The Trusted Rig — Whitepaper
The architectural specification for the engineering rig we would trust to complete architect-level work, ship autonomously within bounded blast radius, and fix its own bugs with near-zero downtime.
This is a target document, not a description of the rig as it exists today. Closing the gap is a roughly six-month roadmap. For current state, see Implementation Status.
Core chapters
Section titled “Core chapters”Reading order follows the MkDocs ToC. Each chapter is self-contained; the index is the reading guide.
| # | Chapter | What it covers |
|---|---|---|
| 1 | Design Principles | Ten rules every other document is answerable to |
| 2 | Trust Model | What the rig decides alone; tiered autonomy by blast radius |
| 3 | Safety | Guards, stuck detection, hallucination mitigation, prompt injection defense |
| 4 | Security | Supply chain (Sigstore + SLSA), runtime (Kyverno + Cilium), attestation, secrets |
| 5 | Observability | OpenTelemetry + Langfuse/Phoenix + Prometheus, SLOs, traces, cost attribution |
| 6 | Cost Framework | LiteLLM proxy, per-agent budgets, rate-limit-aware dispatch, prompt caching |
| 7 | Self-Healing | Flagger canary, SLO-gated rollout, kill switches, DB migrations |
| 8 | Quality & Evaluation | Nightly eval harness, SWE-bench Pro, property-based testing, DORA metrics |
| 9 | Drift Detection | Model drift, prompt drift, code drift, config drift |
| 10 | Memory | pgvector-backed agent memory: schema, 5 MCP tools, limitations |
| 11 | Implementation Status | Single source of truth for what’s deployed vs. planned vs. deferred |
| 12 | MVP Scope | Minimum viable rig: 10 capabilities, ~3-4 pair-mode weeks |
Supplementary chapters
Section titled “Supplementary chapters”| Chapter | What it covers |
|---|---|
| Planner-E | Conversational intake and decomposition; Discord-thread-driven planning that converges on epics + child issues with TaskSpecs and tier classification |
| Tool Choices | ADR-style evaluation of every tool picked |
| Provider Portability | Vendor-neutral at four layers; Claude is default, others work too |
| Limitations | What the rig cannot do; where humans remain indispensable |
| Glossary | Vocabulary for both humans and AI readers |
Architecture overview
Section titled “Architecture overview”The whitepaper’s ten properties in one diagram:
graph TB
classDef foundation fill:#e8f5e9,stroke:#2e7d32,color:#000
classDef safety fill:#fff3e0,stroke:#e65100,color:#000
classDef autonomy fill:#e3f2fd,stroke:#1565c0,color:#000
classDef honesty fill:#fce4ec,stroke:#ad1457,color:#000
P1[1. Measurable]:::foundation
P2[2. Bounded blast radius]:::safety
P3[3. Reversible before irreversible]:::safety
P4[4. Execute, don't trust]:::foundation
P5[5. Attestable + replayable]:::foundation
P6[6. Progressive autonomy]:::autonomy
P7[7. Humans at semantic boