf: false # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (1 more)
ccpa: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
hipaa: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
sox: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
consistency:
needsReadYourWrites: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (15 more)
durability:
strict: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
security:
auth: oauth2_oidc # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (15 more)
tenant_isolation: n/a # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
audit_logging: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
agentic_system:
target:
prompt_injection_block_rate_min: 0.95 # agentic-input-safety-guardrail
output_safety_pass_rate_min: 0.99 # agentic-output-safety-guardrail, obs-agentic-system
pii_leak_rate_max: 0.01 # agentic-output-safety-guardrail
jailbreak_detection_rate_min: 0.9 # agentic-input-safety-guardrail
hallucination_rate_max: 0.1 # obs-agentic-system, agentic-multi-pass-review
toxic_output_rate_max: 0.005 # agentic-output-safety-guardrail
operating_model:
on_call: false
deploy_freq: weekly
ops_team_size: 0
single_resource_monthly_ops_usd: 10000
amortization_months: 24
cost:
intent:
priority: minimize-opex
ceilings:
monthly_operational_usd: 500
one_time_setup_usd: 1000
preferences:
prefer_free_tier_if_possible: true # db-managed-postgres, agentic-output-safety-guardrail, obs-agentic-system, ... (12 more)
prefer_saas_first: false
patterns:
meta:
agentic-multi-agent-required: {} # Meta-policy pattern that activates when an agentic system has 2 or more agents and enforces topology specification AND surfaces multi-agent-specific risk warnings.
agentic-system-required: {} # Meta-policy pattern that activates when agentic_system is enabled and enforces that the spec's agentic-system fields are correctly populated and reference valid platforms.
P0:
arch-serverless: # Structure the system as stateless, event-driven function handlers backed by managed services. No persistent servers — each function activates on demand, executes, and terminates. The architectural commitment is to build around events and cloud-managed primitives rather than long-running processes.
function_runtime_model: faas # Options: faas, container_functions, hybrid
cold_start_optimization: minimal # Options: minimal, provisioned_concurrency, keep_warm
state_management: external # Options: external, durable_functions, step_functions
event_sources: api_gateway # Options: api_gateway, event_bus, stream_processing, multi_trigger
observability_level: standard # Options: standard, enhanced, distributed_tracing
db-managed-postgres: # Use low-ops managed Postgres DBaaS providers (e.g., Supabase and managed cloud Postgres offerings) to reduce DB operations overhead; validate quotas, compliance, and scale limits.
provider: supabase # Options: supabase, neon, render, railway, digitalocean-app-platform
instance_size: small # Options: micro, small, medium, large
storage_gb: 8 # Range: 1-500
backup_retention_days: 7 # Range: 1-30
connection_pooling: true # Boolean
high_availability: false # Boolean
ssl_mode: require # Options: disable, allow, prefer, require, verify-ca, verify-full
arch-serverless-pay-per-use: # Eliminate idle infrastructure cost by running compute on a pay-per-execution billing model rather than paying for always-on instances. Well-suited to bursty or unpredictable workloads where provisioned servers would sit idle most of the time. This is a cost optimisation pattern, not an architectural style — it can apply to any workload that tolerates cold starts.
compute_type: function # Options: function, container
memory_size_mb: 1024 # Options: 128, 256, 512, 1024, 2048, 4096
timeout_seconds: 30 # Range: 3-900
cold_start_optimization: standard # Options: standard, provisioned, warm-pool
concurrency_model: auto # Options: auto, reserved, limited
agentic-topology--hierarchical: # Central coordinator/orchestrator agent dynamically decomposes tasks, delegates to specialized worker agents (extractors, analyzers, synthesizers), and combines results.
message_envelope_shape: structured_json # Options: structured_json, freeform_string, hybrid
response_envelope_shape: structured_json # Options: structured_json, freeform_string, hybrid
failure_policy_retry_max: 2 # Min: 0
failure_policy_retry_backoff: exponential # Options: exponential, linear, immediate, none
failure_policy_retry_initial_ms: 1000 # Min: 0
failure_policy_on_terminal_failure: surface_partial # Options: surface_partial, hard_fail, escalate_to_human
failure_policy_cancel_siblings_on_failure: false # Boolean
aggregation_strategy: concat_with_attribution # Options: sequential_pipe, concat_with_attribution, merge, last_wins, voting_quorum, judge_arbitration, none
agentic-session--stateless: {} # Each request is independent; the agent does not persist any conversation context between invocations.
hosting-agentic-workflow-automation--n8n: {} # n8n workflow orchestration platform with AI Agent node and tool nodes.
agentic-model-vendor--anthropic: # Architectural pattern for systems whose models are built by Anthropic (the Claude family: Opus, Sonnet, Haiku).
enable_token_efficient_tool_use_beta: true # Boolean
prompt_caching_recommended_blocks: # Options: system_prompt, tool_definitions, long_context_documents, few_shot_examples
- system_prompt
- tool_definitions
- long_context_documents
agentic-inference--anthropic: # LLM inference via Anthropic's direct API (api.anthropic.com).
enable_token_efficient_tool_use_beta: true # Boolean
iac-terraform: # Manage infra declaratively with Terraform modules, state, and pipelines.
state_backend: s3 # Options: s3, terraform-cloud, azurerm, gcs, local
workspace_strategy: single # Options: single, per-environment, per-service
module_structure: monorepo # Options: monorepo, separate-repos, registry
ci_cd_integration: github-actions # Options: github-actions, gitlab-ci, terraform-cloud, atlantis, manual
drift_detection: false # Boolean
P1:
agentic-output-safety-guardrail: # Post-LLM scan of agent outputs before delivery to users or external systems.
detection_action: redact-and-continue # Options: redact-and-continue, block-and-explain, block-silent, human-review, regenerate
obs-agentic-system: # Production observability tailored for agentic systems. Adds agent-specific tracing (LLM call inputs/outputs, tool dispatch, step graph), cost attribution per archetype/tenant/task, token budget accounting, eval-metric streams, and agent lifecycle metrics. Composes on top of obs-open-telemetry-baseline. Selected unconditionally when agentic_system is declared.
log_full_prompts: false # Boolean
agentic-input-safety-guardrail: # Pre-flight inspection of user inputs and tool-returned content before they reach the agent's LLM.
fallback_on_guardrail_failure: fail-closed # Options: fail-open, fail-closed
block_action: reject-with-explanation # Options: reject-with-explanation, reject-silent, sanitize-and-continue, human-review
agentic-tool-scoped-credentials: # Each tool call uses a credential narrowly scoped to that tool's operation, not a shared agent-wide credential.
fail_action_on_credential_error: fail-closed # Options: fail-closed, fail-open, fallback-to-shared
agentic-multi-pass-review: # Architecture where one agent session generates output and a separate, independent session reviews it.
review_session_isolation: fully_independent # Options: fully_independent, shared_context_acceptable
api-rest-resource-oriented: # REST API designed around resources (nouns) manipulated via standard HTTP verbs (GET, POST, PUT, DELETE, PATCH). Resources are identified by stable URLs, responses are cacheable by default, and pagination/filtering are expressed as query parameters. Simpler tooling and stronger HTTP cache semantics than GraphQL; well-suited to public APIs and CRUD-heavy domains.
pagination_style: offset # Options: offset, cursor, page_number
max_page_size: 100 # Range: 10-1000
versioning_strategy: uri # Options: uri, header, query_param, none
filtering_style: query_params # Options: query_params, json_body, graphql_like
cache_strategy: etag # Options: etag, last_modified, cache_control, none
id_format: uuid # Options: uuid, integer, slug, composite
response_envelope: false # Boolean
agentic-validation-retry-loop: {} # Layered pattern that wraps any agent output with deterministic validation and retries with specific error feedback.
sync-request-reply-rest: # Synchronous HTTP APIs; simple integration; needs timeouts/retries/backpressure.
timeout_seconds: 30 # Range: 1-300
retry_strategy: exponential_backoff # Options: none, fixed_delay, exponential_backoff, exponential_backoff_jitter
max_retries: 3 # Range: 0-10
circuit_breaker_enabled: true # Boolean
rate_limiting_strategy: token_bucket # Options: none, token_bucket, leaky_bucket, fixed_window, sliding_window
idempotency_required: false # Boolean
agentic-tool-use-extraction: # Single-shot structured data extraction using the tool_use mechanism with a forced tool_choice.
composes:
layered_after:
- agentic-output-safety-guardrail
deploy-rolling: # Gradually replace instances; simplest for stateless services; requires backward-compatible changes.
batch_size: 25_percent # Options: 10_percent, 25_percent, 50_percent, one_at_a_time, all_at_once
health_check_grace_period: 30 # Range: 10-300
rollback_on_failure: true # Boolean
deployment_strategy: replace_one_by_one # Options: replace_one_by_one, rolling_batch, canary_first
max_unavailable: 0_percent # Options: 0_percent, 10_percent, 25_percent
composes:
layered_after:
- iac-terraform
sec-auth-oauth2-oidc: # Use OAuth2 flows with OIDC identity tokens; standardized claims; delegated auth support.
oauth_flow: authorization_code # Options: authorization_code, client_credentials, device_code, implicit
token_storage: secure_storage # Options: secure_storage, memory_only, encrypted_storage, httponly_cookie
pkce_enabled: true # Boolean
scope_strategy: minimal # Options: minimal, role_based, resource_specific
token_refresh: automatic # Options: automatic, manual, sliding_window
id_token_validation: strict # Options: strict, standard, relaxed
composes:
wraps:
- api-rest-resource-oriented
crud-single-model: # Simple CRUD on one canonical model; lowest complexity; best for straightforward domains.
api_style: rest # Options: rest, graphql, rpc
validation_strategy: server-side # Options: server-side, client-side, both
soft_delete: false # Boolean
audit_logging: false # Boolean
pagination_default_size: 20 # Range: 10-100
finops-cost-allocation-tags: # Tagging/labeling strategy for per-tenant/product cost allocation and chargeback/showback.
tagging_strategy: hierarchical # Options: hierarchical, flat, hybrid
enforcement_level: required # Options: required, recommended, optional
cost_allocation_model: showback # Options: chargeback, showback, hybrid
tag_inheritance: true # Boolean
automated_tagging: true # Boolean
release-feature-flags: # Decouple deploy from release; safer experiments; needs kill switches and governance.
flag_storage: config_file # Options: config_file, database, feature_flag_service, environment_variables
evaluation_strategy: simple_boolean # Options: simple_boolean, percentage_rollout, user_targeting, multi_variate
targeting_capability: none # Options: none, user_attributes, context_based, advanced_segments
kill_switch_enabled: true # Boolean
audit_logging: false # Boolean
obs-telemetry-backend: # Self-hosted observability backend combining Prometheus (metrics storage and alerting), Grafana (dashboards), and Loki (structured log aggregation). Provides the storage and query layer for traces, metrics, and logs; consumed by instrumentation and monitoring strategy patterns. Preferred when data residency, cost control, or customization requirements preclude a managed SaaS observability backend.
metrics_retention_days: 15 # Options: 7, 15, 30, 90, 365
log_retention_days: 7 # Options: 1, 3, 7, 14, 30
backend_ha: false # Boolean
obs-open-telemetry-baseline: # Standardize traces/metrics/log correlation via OpenTelemetry; export to vendor or OSS backends.
export_backend: otlp # Options: otlp, jaeger, zipkin, prometheus, datadog, newrelic, honeycomb
trace_sampling_strategy: parent-based # Options: always-on, always-off, parent-based, trace-id-ratio
trace_sampling_rate: 1.0 # Range: 0.0-1.0
metrics_export_interval: 60 # Range: 10-300
log_correlation: true # Boolean
resource_detection: true # Boolean
propagation_format: w3c-tracecontext # Options: w3c-tracecontext, b3, jaeger, multi
composes:
co_runs_with:
- api-rest-resource-oriented
secrets-env-vars: # Inject secrets as env vars; simple but risk of exposure; requires strict process controls.
injection_method: runtime # Options: runtime, build-time, container-startup
secret_rotation_support: false # Boolean
prefix_convention: APP_SECRET_ # Options: APP_SECRET_, SECRET_, SENSITIVE_, none
validation_on_startup: true # Boolean
finops-budget-guardrails: # Implement budgets, alerts, tagging, and policy-as-code guardrails to enforce cost ceilings and prevent runaway spend.
budget_period: monthly # Options: monthly, quarterly, annual
alert_thresholds:
- 50
- 80
- 100
enforcement_action: alert # Options: alert, prevent, throttle
tagging_strategy: mandatory # Options: mandatory, recommended, optional
policy_enforcement: soft # Options: soft, hard, audit
cost_allocation_level: project # Options: project, team, environment, service
ops-slo-error-budgets: # Define SLOs and error budgets to balance reliability and velocity.
slo_target_percentage: 99.9 # Range: 90-99.999
measurement_window_days: 30 # Options: 7, 28, 30, 90
error_budget_policy: halt-deployments # Options: halt-deployments, alert-only, slow-rollouts, require-approval
sli_type: availability # Options: availability, latency, throughput, correctness, composite
alerting_threshold_percentage: 80 # Range: 50-100
agentic-provenance-tracking: {} # Architectural pattern for synthesis agents that combine findings from multiple sources into a unified output.
P2:
api-versioning-header: # Version via headers/media types; keeps URLs stable; harder to debug and cache.
version_header_name: API-Version # Options: API-Version, X-API-Version, Accept-Version, Custom-Header
version_format: date-based # Options: semantic, date-based, sequential
fallback_behavior: latest-stable # Options: latest-stable, oldest-supported, reject-request
content_negotiation: false # Boolean
deprecation_policy: warning-header # Options: sunset-header, warning-header, both
gov-system-manifest: # Pin and govern the inventory of components (agent-tools, agent-skills, agent-models, agent-prompts, services, data sources, external dependencies) the system depends on at a declared manifest path; CI validates on every PR and drift between manifest and built system fails the build.
manifest_path: docs/architecture/manifest.yaml
manifest_format: yaml # Options: yaml, toml, json
manifest_scope: # Options: agent-tools, agent-skills, agent-models, agent-prompts, data_sources, services, external_dependencies
- agent-tools
- agent-skills
- agent-models
- agent-prompts
pin_versions: true # Boolean
ci_validation: required # Options: required, optional, off
drift_policy: fail-build # Options: fail-build, warn-only, off
composes:
layered_after:
- iac-terraform
co_runs_with:
- release-feature-flags
- gov-adrs-mandatory
- ops-runbooks
P3:
ops-runbooks: # Standard runbooks for incidents and routine ops; reduces MTTR and on-call stress.
runbook_format: markdown # Options: markdown, wiki, structured_yaml, ticketing_system
incident_severity_levels: 4 # Options: 3, 4, 5
escalation_policy: tiered # Options: tiered, follow_the_sun, flat, hybrid
automation_integration: manual # Options: manual, semi_automated, fully_automated
review_frequency: quarterly # Options: monthly, quarterly, biannual, post_incident
gov-adrs-mandatory: # Record architecture decisions and tradeoffs; improves continuity; keep lightweight.
adr_format: madr # Options: madr, nygard, y-statements, custom
storage_location: docs/adrs # Options: docs/adrs, docs/architecture/decisions, adr, wiki
decision_threshold: significant # Options: all, significant, strategic-only
review_requirement: peer-review # Options: peer-review, architect-approval, team-consensus, none
# ============================================================
# Cost Feasibility Analysis (Summary)
# ============================================================
#
# Intent: minimize-opex
# Amortization: 24 months
# Total Patterns Selected: 35
#
# COST BREAKDOWN:
# ────────────────────────────────────────────────────────────
# Total CapEx (one-time): $ 80,450
# Pattern OpEx (monthly): $ 610
# Ops Team Cost (monthly): $ 0
# Total OpEx (monthly): $ 610
# Total TCO (24mo): $ 95,090
#
# COST CEILINGS:
# ────────────────────────────────────────────────────────────
# CapEx Ceiling: $ 1,000 ✗ FAIL
# OpEx Ceiling (monthly): $ 500 ✗ FAIL
#
# ⚠️ WARNINGS:
# ────────────────────────────────────────────────────────────
# [high] cost_opex_exceeds_ceiling:
# Total monthly operational cost ($610) exceeds ceiling ($500) by $110 (intent: minimize-opex)
#
# Suggestions:
# - Increase monthly ceiling to $610 or more
# - Remove high-cost patterns: ops-slo-error-budgets, agentic-topology--hierarchical, obs-agentic-system
# - Reduce ops_team_size from 0
#
# ============================================================
# ============================================================
# Cost Feasibility Analysis (Details)
# ============================================================
#
# Intent: minimize-opex
# Amortization: 24 months
#
# Ops team size: 0 engineers (no ops cost)
#
# Ops Team Cost Algorithm (for reference):
# Formula: ops_team_size × single_resource_monthly_ops_usd × on_call_multiplier × deploy_freq_multiplier
# Based on:
# - Google SRE Handbook (2016): On-call burden = 25-50% FTE overhead
# - DORA State of DevOps (2021): Deploy frequency impact on ops overhead
#
# Calculating costs for 35 selected patterns:
#
# PER-PATTERN COSTS:
# ────────────────────────────────────────────────────────────
#
# 1. arch-serverless (match score: 34.00)
# Adoption: $3,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 2. db-managed-postgres (match score: 32.00)
# Adoption: $1,200.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 3. agentic-output-safety-guardrail (match score: 31.00)
# Adoption: $1,800.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $30.0
#
# 4. obs-agentic-system (match score: 31.00)
# Adoption: $4,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $100.0
#
# 5. agentic-input-safety-guardrail (match score: 30.00)
# Adoption: $1,800.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $30.0
#
# 6. agentic-tool-scoped-credentials (match score: 28.00)
# Adoption: $3,000.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $30.0
#
# 7. arch-serverless-pay-per-use (match score: 28.00)
# Adoption: $1,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 8. agentic-multi-pass-review (match score: 26.00)
# Adoption: $5,000.0
# Monthly (min): $50.0
# Monthly (expected): $50.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $50.0
#
# 9. agentic-topology--hierarchical (match score: 26.00)
# Adoption: $8,000.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $100.0
#
# 10. api-rest-resource-oriented (match score: 25.00)
# Adoption: $750.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 11. agentic-validation-retry-loop (match score: 25.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 12. sync-request-reply-rest (match score: 25.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 13. agentic-session--stateless (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $10.0
# Monthly (expected): $10.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $10.0
#
# 14. hosting-agentic-workflow-automation--n8n (match score: 25.00)
# Adoption: $4,000.0
# Monthly (min): $20.0
# Monthly (expected): $20.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $20.0
#
# 15. agentic-multi-agent-required (match score: 25.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 16. agentic-model-vendor--anthropic (match score: 25.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 17. agentic-inference--anthropic (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $5.0
# Monthly (expected): $5.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $5.0
#
# 18. agentic-tool-use-extraction (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $5.0
# Monthly (expected): $5.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $5.0
#
# 19. agentic-system-required (match score: 24.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 20. deploy-rolling (match score: 24.00)
# Adoption: $800.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 21. sec-auth-oauth2-oidc (match score: 23.00)
# Adoption: $3,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 22. crud-single-model (match score: 22.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 23. finops-cost-allocation-tags (match score: 21.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 24. release-feature-flags (match score: 19.00)
# Adoption: $2,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 25. api-versioning-header (match score: 16.00)
# Adoption: $1,200.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 26. obs-telemetry-backend (match score: 14.00)
# Adoption: $2,000.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $30.0
#
# 27. obs-open-telemetry-baseline (match score: 12.00)
# Adoption: $3,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $100.0
#
# 28. secrets-env-vars (match score: 11.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 29. finops-budget-guardrails (match score: 10.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 30. ops-runbooks (match score: 8.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 31. ops-slo-error-budgets (match score: 8.00)
# Adoption: $4,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $100.0
#
# 32. agentic-provenance-tracking (match score: 8.00)
# Adoption: $3,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 33. gov-system-manifest (match score: 7.00)
# Adoption: $4,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 34. iac-terraform (match score: 7.00)
# Adoption: $3,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 35. gov-adrs-mandatory (match score: 7.00)
# Adoption: $2,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# Total Monthly OpEx: $610.0
# Monthly operational ceiling: $500 ✗ FAIL
# ============================================================
# ============================================================
# ⚠️ Pattern Advisory Warnings
# (Patterns are still SELECTED — review these before finalizing)
# ============================================================
#
# [warning] warn_constraints:
# agentic-multi-agent-required: Spec hosts a multi-agent system on a workflow-automation platform. These platforms model linear/branching node graphs, not multi-agent orchestration — they lack structured inter-agent envelopes, parallel agent execution with aggregation, hierarchical orchestration, and shared agent state. Sequential 2-agent flows can be expressed as LLM-node chains; hierarchical/parallel/routing/hybrid topologies typically cannot. Consider hosting-agentic-container (any cloud) or a managed agent platform (hosting-agentic-managed-ai-platform--aws-bedrock-agentcore / vertex-agent-builder / azure-ai-foundry-agents).
#
# Suggestions:
# - agentic-multi-agent-required: Spec hosts a multi-agent system on a workflow-automation platform. These platforms model linear/branching node graphs, not multi-agent orchestration — they lack structured inter-agent envelopes, parallel agent execution with aggregation, hierarchical orchestration, and shared agent state. Sequential 2-agent flows can be expressed as LLM-node chains; hierarchical/parallel/routing/hybrid topologies typically cannot. Consider hosting-agentic-container (any cloud) or a managed agent platform (hosting-agentic-managed-ai-platform--aws-bedrock-agentcore / vertex-agent-builder / azure-ai-foundry-agents).
#
# ============================================================
Dify is the natural fit: open-source (Apache 2.0), dual-mode SaaS / self-host, native multi-agent via Agent Node + plug-in Agent Strategies. One-line change (highlighted). Expand the inline-spec disclosure below to see the spec at this stage.
constraints:
features:
agentic_system:
hosting: dify
project:
name: research-agentic
domain: knowledge-management
functional:
summary: 'Multi-agent research system. A coordinator decomposes user queries,
dispatches web-search and document-analysis workers in parallel,
and a synthesizer combines findings with provenance. Notify on Slack.
'
constraints:
cloud: agnostic
language: python
platform: api
features:
ai_inference: true
agentic_system:
hosting: dify
topology: hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents:
- agent: research-coordinator
archetype: orchestrator
purpose: Decompose research queries, dispatch workers, evaluate synthesis,
post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor
purpose: Analyze internal documents for query-relevant content; return findings
with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
disallowed-patterns:
- agentic-jumpstarter--anthropic
The diff: the n8n hosting pattern drops out, the Dify hosting pattern comes in. The workflow-automation warn clears. The cost-ceiling warn is still firing — that's the only "STILL FIRING" entry, addressed in step 7.
# ─── pattern SELECTION diff ─── - hosting-agentic-workflow-automation--n8n (no longer selected) — n8n workflow orchestration platform with AI Agent node and tool nodes. + hosting-agentic-managed-ai-platform--dify (newly selected) — Visual agent platform with native multi-agent orchestration via Agent Node + plug-in Agent Strategies; built-in RAG pipeline, 50+ tool integrations, model management, observability. # ─── warn / cost diff ─── # CLEARED since previous compile: [warning] warn_constraints: agentic-multi-agent-required: Spec hosts a multi-agent system on a workflow-automation platform. These platforms model linear/branching node # STILL FIRING: [high] cost_opex_exceeds_ceiling: Total monthly operational cost ($590) exceeds ceiling ($500) by $90 (intent: minimize-opex)
project:
name: research-agentic
domain: knowledge-management
functional:
summary: "Multi-agent research system. A coordinator decomposes user queries,\ndispatches web-search and document-analysis workers in parallel,\nand a synthesizer combines findings with provenance. Notify on Slack.\n"
constraints:
cloud: agnostic # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
language: python # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
platform: api # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
features:
ai_inference: true # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (11 more)
agentic_system: # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (12 more)
hosting: dify # hosting-agentic-managed-ai-platform--dify
topology: hierarchical # agentic-topology--hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents: # agentic-topology--hierarchical, agentic-multi-agent-required
- agent: research-coordinator
archetype: orchestrator # agentic-multi-pass-review
purpose: Decompose research queries, dispatch workers, evaluate synthesis, post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor # agentic-multi-pass-review, agentic-validation-retry-loop, agentic-tool-use-extraction
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor # agentic-multi-pass-review, agentic-validation-retry-loop, agentic-tool-use-extraction
purpose: Analyze internal documents for query-relevant content; return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis # agentic-provenance-tracking
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
disallowed-patterns:
- agentic-jumpstarter--anthropic
assumptions:
constraints:
saas-providers: []
disallowed-saas-providers: []
ai-inference-platforms: []
disallowed-ai-inference-platforms: []
model-vendors: []
disallowed-model-vendors: []
tenantCount: 1
features:
caching: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (18 more)
async_messaging: false # arch-serverless, agentic-output-safety-guardrail, obs-agentic-system, ... (19 more)
multi_tenancy: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
batch_processing: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (12 more)
distributed_transactions: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
real_time_streaming: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
vector_search: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
document_store: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (19 more)
key_value_store: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (19 more)
graph_database: false # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
time_series_db: false # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
oltp_workload: true # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
olap_workload: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
cold_archive_tiering: false
nfr:
availability:
target: 0.95 # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (12 more)
rpo_minutes: 60 # secrets-env-vars, finops-budget-guardrails
rto_minutes: 60 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (6 more)
latency:
p95Milliseconds: 500 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
p99Milliseconds: 1000 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
throughput:
peak_query_per_second_read: 5 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (2 more)
peak_query_per_second_write: 1 # arch-serverless, db-managed-postgres, arch-serverless-pay-per-use, ... (3 more)
data:
retention_days: 90
pii: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
compliance:
gdpr: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
gdpr_rtbf: false # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (1 more)
ccpa: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
hipaa: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
sox: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
consistency:
needsReadYourWrites: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (15 more)
durability:
strict: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
security:
auth: oauth2_oidc # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (15 more)
tenant_isolation: n/a # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
audit_logging: false # arch-serverless, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
agentic_system:
target:
prompt_injection_block_rate_min: 0.95 # agentic-input-safety-guardrail
output_safety_pass_rate_min: 0.99 # agentic-output-safety-guardrail, obs-agentic-system
pii_leak_rate_max: 0.01 # agentic-output-safety-guardrail
jailbreak_detection_rate_min: 0.9 # agentic-input-safety-guardrail
hallucination_rate_max: 0.1 # obs-agentic-system, agentic-multi-pass-review
toxic_output_rate_max: 0.005 # agentic-output-safety-guardrail
operating_model:
on_call: false
deploy_freq: weekly
ops_team_size: 0
single_resource_monthly_ops_usd: 10000
amortization_months: 24
cost:
intent:
priority: minimize-opex
ceilings:
monthly_operational_usd: 500
one_time_setup_usd: 1000
preferences:
prefer_free_tier_if_possible: true # db-managed-postgres, agentic-output-safety-guardrail, obs-agentic-system, ... (12 more)
prefer_saas_first: false
patterns:
meta:
agentic-multi-agent-required: {} # Meta-policy pattern that activates when an agentic system has 2 or more agents and enforces topology specification AND surfaces multi-agent-specific risk warnings.
agentic-system-required: {} # Meta-policy pattern that activates when agentic_system is enabled and enforces that the spec's agentic-system fields are correctly populated and reference valid platforms.
P0:
arch-serverless: # Structure the system as stateless, event-driven function handlers backed by managed services. No persistent servers — each function activates on demand, executes, and terminates. The architectural commitment is to build around events and cloud-managed primitives rather than long-running processes.
function_runtime_model: faas # Options: faas, container_functions, hybrid
cold_start_optimization: minimal # Options: minimal, provisioned_concurrency, keep_warm
state_management: external # Options: external, durable_functions, step_functions
event_sources: api_gateway # Options: api_gateway, event_bus, stream_processing, multi_trigger
observability_level: standard # Options: standard, enhanced, distributed_tracing
db-managed-postgres: # Use low-ops managed Postgres DBaaS providers (e.g., Supabase and managed cloud Postgres offerings) to reduce DB operations overhead; validate quotas, compliance, and scale limits.
provider: supabase # Options: supabase, neon, render, railway, digitalocean-app-platform
instance_size: small # Options: micro, small, medium, large
storage_gb: 8 # Range: 1-500
backup_retention_days: 7 # Range: 1-30
connection_pooling: true # Boolean
high_availability: false # Boolean
ssl_mode: require # Options: disable, allow, prefer, require, verify-ca, verify-full
arch-serverless-pay-per-use: # Eliminate idle infrastructure cost by running compute on a pay-per-execution billing model rather than paying for always-on instances. Well-suited to bursty or unpredictable workloads where provisioned servers would sit idle most of the time. This is a cost optimisation pattern, not an architectural style — it can apply to any workload that tolerates cold starts.
compute_type: function # Options: function, container
memory_size_mb: 1024 # Options: 128, 256, 512, 1024, 2048, 4096
timeout_seconds: 30 # Range: 3-900
cold_start_optimization: standard # Options: standard, provisioned, warm-pool
concurrency_model: auto # Options: auto, reserved, limited
agentic-topology--hierarchical: # Central coordinator/orchestrator agent dynamically decomposes tasks, delegates to specialized worker agents (extractors, analyzers, synthesizers), and combines results.
message_envelope_shape: structured_json # Options: structured_json, freeform_string, hybrid
response_envelope_shape: structured_json # Options: structured_json, freeform_string, hybrid
failure_policy_retry_max: 2 # Min: 0
failure_policy_retry_backoff: exponential # Options: exponential, linear, immediate, none
failure_policy_retry_initial_ms: 1000 # Min: 0
failure_policy_on_terminal_failure: surface_partial # Options: surface_partial, hard_fail, escalate_to_human
failure_policy_cancel_siblings_on_failure: false # Boolean
aggregation_strategy: concat_with_attribution # Options: sequential_pipe, concat_with_attribution, merge, last_wins, voting_quorum, judge_arbitration, none
agentic-session--stateless: {} # Each request is independent; the agent does not persist any conversation context between invocations.
agentic-model-vendor--anthropic: # Architectural pattern for systems whose models are built by Anthropic (the Claude family: Opus, Sonnet, Haiku).
enable_token_efficient_tool_use_beta: true # Boolean
prompt_caching_recommended_blocks: # Options: system_prompt, tool_definitions, long_context_documents, few_shot_examples
- system_prompt
- tool_definitions
- long_context_documents
agentic-inference--anthropic: # LLM inference via Anthropic's direct API (api.anthropic.com).
enable_token_efficient_tool_use_beta: true # Boolean
iac-terraform: # Manage infra declaratively with Terraform modules, state, and pipelines.
state_backend: s3 # Options: s3, terraform-cloud, azurerm, gcs, local
workspace_strategy: single # Options: single, per-environment, per-service
module_structure: monorepo # Options: monorepo, separate-repos, registry
ci_cd_integration: github-actions # Options: github-actions, gitlab-ci, terraform-cloud, atlantis, manual
drift_detection: false # Boolean
P1:
agentic-output-safety-guardrail: # Post-LLM scan of agent outputs before delivery to users or external systems.
detection_action: redact-and-continue # Options: redact-and-continue, block-and-explain, block-silent, human-review, regenerate
obs-agentic-system: # Production observability tailored for agentic systems. Adds agent-specific tracing (LLM call inputs/outputs, tool dispatch, step graph), cost attribution per archetype/tenant/task, token budget accounting, eval-metric streams, and agent lifecycle metrics. Composes on top of obs-open-telemetry-baseline. Selected unconditionally when agentic_system is declared.
log_full_prompts: false # Boolean
agentic-input-safety-guardrail: # Pre-flight inspection of user inputs and tool-returned content before they reach the agent's LLM.
fallback_on_guardrail_failure: fail-closed # Options: fail-open, fail-closed
block_action: reject-with-explanation # Options: reject-with-explanation, reject-silent, sanitize-and-continue, human-review
agentic-tool-scoped-credentials: # Each tool call uses a credential narrowly scoped to that tool's operation, not a shared agent-wide credential.
fail_action_on_credential_error: fail-closed # Options: fail-closed, fail-open, fallback-to-shared
agentic-multi-pass-review: # Architecture where one agent session generates output and a separate, independent session reviews it.
review_session_isolation: fully_independent # Options: fully_independent, shared_context_acceptable
api-rest-resource-oriented: # REST API designed around resources (nouns) manipulated via standard HTTP verbs (GET, POST, PUT, DELETE, PATCH). Resources are identified by stable URLs, responses are cacheable by default, and pagination/filtering are expressed as query parameters. Simpler tooling and stronger HTTP cache semantics than GraphQL; well-suited to public APIs and CRUD-heavy domains.
pagination_style: offset # Options: offset, cursor, page_number
max_page_size: 100 # Range: 10-1000
versioning_strategy: uri # Options: uri, header, query_param, none
filtering_style: query_params # Options: query_params, json_body, graphql_like
cache_strategy: etag # Options: etag, last_modified, cache_control, none
id_format: uuid # Options: uuid, integer, slug, composite
response_envelope: false # Boolean
agentic-validation-retry-loop: {} # Layered pattern that wraps any agent output with deterministic validation and retries with specific error feedback.
sync-request-reply-rest: # Synchronous HTTP APIs; simple integration; needs timeouts/retries/backpressure.
timeout_seconds: 30 # Range: 1-300
retry_strategy: exponential_backoff # Options: none, fixed_delay, exponential_backoff, exponential_backoff_jitter
max_retries: 3 # Range: 0-10
circuit_breaker_enabled: true # Boolean
rate_limiting_strategy: token_bucket # Options: none, token_bucket, leaky_bucket, fixed_window, sliding_window
idempotency_required: false # Boolean
agentic-tool-use-extraction: # Single-shot structured data extraction using the tool_use mechanism with a forced tool_choice.
composes:
layered_after:
- agentic-output-safety-guardrail
deploy-rolling: # Gradually replace instances; simplest for stateless services; requires backward-compatible changes.
batch_size: 25_percent # Options: 10_percent, 25_percent, 50_percent, one_at_a_time, all_at_once
health_check_grace_period: 30 # Range: 10-300
rollback_on_failure: true # Boolean
deployment_strategy: replace_one_by_one # Options: replace_one_by_one, rolling_batch, canary_first
max_unavailable: 0_percent # Options: 0_percent, 10_percent, 25_percent
composes:
layered_after:
- iac-terraform
sec-auth-oauth2-oidc: # Use OAuth2 flows with OIDC identity tokens; standardized claims; delegated auth support.
oauth_flow: authorization_code # Options: authorization_code, client_credentials, device_code, implicit
token_storage: secure_storage # Options: secure_storage, memory_only, encrypted_storage, httponly_cookie
pkce_enabled: true # Boolean
scope_strategy: minimal # Options: minimal, role_based, resource_specific
token_refresh: automatic # Options: automatic, manual, sliding_window
id_token_validation: strict # Options: strict, standard, relaxed
composes:
wraps:
- api-rest-resource-oriented
crud-single-model: # Simple CRUD on one canonical model; lowest complexity; best for straightforward domains.
api_style: rest # Options: rest, graphql, rpc
validation_strategy: server-side # Options: server-side, client-side, both
soft_delete: false # Boolean
audit_logging: false # Boolean
pagination_default_size: 20 # Range: 10-100
finops-cost-allocation-tags: # Tagging/labeling strategy for per-tenant/product cost allocation and chargeback/showback.
tagging_strategy: hierarchical # Options: hierarchical, flat, hybrid
enforcement_level: required # Options: required, recommended, optional
cost_allocation_model: showback # Options: chargeback, showback, hybrid
tag_inheritance: true # Boolean
automated_tagging: true # Boolean
release-feature-flags: # Decouple deploy from release; safer experiments; needs kill switches and governance.
flag_storage: config_file # Options: config_file, database, feature_flag_service, environment_variables
evaluation_strategy: simple_boolean # Options: simple_boolean, percentage_rollout, user_targeting, multi_variate
targeting_capability: none # Options: none, user_attributes, context_based, advanced_segments
kill_switch_enabled: true # Boolean
audit_logging: false # Boolean
hosting-agentic-managed-ai-platform--dify: # Visual agent platform with native multi-agent orchestration via Agent Node + plug-in Agent Strategies; built-in RAG pipeline, 50+ tool integrations, model management, observability.
deployment_mode: cloud_managed # Options: cloud_managed, self_host_docker, self_host_kubernetes
obs-telemetry-backend: # Self-hosted observability backend combining Prometheus (metrics storage and alerting), Grafana (dashboards), and Loki (structured log aggregation). Provides the storage and query layer for traces, metrics, and logs; consumed by instrumentation and monitoring strategy patterns. Preferred when data residency, cost control, or customization requirements preclude a managed SaaS observability backend.
metrics_retention_days: 15 # Options: 7, 15, 30, 90, 365
log_retention_days: 7 # Options: 1, 3, 7, 14, 30
backend_ha: false # Boolean
obs-open-telemetry-baseline: # Standardize traces/metrics/log correlation via OpenTelemetry; export to vendor or OSS backends.
export_backend: otlp # Options: otlp, jaeger, zipkin, prometheus, datadog, newrelic, honeycomb
trace_sampling_strategy: parent-based # Options: always-on, always-off, parent-based, trace-id-ratio
trace_sampling_rate: 1.0 # Range: 0.0-1.0
metrics_export_interval: 60 # Range: 10-300
log_correlation: true # Boolean
resource_detection: true # Boolean
propagation_format: w3c-tracecontext # Options: w3c-tracecontext, b3, jaeger, multi
composes:
co_runs_with:
- api-rest-resource-oriented
secrets-env-vars: # Inject secrets as env vars; simple but risk of exposure; requires strict process controls.
injection_method: runtime # Options: runtime, build-time, container-startup
secret_rotation_support: false # Boolean
prefix_convention: APP_SECRET_ # Options: APP_SECRET_, SECRET_, SENSITIVE_, none
validation_on_startup: true # Boolean
finops-budget-guardrails: # Implement budgets, alerts, tagging, and policy-as-code guardrails to enforce cost ceilings and prevent runaway spend.
budget_period: monthly # Options: monthly, quarterly, annual
alert_thresholds:
- 50
- 80
- 100
enforcement_action: alert # Options: alert, prevent, throttle
tagging_strategy: mandatory # Options: mandatory, recommended, optional
policy_enforcement: soft # Options: soft, hard, audit
cost_allocation_level: project # Options: project, team, environment, service
ops-slo-error-budgets: # Define SLOs and error budgets to balance reliability and velocity.
slo_target_percentage: 99.9 # Range: 90-99.999
measurement_window_days: 30 # Options: 7, 28, 30, 90
error_budget_policy: halt-deployments # Options: halt-deployments, alert-only, slow-rollouts, require-approval
sli_type: availability # Options: availability, latency, throughput, correctness, composite
alerting_threshold_percentage: 80 # Range: 50-100
agentic-provenance-tracking: {} # Architectural pattern for synthesis agents that combine findings from multiple sources into a unified output.
P2:
api-versioning-header: # Version via headers/media types; keeps URLs stable; harder to debug and cache.
version_header_name: API-Version # Options: API-Version, X-API-Version, Accept-Version, Custom-Header
version_format: date-based # Options: semantic, date-based, sequential
fallback_behavior: latest-stable # Options: latest-stable, oldest-supported, reject-request
content_negotiation: false # Boolean
deprecation_policy: warning-header # Options: sunset-header, warning-header, both
gov-system-manifest: # Pin and govern the inventory of components (agent-tools, agent-skills, agent-models, agent-prompts, services, data sources, external dependencies) the system depends on at a declared manifest path; CI validates on every PR and drift between manifest and built system fails the build.
manifest_path: docs/architecture/manifest.yaml
manifest_format: yaml # Options: yaml, toml, json
manifest_scope: # Options: agent-tools, agent-skills, agent-models, agent-prompts, data_sources, services, external_dependencies
- agent-tools
- agent-skills
- agent-models
- agent-prompts
pin_versions: true # Boolean
ci_validation: required # Options: required, optional, off
drift_policy: fail-build # Options: fail-build, warn-only, off
composes:
layered_after:
- iac-terraform
co_runs_with:
- release-feature-flags
- gov-adrs-mandatory
- ops-runbooks
P3:
ops-runbooks: # Standard runbooks for incidents and routine ops; reduces MTTR and on-call stress.
runbook_format: markdown # Options: markdown, wiki, structured_yaml, ticketing_system
incident_severity_levels: 4 # Options: 3, 4, 5
escalation_policy: tiered # Options: tiered, follow_the_sun, flat, hybrid
automation_integration: manual # Options: manual, semi_automated, fully_automated
review_frequency: quarterly # Options: monthly, quarterly, biannual, post_incident
gov-adrs-mandatory: # Record architecture decisions and tradeoffs; improves continuity; keep lightweight.
adr_format: madr # Options: madr, nygard, y-statements, custom
storage_location: docs/adrs # Options: docs/adrs, docs/architecture/decisions, adr, wiki
decision_threshold: significant # Options: all, significant, strategic-only
review_requirement: peer-review # Options: peer-review, architect-approval, team-consensus, none
# ============================================================
# Cost Feasibility Analysis (Summary)
# ============================================================
#
# Intent: minimize-opex
# Amortization: 24 months
# Total Patterns Selected: 35
#
# COST BREAKDOWN:
# ────────────────────────────────────────────────────────────
# Total CapEx (one-time): $ 80,450
# Pattern OpEx (monthly): $ 590
# Ops Team Cost (monthly): $ 0
# Total OpEx (monthly): $ 590
# Total TCO (24mo): $ 94,610
#
# COST CEILINGS:
# ────────────────────────────────────────────────────────────
# CapEx Ceiling: $ 1,000 ✗ FAIL
# OpEx Ceiling (monthly): $ 500 ✗ FAIL
#
# ⚠️ WARNINGS:
# ────────────────────────────────────────────────────────────
# [high] cost_opex_exceeds_ceiling:
# Total monthly operational cost ($590) exceeds ceiling ($500) by $90 (intent: minimize-opex)
#
# Suggestions:
# - Increase monthly ceiling to $590 or more
# - Remove high-cost patterns: ops-slo-error-budgets, agentic-topology--hierarchical, obs-agentic-system
# - Reduce ops_team_size from 0
#
# ============================================================
# ============================================================
# Cost Feasibility Analysis (Details)
# ============================================================
#
# Intent: minimize-opex
# Amortization: 24 months
#
# Ops team size: 0 engineers (no ops cost)
#
# Ops Team Cost Algorithm (for reference):
# Formula: ops_team_size × single_resource_monthly_ops_usd × on_call_multiplier × deploy_freq_multiplier
# Based on:
# - Google SRE Handbook (2016): On-call burden = 25-50% FTE overhead
# - DORA State of DevOps (2021): Deploy frequency impact on ops overhead
#
# Calculating costs for 35 selected patterns:
#
# PER-PATTERN COSTS:
# ────────────────────────────────────────────────────────────
#
# 1. arch-serverless (match score: 34.00)
# Adoption: $3,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 2. db-managed-postgres (match score: 32.00)
# Adoption: $1,200.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 3. agentic-output-safety-guardrail (match score: 31.00)
# Adoption: $1,800.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $30.0
#
# 4. obs-agentic-system (match score: 31.00)
# Adoption: $4,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $100.0
#
# 5. agentic-input-safety-guardrail (match score: 30.00)
# Adoption: $1,800.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $30.0
#
# 6. agentic-tool-scoped-credentials (match score: 28.00)
# Adoption: $3,000.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $30.0
#
# 7. arch-serverless-pay-per-use (match score: 28.00)
# Adoption: $1,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 8. agentic-multi-pass-review (match score: 26.00)
# Adoption: $5,000.0
# Monthly (min): $50.0
# Monthly (expected): $50.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $50.0
#
# 9. agentic-topology--hierarchical (match score: 26.00)
# Adoption: $8,000.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $100.0
#
# 10. api-rest-resource-oriented (match score: 25.00)
# Adoption: $750.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 11. agentic-validation-retry-loop (match score: 25.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 12. sync-request-reply-rest (match score: 25.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 13. agentic-session--stateless (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $10.0
# Monthly (expected): $10.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $10.0
#
# 14. agentic-multi-agent-required (match score: 25.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 15. agentic-model-vendor--anthropic (match score: 25.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 16. agentic-inference--anthropic (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $5.0
# Monthly (expected): $5.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $5.0
#
# 17. agentic-tool-use-extraction (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $5.0
# Monthly (expected): $5.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $5.0
#
# 18. agentic-system-required (match score: 24.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 19. deploy-rolling (match score: 24.00)
# Adoption: $800.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 20. sec-auth-oauth2-oidc (match score: 23.00)
# Adoption: $3,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 21. crud-single-model (match score: 22.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 22. finops-cost-allocation-tags (match score: 21.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 23. release-feature-flags (match score: 19.00)
# Adoption: $2,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 24. api-versioning-header (match score: 16.00)
# Adoption: $1,200.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 25. hosting-agentic-managed-ai-platform--dify (match score: 15.00)
# Adoption: $4,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 26. obs-telemetry-backend (match score: 14.00)
# Adoption: $2,000.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $30.0
#
# 27. obs-open-telemetry-baseline (match score: 12.00)
# Adoption: $3,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $100.0
#
# 28. secrets-env-vars (match score: 11.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 29. finops-budget-guardrails (match score: 10.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 30. ops-runbooks (match score: 8.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 31. ops-slo-error-budgets (match score: 8.00)
# Adoption: $4,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $100.0
#
# 32. agentic-provenance-tracking (match score: 8.00)
# Adoption: $3,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 33. gov-system-manifest (match score: 7.00)
# Adoption: $4,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 34. iac-terraform (match score: 7.00)
# Adoption: $3,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# 35. gov-adrs-mandatory (match score: 7.00)
# Adoption: $2,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# Monthly OpEx: $0.0
#
# Total Monthly OpEx: $590.0
# Monthly operational ceiling: $500 ✗ FAIL
# ============================================================
The author replaces the assumed minimize-opex with
explicit optimize-tco, declares 1 dedicated ops
engineer at $14k/mo loaded, and sets ceilings that fit the team's
actual budget ($20k/mo OpEx, $175k one-time CapEx). Every field
flipped from assumed → explicit is highlighted. Expand the
inline-spec disclosure below to see the spec at this stage.
cost: intent: priority: optimize-tco ceilings: monthly_operational_usd: 20000 one_time_setup_usd: 175000 operating_model: ops_team_size: 1 single_resource_monthly_ops_usd: 14000 on_call: true deploy_freq: daily amortization_months: 24
project:
name: research-agentic
domain: knowledge-management
functional:
summary: 'Multi-agent research system. A coordinator decomposes user queries,
dispatches web-search and document-analysis workers in parallel,
and a synthesizer combines findings with provenance. Notify on Slack.
'
constraints:
cloud: agnostic
language: python
platform: api
features:
ai_inference: true
agentic_system:
hosting: dify
topology: hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents:
- agent: research-coordinator
archetype: orchestrator
purpose: Decompose research queries, dispatch workers, evaluate synthesis,
post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor
purpose: Analyze internal documents for query-relevant content; return findings
with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
disallowed-patterns:
- agentic-jumpstarter--anthropic
cost:
intent:
priority: optimize-tco
ceilings:
monthly_operational_usd: 20000
one_time_setup_usd: 175000
operating_model:
ops_team_size: 1
single_resource_monthly_ops_usd: 14000
on_call: true
deploy_freq: daily
amortization_months: 24
All warns cleared. Both cost ceilings PASS. The verbose mode
displays each pattern under its priority bucket
(meta / P0 / P1 / P2 / P3) with the full per-pattern
defaultConfig values AND the alternative options on
each line (e.g., scaling_strategy: horizontal # Options:
horizontal, vertical, hybrid). The author scans not just
the assumed values but the bucket placements — for example,
obs-agentic-system sits at P1 by registry default
(a generic recommendation), but for production research-automation
where prompt injection, tool-misuse, and silent agent drift are
first-class risks, the team treats it as load-bearing. Step 9
promotes it from P1 to P0.
Many patterns also carry a composes entry — the
compiler's inlined relationship graph. The diagram below
visualises the full graph for this compile: which patterns
layer after which (build/deploy order), which
wrap others (request-time concerns), which co-run
(runtime siblings), and which dispatch to others (handoff
edges). The implementing-architecture skill walks this graph to
sequence scaffolding and runtime wiring — so the same compiler
output that approves the architecture also tells the next agent
where to start.
# ─── what the compiler FILLED IN as assumptions ───
assumptions:
constraints:
tenantCount: 1
features:
caching: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (19 more)
async_messaging: false # arch-monolith, agentic-output-safety-guardrail, obs-agentic-system, ... (20 more)
multi_tenancy: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
batch_processing: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (13 more)
distributed_transactions: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
real_time_streaming: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
vector_search: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
document_store: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
key_value_store: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
graph_database: false # arch-monolith, db-managed-postgres, platform-kubernetes, ... (7 more)
time_series_db: false # arch-monolith, db-managed-postgres, platform-kubernetes, ... (7 more)
oltp_workload: true # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
olap_workload: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
cold_archive_tiering: false
nfr:
rpo_minutes: 60 # arch-monolith, platform-no-mesh, secrets-env-vars, ... (1 more)
rto_minutes: 60 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (7 more)
latency:
p95Milliseconds: 500 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (3 more)
p99Milliseconds: 1000 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (3 more)
throughput:
peak_query_per_second_read: 5 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (3 more)
peak_query_per_second_write: 1 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (4 more)
data:
retention_days: 90
pii: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
compliance:
consistency:
needsReadYourWrites: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (15 more)
durability:
strict: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
security:
auth: oauth2_oidc # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (15 more)
tenant_isolation: n/a # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
audit_logging: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
cost:
# ─── pattern SELECTION with per-pattern config + alternatives ───
# Each line under a pattern shows the value the compiler ASSUMED.
# The `# Options: …` annotation lists alternatives you can override
# by setting `patterns.<pid>.<field>` in the spec (see next step).
patterns:
meta:
agentic-multi-agent-required: {} # Meta-policy pattern that activates when an agentic system has 2 or more agents and enforces topology specification AND surfaces multi-agent-specific risk warnings.
agentic-system-required: {} # Meta-policy pattern that activates when agentic_system is enabled and enforces that the spec's agentic-system fields are correctly populated and reference valid platforms.
P0:
arch-monolith: # Single deployable unit; simplest operational model; scale with replicas behind a load balancer.
scaling_strategy: horizontal # Options: horizontal, vertical, hybrid
load_balancer_type: layer7 # Options: layer4, layer7, dns
session_management: stateless # Options: stateless, sticky-sessions, shared-state
deployment_strategy: rolling # Options: rolling, blue-green, canary, recreate
db-managed-postgres: # Use low-ops managed Postgres DBaaS providers (e.g., Supabase and managed cloud Postgres offerings) to reduce DB operations overhead; validate quotas, compliance, and scale limits.
provider: supabase # Options: supabase, neon, render, railway, digitalocean-app-platform
instance_size: small # Options: micro, small, medium, large
storage_gb: 8 # Range: 1-500
backup_retention_days: 7 # Range: 1-30
connection_pooling: true # Boolean
high_availability: false # Boolean
ssl_mode: require # Options: disable, allow, prefer, require, verify-ca, verify-full
platform-kubernetes: # Standardize on Kubernetes; namespaces/operators; standardized ingress/service patterns.
namespace_strategy: per-environment # Options: per-environment, per-team, per-application, monolithic
ingress_controller: nginx # Options: nginx, traefik, istio, ambassador, contour
service_mesh: none # Options: none, istio, linkerd, consul
operator_framework: native # Options: native, operator-sdk, kubebuilder, helm-operator
autoscaling: hpa # Options: hpa, vpa, keda, hpa-vpa-combined
network_policy: disabled # Options: disabled, default-deny, namespace-isolation, zero-trust
agentic-topology--hierarchical: # Central coordinator/orchestrator agent dynamically decomposes tasks, delegates to specialized worker agents (extractors, analyzers, synthesizers), and combines results.
message_envelope_shape: structured_json # Options: structured_json, freeform_string, hybrid
response_envelope_shape: structured_json # Options: structured_json, freeform_string, hybrid
failure_policy_retry_max: 2 # Min: 0
failure_policy_retry_backoff: exponential # Options: exponential, linear, immediate, none
failure_policy_retry_initial_ms: 1000 # Min: 0
failure_policy_on_terminal_failure: surface_partial # Options: surface_partial, hard_fail, escalate_to_human
failure_policy_cancel_siblings_on_failure: false # Boolean
aggregation_strategy: concat_with_attribution # Options: sequential_pipe, concat_with_attribution, merge, last_wins, voting_quorum, judge_arbitration, none
platform-no-mesh: # Use ingress/API gateway and client libraries; lower complexity; fewer advanced traffic controls.
gateway_type: api_gateway # Options: api_gateway, ingress_controller, load_balancer
client_library_approach: rest_http # Options: rest_http, grpc, graphql
load_balancing: gateway_level # Options: gateway_level, dns_round_robin, client_side
observability_strategy: application_level # Options: application_level, gateway_only, hybrid
agentic-session--stateless: {} # Each request is independent; the agent does not persist any conversation context between invocations.
agentic-model-vendor--anthropic: # Architectural pattern for systems whose models are built by Anthropic (the Claude family: Opus, Sonnet, Haiku).
enable_token_efficient_tool_use_beta: true # Boolean
prompt_caching_recommended_blocks: # Options: system_prompt, tool_definitions, long_context_documents, few_shot_examples
- system_prompt
- tool_definitions
- long_context_documents
agentic-inference--anthropic: # LLM inference via Anthropic's direct API (api.anthropic.com).
enable_token_efficient_tool_use_beta: true # Boolean
iac-terraform: # Manage infra declaratively with Terraform modules, state, and pipelines.
state_backend: s3 # Options: s3, terraform-cloud, azurerm, gcs, local
workspace_strategy: single # Options: single, per-environment, per-service
module_structure: monorepo # Options: monorepo, separate-repos, registry
ci_cd_integration: github-actions # Options: github-actions, gitlab-ci, terraform-cloud, atlantis, manual
drift_detection: false # Boolean
P1:
agentic-output-safety-guardrail: # Post-LLM scan of agent outputs before delivery to users or external systems.
detection_action: redact-and-continue # Options: redact-and-continue, block-and-explain, block-silent, human-review, regenerate
obs-agentic-system: # Production observability tailored for agentic systems. Adds agent-specific tracing (LLM call inputs/outputs, tool dispatch, step graph), cost attribution per archetype/tenant/task, token budget accounting, eval-metric streams, and agent lifecycle metrics. Composes on top of obs-open-telemetry-baseline. Selected unconditionally when agentic_system is declared.
log_full_prompts: false # Boolean
agentic-input-safety-guardrail: # Pre-flight inspection of user inputs and tool-returned content before they reach the agent's LLM.
fallback_on_guardrail_failure: fail-closed # Options: fail-open, fail-closed
block_action: reject-with-explanation # Options: reject-with-explanation, reject-silent, sanitize-and-continue, human-review
agentic-tool-scoped-credentials: # Each tool call uses a credential narrowly scoped to that tool's operation, not a shared agent-wide credential.
fail_action_on_credential_error: fail-closed # Options: fail-closed, fail-open, fallback-to-shared
agentic-multi-pass-review: # Architecture where one agent session generates output and a separate, independent session reviews it.
review_session_isolation: fully_independent # Options: fully_independent, shared_context_acceptable
api-rest-resource-oriented: # REST API designed around resources (nouns) manipulated via standard HTTP verbs (GET, POST, PUT, DELETE, PATCH). Resources are identified by stable URLs, responses are cacheable by default, and pagination/filtering are expressed as query parameters. Simpler tooling and stronger HTTP cache semantics than GraphQL; well-suited to public APIs and CRUD-heavy domains.
pagination_style: offset # Options: offset, cursor, page_number
max_page_size: 100 # Range: 10-1000
versioning_strategy: uri # Options: uri, header, query_param, none
filtering_style: query_params # Options: query_params, json_body, graphql_like
cache_strategy: etag # Options: etag, last_modified, cache_control, none
id_format: uuid # Options: uuid, integer, slug, composite
response_envelope: false # Boolean
agentic-validation-retry-loop: {} # Layered pattern that wraps any agent output with deterministic validation and retries with specific error feedback.
sync-request-reply-rest: # Synchronous HTTP APIs; simple integration; needs timeouts/retries/backpressure.
timeout_seconds: 30 # Range: 1-300
retry_strategy: exponential_backoff # Options: none, fixed_delay, exponential_backoff, exponential_backoff_jitter
max_retries: 3 # Range: 0-10
circuit_breaker_enabled: true # Boolean
rate_limiting_strategy: token_bucket # Options: none, token_bucket, leaky_bucket, fixed_window, sliding_window
idempotency_required: false # Boolean
agentic-tool-use-extraction: # Single-shot structured data extraction using the tool_use mechanism with a forced tool_choice.
composes:
layered_after:
- agentic-output-safety-guardrail
deploy-rolling: # Gradually replace instances; simplest for stateless services; requires backward-compatible changes.
batch_size: 25_percent # Options: 10_percent, 25_percent, 50_percent, one_at_a_time, all_at_once
health_check_grace_period: 30 # Range: 10-300
rollback_on_failure: true # Boolean
deployment_strategy: replace_one_by_one # Options: replace_one_by_one, rolling_batch, canary_first
max_unavailable: 0_percent # Options: 0_percent, 10_percent, 25_percent
composes:
layered_after:
- iac-terraform
sec-auth-oauth2-oidc: # Use OAuth2 flows with OIDC identity tokens; standardized claims; delegated auth support.
oauth_flow: authorization_code # Options: authorization_code, client_credentials, device_code, implicit
token_storage: secure_storage # Options: secure_storage, memory_only, encrypted_storage, httponly_cookie
pkce_enabled: true # Boolean
scope_strategy: minimal # Options: minimal, role_based, resource_specific
token_refresh: automatic # Options: automatic, manual, sliding_window
id_token_validation: strict # Options: strict, standard, relaxed
composes:
wraps:
- api-rest-resource-oriented
crud-single-model: # Simple CRUD on one canonical model; lowest complexity; best for straightforward domains.
api_style: rest # Options: rest, graphql, rpc
validation_strategy: server-side # Options: server-side, client-side, both
soft_delete: false # Boolean
audit_logging: false # Boolean
pagination_default_size: 20 # Range: 10-100
finops-cost-allocation-tags: # Tagging/labeling strategy for per-tenant/product cost allocation and chargeback/showback.
tagging_strategy: hierarchical # Options: hierarchical, flat, hybrid
enforcement_level: required # Options: required, recommended, optional
cost_allocation_model: showback # Options: chargeback, showback, hybrid
tag_inheritance: true # Boolean
automated_tagging: true # Boolean
release-feature-flags: # Decouple deploy from release; safer experiments; needs kill switches and governance.
flag_storage: config_file # Options: config_file, database, feature_flag_service, environment_variables
evaluation_strategy: simple_boolean # Options: simple_boolean, percentage_rollout, user_targeting, multi_variate
targeting_capability: none # Options: none, user_attributes, context_based, advanced_segments
kill_switch_enabled: true # Boolean
audit_logging: false # Boolean
hosting-agentic-managed-ai-platform--dify: # Visual agent platform with native multi-agent orchestration via Agent Node + plug-in Agent Strategies; built-in RAG pipeline, 50+ tool integrations, model management, observability.
deployment_mode: cloud_managed # Options: cloud_managed, self_host_docker, self_host_kubernetes
obs-telemetry-backend: # Self-hosted observability backend combining Prometheus (metrics storage and alerting), Grafana (dashboards), and Loki (structured log aggregation). Provides the storage and query layer for traces, metrics, and logs; consumed by instrumentation and monitoring strategy patterns. Preferred when data residency, cost control, or customization requirements preclude a managed SaaS observability backend.
metrics_retention_days: 15 # Options: 7, 15, 30, 90, 365
log_retention_days: 7 # Options: 1, 3, 7, 14, 30
backend_ha: false # Boolean
obs-open-telemetry-baseline: # Standardize traces/metrics/log correlation via OpenTelemetry; export to vendor or OSS backends.
export_backend: otlp # Options: otlp, jaeger, zipkin, prometheus, datadog, newrelic, honeycomb
trace_sampling_strategy: parent-based # Options: always-on, always-off, parent-based, trace-id-ratio
trace_sampling_rate: 1.0 # Range: 0.0-1.0
metrics_export_interval: 60 # Range: 10-300
log_correlation: true # Boolean
resource_detection: true # Boolean
propagation_format: w3c-tracecontext # Options: w3c-tracecontext, b3, jaeger, multi
composes:
co_runs_with:
- api-rest-resource-oriented
secrets-env-vars: # Inject secrets as env vars; simple but risk of exposure; requires strict process controls.
injection_method: runtime # Options: runtime, build-time, container-startup
secret_rotation_support: false # Boolean
prefix_convention: APP_SECRET_ # Options: APP_SECRET_, SECRET_, SENSITIVE_, none
validation_on_startup: true # Boolean
finops-budget-guardrails: # Implement budgets, alerts, tagging, and policy-as-code guardrails to enforce cost ceilings and prevent runaway spend.
budget_period: monthly # Options: monthly, quarterly, annual
alert_thresholds:
- 50
- 80
- 100
enforcement_action: alert # Options: alert, prevent, throttle
tagging_strategy: mandatory # Options: mandatory, recommended, optional
policy_enforcement: soft # Options: soft, hard, audit
cost_allocation_level: project # Options: project, team, environment, service
ops-slo-error-budgets: # Define SLOs and error budgets to balance reliability and velocity.
slo_target_percentage: 99.9 # Range: 90-99.999
measurement_window_days: 30 # Options: 7, 28, 30, 90
error_budget_policy: halt-deployments # Options: halt-deployments, alert-only, slow-rollouts, require-approval
sli_type: availability # Options: availability, latency, throughput, correctness, composite
alerting_threshold_percentage: 80 # Range: 50-100
agentic-provenance-tracking: {} # Architectural pattern for synthesis agents that combine findings from multiple sources into a unified output.
P2:
api-versioning-header: # Version via headers/media types; keeps URLs stable; harder to debug and cache.
version_header_name: API-Version # Options: API-Version, X-API-Version, Accept-Version, Custom-Header
version_format: date-based # Options: semantic, date-based, sequential
fallback_behavior: latest-stable # Options: latest-stable, oldest-supported, reject-request
content_negotiation: false # Boolean
deprecation_policy: warning-header # Options: sunset-header, warning-header, both
gov-system-manifest: # Pin and govern the inventory of components (agent-tools, agent-skills, agent-models, agent-prompts, services, data sources, external dependencies) the system depends on at a declared manifest path; CI validates on every PR and drift between manifest and built system fails the build.
manifest_path: docs/architecture/manifest.yaml
manifest_format: yaml # Options: yaml, toml, json
manifest_scope: # Options: agent-tools, agent-skills, agent-models, agent-prompts, data_sources, services, external_dependencies
- agent-tools
- agent-skills
- agent-models
- agent-prompts
pin_versions: true # Boolean
ci_validation: required # Options: required, optional, off
drift_policy: fail-build # Options: fail-build, warn-only, off
composes:
layered_after:
- iac-terraform
co_runs_with:
- release-feature-flags
- gov-adrs-mandatory
- ops-runbooks
P3:
ops-runbooks: # Standard runbooks for incidents and routine ops; reduces MTTR and on-call stress.
runbook_format: markdown # Options: markdown, wiki, structured_yaml, ticketing_system
incident_severity_levels: 4 # Options: 3, 4, 5
escalation_policy: tiered # Options: tiered, follow_the_sun, flat, hybrid
automation_integration: manual # Options: manual, semi_automated, fully_automated
review_frequency: quarterly # Options: monthly, quarterly, biannual, post_incident
gov-adrs-mandatory: # Record architecture decisions and tradeoffs; improves continuity; keep lightweight.
adr_format: madr # Options: madr, nygard, y-statements, custom
storage_location: docs/adrs # Options: docs/adrs, docs/architecture/decisions, adr, wiki
decision_threshold: significant # Options: all, significant, strategic-only
review_requirement: peer-review # Options: peer-review, architect-approval, team-consensus, none
# ─── warns and cost feasibility ───
# ============================================================
# Cost Feasibility Analysis (Summary)
# ============================================================
#
# Intent: optimize-tco
# Amortization: 24 months
# Total Patterns Selected: 36
#
# COST BREAKDOWN:
# ────────────────────────────────────────────────────────────
# Total CapEx (one-time): $ 85,450
# Pattern OpEx (monthly): $ 1,040
# Ops Team Cost (monthly): $ 12,600 (1 × $14,000)
# Total OpEx (monthly): $ 13,640
# Total TCO (24mo): $ 412,810
#
# COST CEILINGS:
# ────────────────────────────────────────────────────────────
# CapEx Ceiling: $ 175,000 ✓ PASS
# OpEx Ceiling (monthly): $ 20,000 ✓ PASS
#
# ============================================================
project:
name: research-agentic
domain: knowledge-management
functional:
summary: "Multi-agent research system. A coordinator decomposes user queries,\ndispatches web-search and document-analysis workers in parallel,\nand a synthesizer combines findings with provenance. Notify on Slack.\n"
constraints:
cloud: agnostic # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
language: python # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
platform: api # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
features:
ai_inference: true # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (12 more)
agentic_system: # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (12 more)
hosting: dify # hosting-agentic-managed-ai-platform--dify
topology: hierarchical # agentic-topology--hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents: # agentic-topology--hierarchical, agentic-multi-agent-required
- agent: research-coordinator
archetype: orchestrator # agentic-multi-pass-review
purpose: Decompose research queries, dispatch workers, evaluate synthesis, post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor # agentic-multi-pass-review, agentic-validation-retry-loop, agentic-tool-use-extraction
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor # agentic-multi-pass-review, agentic-validation-retry-loop, agentic-tool-use-extraction
purpose: Analyze internal documents for query-relevant content; return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis # agentic-provenance-tracking
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless # agentic-session--stateless
models:
- role: primary
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic # agentic-inference--anthropic
model_owner: anthropic # agentic-model-vendor--anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
disallowed-patterns:
- agentic-jumpstarter--anthropic
cost:
intent:
priority: optimize-tco
ceilings:
monthly_operational_usd: 20000
one_time_setup_usd: 175000
operating_model:
ops_team_size: 1
single_resource_monthly_ops_usd: 14000
on_call: true
deploy_freq: daily
amortization_months: 24
assumptions:
constraints:
saas-providers: []
disallowed-saas-providers: []
ai-inference-platforms: []
disallowed-ai-inference-platforms: []
model-vendors: []
disallowed-model-vendors: []
tenantCount: 1
features:
caching: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (19 more)
async_messaging: false # arch-monolith, agentic-output-safety-guardrail, obs-agentic-system, ... (20 more)
multi_tenancy: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
batch_processing: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (13 more)
distributed_transactions: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
real_time_streaming: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
vector_search: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (22 more)
document_store: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
key_value_store: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (20 more)
graph_database: false # arch-monolith, db-managed-postgres, platform-kubernetes, ... (7 more)
time_series_db: false # arch-monolith, db-managed-postgres, platform-kubernetes, ... (7 more)
oltp_workload: true # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
olap_workload: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
cold_archive_tiering: false
nfr:
availability:
target: 0.95 # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (13 more)
rpo_minutes: 60 # arch-monolith, platform-no-mesh, secrets-env-vars, ... (1 more)
rto_minutes: 60 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (7 more)
latency:
p95Milliseconds: 500 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (3 more)
p99Milliseconds: 1000 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (3 more)
throughput:
peak_query_per_second_read: 5 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (3 more)
peak_query_per_second_write: 1 # arch-monolith, db-managed-postgres, platform-kubernetes, ... (4 more)
data:
retention_days: 90
pii: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
compliance:
gdpr: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (32 more)
gdpr_rtbf: false # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (1 more)
ccpa: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (31 more)
hipaa: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (33 more)
sox: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (33 more)
consistency:
needsReadYourWrites: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (15 more)
durability:
strict: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
security:
auth: oauth2_oidc # agentic-output-safety-guardrail, obs-agentic-system, agentic-input-safety-guardrail, ... (15 more)
tenant_isolation: n/a # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (14 more)
audit_logging: false # arch-monolith, db-managed-postgres, agentic-output-safety-guardrail, ... (21 more)
agentic_system:
target:
prompt_injection_block_rate_min: 0.95 # agentic-input-safety-guardrail
output_safety_pass_rate_min: 0.99 # agentic-output-safety-guardrail, obs-agentic-system
pii_leak_rate_max: 0.01 # agentic-output-safety-guardrail
jailbreak_detection_rate_min: 0.9 # agentic-input-safety-guardrail
hallucination_rate_max: 0.1 # obs-agentic-system, agentic-multi-pass-review
toxic_output_rate_max: 0.005 # agentic-output-safety-guardrail
cost:
preferences:
prefer_free_tier_if_possible: true # db-managed-postgres, agentic-output-safety-guardrail, obs-agentic-system, ... (11 more)
prefer_saas_first: false
patterns:
meta:
agentic-multi-agent-required: {} # Meta-policy pattern that activates when an agentic system has 2 or more agents and enforces topology specification AND surfaces multi-agent-specific risk warnings.
agentic-system-required: {} # Meta-policy pattern that activates when agentic_system is enabled and enforces that the spec's agentic-system fields are correctly populated and reference valid platforms.
P0:
arch-monolith: # Single deployable unit; simplest operational model; scale with replicas behind a load balancer.
scaling_strategy: horizontal # Options: horizontal, vertical, hybrid
load_balancer_type: layer7 # Options: layer4, layer7, dns
session_management: stateless # Options: stateless, sticky-sessions, shared-state
deployment_strategy: rolling # Options: rolling, blue-green, canary, recreate
db-managed-postgres: # Use low-ops managed Postgres DBaaS providers (e.g., Supabase and managed cloud Postgres offerings) to reduce DB operations overhead; validate quotas, compliance, and scale limits.
provider: supabase # Options: supabase, neon, render, railway, digitalocean-app-platform
instance_size: small # Options: micro, small, medium, large
storage_gb: 8 # Range: 1-500
backup_retention_days: 7 # Range: 1-30
connection_pooling: true # Boolean
high_availability: false # Boolean
ssl_mode: require # Options: disable, allow, prefer, require, verify-ca, verify-full
platform-kubernetes: # Standardize on Kubernetes; namespaces/operators; standardized ingress/service patterns.
namespace_strategy: per-environment # Options: per-environment, per-team, per-application, monolithic
ingress_controller: nginx # Options: nginx, traefik, istio, ambassador, contour
service_mesh: none # Options: none, istio, linkerd, consul
operator_framework: native # Options: native, operator-sdk, kubebuilder, helm-operator
autoscaling: hpa # Options: hpa, vpa, keda, hpa-vpa-combined
network_policy: disabled # Options: disabled, default-deny, namespace-isolation, zero-trust
agentic-topology--hierarchical: # Central coordinator/orchestrator agent dynamically decomposes tasks, delegates to specialized worker agents (extractors, analyzers, synthesizers), and combines results.
message_envelope_shape: structured_json # Options: structured_json, freeform_string, hybrid
response_envelope_shape: structured_json # Options: structured_json, freeform_string, hybrid
failure_policy_retry_max: 2 # Min: 0
failure_policy_retry_backoff: exponential # Options: exponential, linear, immediate, none
failure_policy_retry_initial_ms: 1000 # Min: 0
failure_policy_on_terminal_failure: surface_partial # Options: surface_partial, hard_fail, escalate_to_human
failure_policy_cancel_siblings_on_failure: false # Boolean
aggregation_strategy: concat_with_attribution # Options: sequential_pipe, concat_with_attribution, merge, last_wins, voting_quorum, judge_arbitration, none
platform-no-mesh: # Use ingress/API gateway and client libraries; lower complexity; fewer advanced traffic controls.
gateway_type: api_gateway # Options: api_gateway, ingress_controller, load_balancer
client_library_approach: rest_http # Options: rest_http, grpc, graphql
load_balancing: gateway_level # Options: gateway_level, dns_round_robin, client_side
observability_strategy: application_level # Options: application_level, gateway_only, hybrid
agentic-session--stateless: {} # Each request is independent; the agent does not persist any conversation context between invocations.
agentic-model-vendor--anthropic: # Architectural pattern for systems whose models are built by Anthropic (the Claude family: Opus, Sonnet, Haiku).
enable_token_efficient_tool_use_beta: true # Boolean
prompt_caching_recommended_blocks: # Options: system_prompt, tool_definitions, long_context_documents, few_shot_examples
- system_prompt
- tool_definitions
- long_context_documents
agentic-inference--anthropic: # LLM inference via Anthropic's direct API (api.anthropic.com).
enable_token_efficient_tool_use_beta: true # Boolean
iac-terraform: # Manage infra declaratively with Terraform modules, state, and pipelines.
state_backend: s3 # Options: s3, terraform-cloud, azurerm, gcs, local
workspace_strategy: single # Options: single, per-environment, per-service
module_structure: monorepo # Options: monorepo, separate-repos, registry
ci_cd_integration: github-actions # Options: github-actions, gitlab-ci, terraform-cloud, atlantis, manual
drift_detection: false # Boolean
P1:
agentic-output-safety-guardrail: # Post-LLM scan of agent outputs before delivery to users or external systems.
detection_action: redact-and-continue # Options: redact-and-continue, block-and-explain, block-silent, human-review, regenerate
obs-agentic-system: # Production observability tailored for agentic systems. Adds agent-specific tracing (LLM call inputs/outputs, tool dispatch, step graph), cost attribution per archetype/tenant/task, token budget accounting, eval-metric streams, and agent lifecycle metrics. Composes on top of obs-open-telemetry-baseline. Selected unconditionally when agentic_system is declared.
log_full_prompts: false # Boolean
agentic-input-safety-guardrail: # Pre-flight inspection of user inputs and tool-returned content before they reach the agent's LLM.
fallback_on_guardrail_failure: fail-closed # Options: fail-open, fail-closed
block_action: reject-with-explanation # Options: reject-with-explanation, reject-silent, sanitize-and-continue, human-review
agentic-tool-scoped-credentials: # Each tool call uses a credential narrowly scoped to that tool's operation, not a shared agent-wide credential.
fail_action_on_credential_error: fail-closed # Options: fail-closed, fail-open, fallback-to-shared
agentic-multi-pass-review: # Architecture where one agent session generates output and a separate, independent session reviews it.
review_session_isolation: fully_independent # Options: fully_independent, shared_context_acceptable
api-rest-resource-oriented: # REST API designed around resources (nouns) manipulated via standard HTTP verbs (GET, POST, PUT, DELETE, PATCH). Resources are identified by stable URLs, responses are cacheable by default, and pagination/filtering are expressed as query parameters. Simpler tooling and stronger HTTP cache semantics than GraphQL; well-suited to public APIs and CRUD-heavy domains.
pagination_style: offset # Options: offset, cursor, page_number
max_page_size: 100 # Range: 10-1000
versioning_strategy: uri # Options: uri, header, query_param, none
filtering_style: query_params # Options: query_params, json_body, graphql_like
cache_strategy: etag # Options: etag, last_modified, cache_control, none
id_format: uuid # Options: uuid, integer, slug, composite
response_envelope: false # Boolean
agentic-validation-retry-loop: {} # Layered pattern that wraps any agent output with deterministic validation and retries with specific error feedback.
sync-request-reply-rest: # Synchronous HTTP APIs; simple integration; needs timeouts/retries/backpressure.
timeout_seconds: 30 # Range: 1-300
retry_strategy: exponential_backoff # Options: none, fixed_delay, exponential_backoff, exponential_backoff_jitter
max_retries: 3 # Range: 0-10
circuit_breaker_enabled: true # Boolean
rate_limiting_strategy: token_bucket # Options: none, token_bucket, leaky_bucket, fixed_window, sliding_window
idempotency_required: false # Boolean
agentic-tool-use-extraction: # Single-shot structured data extraction using the tool_use mechanism with a forced tool_choice.
composes:
layered_after:
- agentic-output-safety-guardrail
deploy-rolling: # Gradually replace instances; simplest for stateless services; requires backward-compatible changes.
batch_size: 25_percent # Options: 10_percent, 25_percent, 50_percent, one_at_a_time, all_at_once
health_check_grace_period: 30 # Range: 10-300
rollback_on_failure: true # Boolean
deployment_strategy: replace_one_by_one # Options: replace_one_by_one, rolling_batch, canary_first
max_unavailable: 0_percent # Options: 0_percent, 10_percent, 25_percent
composes:
layered_after:
- iac-terraform
sec-auth-oauth2-oidc: # Use OAuth2 flows with OIDC identity tokens; standardized claims; delegated auth support.
oauth_flow: authorization_code # Options: authorization_code, client_credentials, device_code, implicit
token_storage: secure_storage # Options: secure_storage, memory_only, encrypted_storage, httponly_cookie
pkce_enabled: true # Boolean
scope_strategy: minimal # Options: minimal, role_based, resource_specific
token_refresh: automatic # Options: automatic, manual, sliding_window
id_token_validation: strict # Options: strict, standard, relaxed
composes:
wraps:
- api-rest-resource-oriented
crud-single-model: # Simple CRUD on one canonical model; lowest complexity; best for straightforward domains.
api_style: rest # Options: rest, graphql, rpc
validation_strategy: server-side # Options: server-side, client-side, both
soft_delete: false # Boolean
audit_logging: false # Boolean
pagination_default_size: 20 # Range: 10-100
finops-cost-allocation-tags: # Tagging/labeling strategy for per-tenant/product cost allocation and chargeback/showback.
tagging_strategy: hierarchical # Options: hierarchical, flat, hybrid
enforcement_level: required # Options: required, recommended, optional
cost_allocation_model: showback # Options: chargeback, showback, hybrid
tag_inheritance: true # Boolean
automated_tagging: true # Boolean
release-feature-flags: # Decouple deploy from release; safer experiments; needs kill switches and governance.
flag_storage: config_file # Options: config_file, database, feature_flag_service, environment_variables
evaluation_strategy: simple_boolean # Options: simple_boolean, percentage_rollout, user_targeting, multi_variate
targeting_capability: none # Options: none, user_attributes, context_based, advanced_segments
kill_switch_enabled: true # Boolean
audit_logging: false # Boolean
hosting-agentic-managed-ai-platform--dify: # Visual agent platform with native multi-agent orchestration via Agent Node + plug-in Agent Strategies; built-in RAG pipeline, 50+ tool integrations, model management, observability.
deployment_mode: cloud_managed # Options: cloud_managed, self_host_docker, self_host_kubernetes
obs-telemetry-backend: # Self-hosted observability backend combining Prometheus (metrics storage and alerting), Grafana (dashboards), and Loki (structured log aggregation). Provides the storage and query layer for traces, metrics, and logs; consumed by instrumentation and monitoring strategy patterns. Preferred when data residency, cost control, or customization requirements preclude a managed SaaS observability backend.
metrics_retention_days: 15 # Options: 7, 15, 30, 90, 365
log_retention_days: 7 # Options: 1, 3, 7, 14, 30
backend_ha: false # Boolean
obs-open-telemetry-baseline: # Standardize traces/metrics/log correlation via OpenTelemetry; export to vendor or OSS backends.
export_backend: otlp # Options: otlp, jaeger, zipkin, prometheus, datadog, newrelic, honeycomb
trace_sampling_strategy: parent-based # Options: always-on, always-off, parent-based, trace-id-ratio
trace_sampling_rate: 1.0 # Range: 0.0-1.0
metrics_export_interval: 60 # Range: 10-300
log_correlation: true # Boolean
resource_detection: true # Boolean
propagation_format: w3c-tracecontext # Options: w3c-tracecontext, b3, jaeger, multi
composes:
co_runs_with:
- api-rest-resource-oriented
secrets-env-vars: # Inject secrets as env vars; simple but risk of exposure; requires strict process controls.
injection_method: runtime # Options: runtime, build-time, container-startup
secret_rotation_support: false # Boolean
prefix_convention: APP_SECRET_ # Options: APP_SECRET_, SECRET_, SENSITIVE_, none
validation_on_startup: true # Boolean
finops-budget-guardrails: # Implement budgets, alerts, tagging, and policy-as-code guardrails to enforce cost ceilings and prevent runaway spend.
budget_period: monthly # Options: monthly, quarterly, annual
alert_thresholds:
- 50
- 80
- 100
enforcement_action: alert # Options: alert, prevent, throttle
tagging_strategy: mandatory # Options: mandatory, recommended, optional
policy_enforcement: soft # Options: soft, hard, audit
cost_allocation_level: project # Options: project, team, environment, service
ops-slo-error-budgets: # Define SLOs and error budgets to balance reliability and velocity.
slo_target_percentage: 99.9 # Range: 90-99.999
measurement_window_days: 30 # Options: 7, 28, 30, 90
error_budget_policy: halt-deployments # Options: halt-deployments, alert-only, slow-rollouts, require-approval
sli_type: availability # Options: availability, latency, throughput, correctness, composite
alerting_threshold_percentage: 80 # Range: 50-100
agentic-provenance-tracking: {} # Architectural pattern for synthesis agents that combine findings from multiple sources into a unified output.
P2:
api-versioning-header: # Version via headers/media types; keeps URLs stable; harder to debug and cache.
version_header_name: API-Version # Options: API-Version, X-API-Version, Accept-Version, Custom-Header
version_format: date-based # Options: semantic, date-based, sequential
fallback_behavior: latest-stable # Options: latest-stable, oldest-supported, reject-request
content_negotiation: false # Boolean
deprecation_policy: warning-header # Options: sunset-header, warning-header, both
gov-system-manifest: # Pin and govern the inventory of components (agent-tools, agent-skills, agent-models, agent-prompts, services, data sources, external dependencies) the system depends on at a declared manifest path; CI validates on every PR and drift between manifest and built system fails the build.
manifest_path: docs/architecture/manifest.yaml
manifest_format: yaml # Options: yaml, toml, json
manifest_scope: # Options: agent-tools, agent-skills, agent-models, agent-prompts, data_sources, services, external_dependencies
- agent-tools
- agent-skills
- agent-models
- agent-prompts
pin_versions: true # Boolean
ci_validation: required # Options: required, optional, off
drift_policy: fail-build # Options: fail-build, warn-only, off
composes:
layered_after:
- iac-terraform
co_runs_with:
- release-feature-flags
- gov-adrs-mandatory
- ops-runbooks
P3:
ops-runbooks: # Standard runbooks for incidents and routine ops; reduces MTTR and on-call stress.
runbook_format: markdown # Options: markdown, wiki, structured_yaml, ticketing_system
incident_severity_levels: 4 # Options: 3, 4, 5
escalation_policy: tiered # Options: tiered, follow_the_sun, flat, hybrid
automation_integration: manual # Options: manual, semi_automated, fully_automated
review_frequency: quarterly # Options: monthly, quarterly, biannual, post_incident
gov-adrs-mandatory: # Record architecture decisions and tradeoffs; improves continuity; keep lightweight.
adr_format: madr # Options: madr, nygard, y-statements, custom
storage_location: docs/adrs # Options: docs/adrs, docs/architecture/decisions, adr, wiki
decision_threshold: significant # Options: all, significant, strategic-only
review_requirement: peer-review # Options: peer-review, architect-approval, team-consensus, none
# ============================================================
# Cost Feasibility Analysis (Summary)
# ============================================================
#
# Intent: optimize-tco
# Amortization: 24 months
# Total Patterns Selected: 36
#
# COST BREAKDOWN:
# ────────────────────────────────────────────────────────────
# Total CapEx (one-time): $ 85,450
# Pattern OpEx (monthly): $ 1,040
# Ops Team Cost (monthly): $ 12,600 (1 × $14,000)
# Total OpEx (monthly): $ 13,640
# Total TCO (24mo): $ 412,810
#
# COST CEILINGS:
# ────────────────────────────────────────────────────────────
# CapEx Ceiling: $ 175,000 ✓ PASS
# OpEx Ceiling (monthly): $ 20,000 ✓ PASS
#
# ============================================================
# ============================================================
# Cost Feasibility Analysis (Details)
# ============================================================
#
# Intent: optimize-tco
# Amortization: 24 months
#
# Ops Team Cost Breakdown:
# Base: 1 engineers × $14,000/month = $14,000
# On-call multiplier: 1.5x (on-call burden)
# Deploy frequency multiplier: 0.6x (deploy_freq: daily, high automation)
# Adjusted ops cost: $14,000 × 1.5 × 0.6 = $12,600/month
#
# Deploy Frequency Options (DORA State of DevOps):
# on-demand: 0.5x (very high automation)
# daily: 0.6x (high automation)
# weekly: 0.8x (moderate automation)
# biweekly: 0.9x (manual processes)
# monthly: 1.0x (very manual)
# quarterly: 1.1x (extremely manual)
#
#
# Ops Team Cost Algorithm (for reference):
# Formula: ops_team_size × single_resource_monthly_ops_usd × on_call_multiplier × deploy_freq_multiplier
# Based on:
# - Google SRE Handbook (2016): On-call burden = 25-50% FTE overhead
# - DORA State of DevOps (2021): Deploy frequency impact on ops overhead
#
# Calculating costs for 36 selected patterns:
#
# PER-PATTERN COSTS:
# ────────────────────────────────────────────────────────────
#
# 1. arch-monolith (match score: 34.00)
# Adoption: $500.0
# Monthly (min): $50.0
# Monthly (expected): $50.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $500.0 + ($50.0 × 24) = $1,700.0
#
# 2. db-managed-postgres (match score: 32.00)
# Adoption: $1,200.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $1,200.0 + ($0.0 × 24) = $1,200.0
#
# 3. agentic-output-safety-guardrail (match score: 31.00)
# Adoption: $1,800.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $1,800.0 + ($30.0 × 24) = $2,520.0
#
# 4. obs-agentic-system (match score: 31.00)
# Adoption: $4,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $4,500.0 + ($100.0 × 24) = $6,900.0
#
# 5. agentic-input-safety-guardrail (match score: 30.00)
# Adoption: $1,800.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $1,800.0 + ($30.0 × 24) = $2,520.0
#
# 6. platform-kubernetes (match score: 30.00)
# Adoption: $8,000.0
# Monthly (min): $200.0
# Monthly (expected): $200.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $8,000.0 + ($200.0 × 24) = $12,800.0
#
# 7. agentic-tool-scoped-credentials (match score: 28.00)
# Adoption: $3,000.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $3,000.0 + ($30.0 × 24) = $3,720.0
#
# 8. agentic-multi-pass-review (match score: 26.00)
# Adoption: $5,000.0
# Monthly (min): $50.0
# Monthly (expected): $50.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $5,000.0 + ($50.0 × 24) = $6,200.0
#
# 9. agentic-topology--hierarchical (match score: 26.00)
# Adoption: $8,000.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $8,000.0 + ($100.0 × 24) = $10,400.0
#
# 10. platform-no-mesh (match score: 26.00)
# Adoption: $1,500.0
# Monthly (min): $200.0
# Monthly (expected): $200.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $1,500.0 + ($200.0 × 24) = $6,300.0
#
# 11. api-rest-resource-oriented (match score: 25.00)
# Adoption: $750.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $750.0 + ($0.0 × 24) = $750.0
#
# 12. agentic-validation-retry-loop (match score: 25.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $2,500.0 + ($0.0 × 24) = $2,500.0
#
# 13. sync-request-reply-rest (match score: 25.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $300.0 + ($0.0 × 24) = $300.0
#
# 14. agentic-session--stateless (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $10.0
# Monthly (expected): $10.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $1,500.0 + ($10.0 × 24) = $1,740.0
#
# 15. agentic-multi-agent-required (match score: 25.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $0.0 + ($0.0 × 24) = $0.0
#
# 16. agentic-model-vendor--anthropic (match score: 25.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $0.0 + ($0.0 × 24) = $0.0
#
# 17. agentic-inference--anthropic (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $5.0
# Monthly (expected): $5.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $1,500.0 + ($5.0 × 24) = $1,620.0
#
# 18. agentic-tool-use-extraction (match score: 25.00)
# Adoption: $1,500.0
# Monthly (min): $5.0
# Monthly (expected): $5.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $1,500.0 + ($5.0 × 24) = $1,620.0
#
# 19. agentic-system-required (match score: 24.00)
# Adoption: $0.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $0.0 + ($0.0 × 24) = $0.0
#
# 20. deploy-rolling (match score: 24.00)
# Adoption: $800.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $800.0 + ($0.0 × 24) = $800.0
#
# 21. sec-auth-oauth2-oidc (match score: 23.00)
# Adoption: $3,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $3,500.0 + ($0.0 × 24) = $3,500.0
#
# 22. crud-single-model (match score: 22.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $300.0 + ($0.0 × 24) = $300.0
#
# 23. finops-cost-allocation-tags (match score: 21.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $2,500.0 + ($0.0 × 24) = $2,500.0
#
# 24. release-feature-flags (match score: 19.00)
# Adoption: $2,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $2,000.0 + ($0.0 × 24) = $2,000.0
#
# 25. api-versioning-header (match score: 16.00)
# Adoption: $1,200.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $1,200.0 + ($0.0 × 24) = $1,200.0
#
# 26. hosting-agentic-managed-ai-platform--dify (match score: 15.00)
# Adoption: $4,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $4,000.0 + ($0.0 × 24) = $4,000.0
#
# 27. obs-telemetry-backend (match score: 14.00)
# Adoption: $2,000.0
# Monthly (min): $30.0
# Monthly (expected): $30.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $2,000.0 + ($30.0 × 24) = $2,720.0
#
# 28. obs-open-telemetry-baseline (match score: 12.00)
# Adoption: $3,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $3,500.0 + ($100.0 × 24) = $5,900.0
#
# 29. secrets-env-vars (match score: 11.00)
# Adoption: $300.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $300.0 + ($0.0 × 24) = $300.0
#
# 30. finops-budget-guardrails (match score: 10.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $2,500.0 + ($0.0 × 24) = $2,500.0
#
# 31. ops-runbooks (match score: 8.00)
# Adoption: $2,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $2,500.0 + ($0.0 × 24) = $2,500.0
#
# 32. ops-slo-error-budgets (match score: 8.00)
# Adoption: $4,500.0
# Monthly (min): $100.0
# Monthly (expected): $100.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $4,500.0 + ($100.0 × 24) = $6,900.0
#
# 33. agentic-provenance-tracking (match score: 8.00)
# Adoption: $3,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $3,000.0 + ($0.0 × 24) = $3,000.0
#
# 34. gov-system-manifest (match score: 7.00)
# Adoption: $4,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $4,000.0 + ($0.0 × 24) = $4,000.0
#
# 35. iac-terraform (match score: 7.00)
# Adoption: $3,500.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $3,500.0 + ($0.0 × 24) = $3,500.0
#
# 36. gov-adrs-mandatory (match score: 7.00)
# Adoption: $2,000.0
# Monthly (min): $0.0
# Monthly (expected): $0.0
# Ops cost: $0 (no infrastructure)
# ──────────────────────────────────────
# TCO (24mo): $2,000.0 + ($0.0 × 24) = $2,000.0
#
# Total TCO (24mo): $412,810.0
# Monthly operational ceiling: $20,000 ✓ PASS
# One-time setup ceiling: $175,000 ✓ PASS
# ============================================================
graph LR n_gov_system_manifest["gov-system-manifest"] -->|co-runs with| n_gov_adrs_mandatory["gov-adrs-mandatory"] n_gov_system_manifest["gov-system-manifest"] -->|co-runs with| n_ops_runbooks["ops-runbooks"] n_gov_system_manifest["gov-system-manifest"] -->|co-runs with| n_release_feature_flags["release-feature-flags"] n_obs_open_telemetry_baseline["obs-open-telemetry-baseline"] -->|co-runs with| n_api_rest_resource_oriented["api-rest-resource-oriented"] n_agentic_tool_use_extraction["agentic-tool-use-extraction"] -->|layered after| n_agentic_output_safety_guardrail["agentic-output-safety-guardrail"] n_deploy_rolling["deploy-rolling"] -->|layered after| n_iac_terraform["iac-terraform"] n_gov_system_manifest["gov-system-manifest"] -->|layered after| n_iac_terraform["iac-terraform"] n_sec_auth_oauth2_oidc["sec-auth-oauth2-oidc"] -->|wraps| n_api_rest_resource_oriented["api-rest-resource-oriented"] n_agentic_provenance_tracking["agentic-provenance-tracking"] -.->|co-runs with| n_agentic_code_orchestration["agentic-code-orchestration"] n_agentic_provenance_tracking["agentic-provenance-tracking"] -.->|co-runs with| n_agentic_mcp_server["agentic-mcp-server"] n_agentic_provenance_tracking["agentic-provenance-tracking"] -.->|co-runs with| n_agentic_multi_tool_workflow["agentic-multi-tool-workflow"] n_obs_agentic_system["obs-agentic-system"] -.->|co-runs with| n_agentic_code_orchestration["agentic-code-orchestration"] n_obs_agentic_system["obs-agentic-system"] -.->|co-runs with| n_agentic_mcp_server["agentic-mcp-server"] n_obs_agentic_system["obs-agentic-system"] -.->|co-runs with| n_agentic_multi_tool_workflow["agentic-multi-tool-workflow"] n_obs_open_telemetry_baseline["obs-open-telemetry-baseline"] -.->|co-runs with| n_api_graphql_schema_first["api-graphql-schema-first"] n_deploy_rolling["deploy-rolling"] -.->|layered after| n_iac_bicep["iac-bicep"] n_deploy_rolling["deploy-rolling"] -.->|layered after| n_iac_cloudformation["iac-cloudformation"] n_gov_system_manifest["gov-system-manifest"] -.->|layered after| n_iac_cloudformation["iac-cloudformation"] n_agentic_input_safety_guardrail["agentic-input-safety-guardrail"] -.->|wraps| n_agentic_code_orchestration["agentic-code-orchestration"] n_agentic_input_safety_guardrail["agentic-input-safety-guardrail"] -.->|wraps| n_agentic_mcp_server["agentic-mcp-server"] n_agentic_input_safety_guardrail["agentic-input-safety-guardrail"] -.->|wraps| n_agentic_multi_tool_workflow["agentic-multi-tool-workflow"] n_agentic_output_safety_guardrail["agentic-output-safety-guardrail"] -.->|wraps| n_agentic_code_orchestration["agentic-code-orchestration"] n_agentic_output_safety_guardrail["agentic-output-safety-guardrail"] -.->|wraps| n_agentic_mcp_server["agentic-mcp-server"] n_agentic_output_safety_guardrail["agentic-output-safety-guardrail"] -.->|wraps| n_agentic_multi_tool_workflow["agentic-multi-tool-workflow"] n_agentic_tool_scoped_credentials["agentic-tool-scoped-credentials"] -.->|wraps| n_agentic_mcp_server["agentic-mcp-server"] n_agentic_tool_scoped_credentials["agentic-tool-scoped-credentials"] -.->|wraps| n_agentic_multi_tool_workflow["agentic-multi-tool-workflow"] n_agentic_validation_retry_loop["agentic-validation-retry-loop"] -.->|wraps| n_agentic_mcp_server["agentic-mcp-server"] n_agentic_validation_retry_loop["agentic-validation-retry-loop"] -.->|wraps| n_agentic_multi_tool_workflow["agentic-multi-tool-workflow"] n_sec_auth_oauth2_oidc["sec-auth-oauth2-oidc"] -.->|wraps| n_api_graphql_schema_first["api-graphql-schema-first"] classDef pruned stroke-dasharray:4,color:#aaa,fill:#222,stroke:#888 class n_agentic_code_orchestration pruned class n_agentic_mcp_server pruned class n_agentic_multi_tool_workflow pruned class n_api_graphql_schema_first pruned class n_iac_bicep pruned class n_iac_cloudformation pruned
Reviewing step 8 the team takes two decisions on
obs-agentic-system:
log_full_prompts field defaults to
false (a PII-conservative default the registry
enforces). The team has reviewed their data and confirmed
PII is not in scope for this workload — so they turn it
true to persist full prompts and tool-call
inputs for replay and debugging.patterns.obs-agentic-system entry — explicit
choices win over registry defaults. Expand the inline spec
below to see the spec at this stage.# BEFORE — assumptions.patterns.P1.obs-agentic-system (registry default bucket = P1) assumptions: patterns: P1: obs-agentic-system: # registry defaultConfig applied implicitly log_full_prompts: False # AFTER — patterns.obs-agentic-system (top-level priority + config overrides; bumps P1 → P0) patterns: P0: # was P1 (registry default) obs-agentic-system: log_full_prompts: True # was False (registry defaultConfig) # Promotion: on recompile, obs-agentic-system lands in the P0 bucket of # assumptions.patterns.P0 (not P1). The approved # architecture's bucket-grouped patterns block reflects the new placement.
project:
name: research-agentic
domain: knowledge-management
functional:
summary: 'Multi-agent research system. A coordinator decomposes user queries,
dispatches web-search and document-analysis workers in parallel,
and a synthesizer combines findings with provenance. Notify on Slack.
'
constraints:
cloud: agnostic
language: python
platform: api
features:
ai_inference: true
agentic_system:
hosting: dify
topology: hierarchical
integrations:
slack: true
teams: false
discord: false
jira: false
github: false
gitlab: false
linear: false
email: false
calendar: false
notion: false
confluence: false
pagerduty: false
webhook: false
agents:
- agent: research-coordinator
archetype: orchestrator
purpose: Decompose research queries, dispatch workers, evaluate synthesis,
post final report.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- agent: web-searcher
archetype: extractor
purpose: Search the web for query subtopics, return findings with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: document-analyzer
archetype: extractor
purpose: Analyze internal documents for query-relevant content; return findings
with source attribution.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-haiku
model_id: claude-haiku-4-5
- agent: synthesizer
archetype: synthesis
purpose: Combine findings into a coherent report preserving claim-level provenance.
escalation:
policy: never
mutating_actions: false
dynamic_ui: false
streaming: false
processing_mode: realtime
session_strategy: stateless
models:
- role: primary
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-opus
model_id: claude-opus-4-7
- role: fallback
candidates:
- host_platform: anthropic
model_owner: anthropic
model_name: claude-sonnet
model_id: claude-sonnet-4-6
disallowed-patterns:
- agentic-jumpstarter--anthropic
cost:
intent:
priority: optimize-tco
ceilings:
monthly_operational_usd: 20000
one_time_setup_usd: 175000
operating_model:
ops_team_size: 1
single_resource_monthly_ops_usd: 14000
on_call: true
deploy_freq: daily
amortization_months: 24
patterns:
P0:
obs-agentic-system:
log_full_prompts: true
Final step: the compiler is run on the step-9 spec, then EVERY
key under assumptions.* is lifted into the top-level
spec body so the result has no assumptions section.
This is the contract from
skills/compiling-architecture/SKILL.md ("the approved
architecture must have no assumptions block. Every
field must be explicit"). The # STATUS: APPROVED
comment block is prepended at the top — matching the format the
skill documents.
The footer below the panel shows the verification: re-compiling
the promoted architecture must exit 0 (idempotent). The
implementing-architecture skill verifies handoff
readiness via grep -c "STATUS: APPROVED".
Approver name and date are anonymised placeholders here; in
practice the author fills them in at commit time.
# STATUS: APPROVED # Approved by: <architect-on-record> # Approved at: <YYYY-MM-DD> # # This header is consumed by skills/implementing-architecture/SKILL.md # to verify the architecture is handoff-ready. Recompilation of the # underlying spec invalidates this approval — fresh review required. project: name: research-agentic domain: knowledge-management functional: summary: 'Multi-agent research system. A coordinator decomposes user queries, dispatches web-search and document-analysis workers in parallel, and a synthesizer combines findings with provenance. Notify on Slack. ' constraints: cloud: agnostic language: python platform: api features: ai_inference: true agentic_system: hosting: dify topology: hierarchical integrations: slack: true teams: false discord: false jira: false github: false gitlab: false linear: false email: false calendar: false notion: false confluence: false pagerduty: false webhook: false agents: - agent: research-coordinator archetype: orchestrator purpose: Decompose research queries, dispatch workers, evaluate synthesis, post final report. escalation: policy: never mutating_actions: false dynamic_ui: false streaming: false processing_mode: realtime session_strategy: stateless models: - role: primary candidates: - host_platform: anthropic model_owner: anthropic model_name: claude-opus model_id: claude-opus-4-7 - role: fallback candidates: - host_platform: anthropic model_owner: anthropic model_name: claude-sonnet model_id: claude-sonnet-4-6 - agent: web-searcher archetype: extractor purpose: Search the web for query subtopics, return findings with source attribution. escalation: policy: never mutating_actions: false dynamic_ui: false streaming: false processing_mode: realtime session_strategy: stateless models: - role: primary candidates: - host_platform: anthropic model_owner: anthropic model_name: claude-sonnet model_id: claude-sonnet-4-6 - role: fallback candidates: - host_platform: anthropic model_owner: anthropic model_name: claude-haiku model_id: claude-haiku-4-5 - agent: document-analyzer archetype: extractor purpose: Analyze internal documents for query-relevant content; return findings with source attribution. escalation: policy: never mutating_actions: false dynamic_ui: false streaming: false processing_mode: realtime session_strategy: stateless models: - role: primary candidates: - host_platform: anthropic model_owner: anthropic model_name: claude-sonnet model_id: claude-sonnet-4-6 - role: fallback candidates: - host_platform: anthropic model_owner: anthropic model_name: claude-haiku model_id: claude-haiku-4-5 - agent: synthesizer archetype: synthesis purpose: Combine findings into a coherent report preserving claim-level provenance. escalation: policy: never mutating_actions: false dynamic_ui: false streaming: false processing_mode: realtime session_strategy: stateless models: - role: primary candidates: - host_platform: anthropic model_owner: anthropic model_name: claude-opus model_id: claude-opus-4-7 - role: fallback candidates: - host_platform: anthropic model_owner: anthropic model_name: claude-sonnet model_id: claude-sonnet-4-6 caching: false async_messaging: false multi_tenancy: false batch_processing: false distributed_transactions: false real_time_streaming: false vector_search: false document_store: false key_value_store: false graph_database: false time_series_db: false oltp_workload: true olap_workload: false cold_archive_tiering: false saas-providers: [] disallowed-saas-providers: [] ai-inference-platforms: [] disallowed-ai-inference-platforms: [] model-vendors: [] disallowed-model-vendors: [] tenantCount: 1 disallowed-patterns: - agentic-jumpstarter--anthropic cost: intent: priority: optimize-tco ceilings: monthly_operational_usd: 20000 one_time_setup_usd: 175000 preferences: prefer_free_tier_if_possible: true prefer_saas_first: false operating_model: ops_team_size: 1 single_resource_monthly_ops_usd: 14000 on_call: true deploy_freq: daily amortization_months: 24 nfr: availability: target: 0.95 rpo_minutes: 60 rto_minutes: 60 latency: p95Milliseconds: 500 p99Milliseconds: 1000 throughput: peak_query_per_second_read: 5 peak_query_per_second_write: 1 data: retention_days: 90 pii: false compliance: gdpr: false gdpr_rtbf: false ccpa: false hipaa: false sox: false consistency: needsReadYourWrites: false durability: strict: false security: auth: oauth2_oidc tenant_isolation: n/a audit_logging: false agentic_system: target: prompt_injection_block_rate_min: 0.95 output_safety_pass_rate_min: 0.99 pii_leak_rate_max: 0.01 jailbreak_detection_rate_min: 0.9 hallucination_rate_max: 0.1 toxic_output_rate_max: 0.005 patterns: meta: agentic-multi-agent-required: {} agentic-system-required: {} P0: arch-monolith: scaling_strategy: horizontal load_balancer_type: layer7 session_management: stateless deployment_strategy: rolling db-managed-postgres: provider: supabase instance_size: small storage_gb: 8 backup_retention_days: 7 connection_pooling: true high_availability: false ssl_mode: require platform-kubernetes: namespace_strategy: per-environment ingress_controller: nginx service_mesh: none operator_framework: native autoscaling: hpa network_policy: disabled agentic-topology--hierarchical: message_envelope_shape: structured_json response_envelope_shape: structured_json failure_policy_retry_max: 2 failure_policy_retry_backoff: exponential failure_policy_retry_initial_ms: 1000 failure_policy_on_terminal_failure: surface_partial failure_policy_cancel_siblings_on_failure: false aggregation_strategy: concat_with_attribution platform-no-mesh: gateway_type: api_gateway client_library_approach: rest_http load_balancing: gateway_level observability_strategy: application_level agentic-session--stateless: {} agentic-model-vendor--anthropic: enable_token_efficient_tool_use_beta: true prompt_caching_recommended_blocks: - system_prompt - tool_definitions - long_context_documents agentic-inference--anthropic: enable_token_efficient_tool_use_beta: true iac-terraform: state_backend: s3 workspace_strategy: single module_structure: monorepo ci_cd_integration: github-actions drift_detection: false obs-agentic-system: log_full_prompts: true P1: agentic-output-safety-guardrail: detection_action: redact-and-continue agentic-input-safety-guardrail: fallback_on_guardrail_failure: fail-closed block_action: reject-with-explanation agentic-tool-scoped-credentials: fail_action_on_credential_error: fail-closed agentic-multi-pass-review: review_session_isolation: fully_independent api-rest-resource-oriented: pagination_style: offset max_page_size: 100 versioning_strategy: uri filtering_style: query_params cache_strategy: etag id_format: uuid response_envelope: false agentic-validation-retry-loop: {} sync-request-reply-rest: timeout_seconds: 30 retry_strategy: exponential_backoff max_retries: 3 circuit_breaker_enabled: true rate_limiting_strategy: token_bucket idempotency_required: false agentic-tool-use-extraction: composes: layered_after: - agentic-output-safety-guardrail deploy-rolling: batch_size: 25_percent health_check_grace_period: 30 rollback_on_failure: true deployment_strategy: replace_one_by_one max_unavailable: 0_percent composes: layered_after: - iac-terraform sec-auth-oauth2-oidc: oauth_flow: authorization_code token_storage: secure_storage pkce_enabled: true scope_strategy: minimal token_refresh: automatic id_token_validation: strict composes: wraps: - api-rest-resource-oriented crud-single-model: api_style: rest validation_strategy: server-side soft_delete: false audit_logging: false pagination_default_size: 20 finops-cost-allocation-tags: tagging_strategy: hierarchical enforcement_level: required cost_allocation_model: showback tag_inheritance: true automated_tagging: true release-feature-flags: flag_storage: config_file evaluation_strategy: simple_boolean targeting_capability: none kill_switch_enabled: true audit_logging: false hosting-agentic-managed-ai-platform--dify: deployment_mode: cloud_managed obs-telemetry-backend: metrics_retention_days: 15 log_retention_days: 7 backend_ha: false obs-open-telemetry-baseline: export_backend: otlp trace_sampling_strategy: parent-based trace_sampling_rate: 1.0 metrics_export_interval: 60 log_correlation: true resource_detection: true propagation_format: w3c-tracecontext composes: co_runs_with: - api-rest-resource-oriented secrets-env-vars: injection_method: runtime secret_rotation_support: false prefix_convention: APP_SECRET_ validation_on_startup: true finops-budget-guardrails: budget_period: monthly alert_thresholds: - 50 - 80 - 100 enforcement_action: alert tagging_strategy: mandatory policy_enforcement: soft cost_allocation_level: project ops-slo-error-budgets: slo_target_percentage: 99.9 measurement_window_days: 30 error_budget_policy: halt-deployments sli_type: availability alerting_threshold_percentage: 80 agentic-provenance-tracking: {} P2: api-versioning-header: version_header_name: API-Version version_format: date-based fallback_behavior: latest-stable content_negotiation: false deprecation_policy: warning-header gov-system-manifest: manifest_path: docs/architecture/manifest.yaml manifest_format: yaml manifest_scope: - agent-tools - agent-skills - agent-models - agent-prompts pin_versions: true ci_validation: required drift_policy: fail-build composes: layered_after: - iac-terraform co_runs_with: - release-feature-flags - gov-adrs-mandatory - ops-runbooks P3: ops-runbooks: runbook_format: markdown incident_severity_levels: 4 escalation_policy: tiered automation_integration: manual review_frequency: quarterly gov-adrs-mandatory: adr_format: madr storage_location: docs/adrs decision_threshold: significant review_requirement: peer-review
<app-repo>/docs/architecture/architecture.yaml,
commit it. skills/implementing-architecture/SKILL.md
reads from that path. Recompilation of the underlying spec
invalidates the approval header — fresh review required.This walkthrough kept the loop tight — one signal per step. Several facilities of the compiler and the adjacent skills were intentionally out of scope:
patterns.<pid>.<field>: <value>),
but for the pattern's runtime config knobs (e.g.
obs-agentic-system.log_full_prompts: true) or
contributed NFR targets. Useful when registry defaults don't
fit your data-handling, latency, or availability requirements.rejected-patterns.yaml side file —
produced by verbose mode, lists every pattern the compiler
considered AND dropped, with per-pattern reasoning. The flip
side of "why was this pattern selected?" — equally useful for
debugging.composes relationship graph —
surfaced briefly in step 8, but with much more depth than the
demo showed. Each pattern can declare layered_after,
co_runs_with, wraps, and
dispatches edges. The compiler inlines a pruned
graph (only edges to selected patterns) into each pattern's
assumptions entry, and the approved architecture carries it
through into the explicit spec. The
implementing-architecture skill reads these edges
to drive its build order and runtime layering — for example,
Terraform infra provisions before rolling deploys ride on top
(layered_after), OAuth wraps the REST surface as
request-time auth (wraps).skills/implementing-architecture skill reads it and
scaffolds the project. See
skills/implementing-architecture/SKILL.md for the
workflow that picks up where this demo ends.compiling-architecture skill documents how to read
an existing prototype's choices into the spec before compiling.
See its "Brownfield" section for the protocol.The compiler's pattern registry is itself documented under
patterns/*.json; every pattern carries
reference_design_url + reference_developer_doc_url
fields pointing at the canonical product / SDK docs for that
technology.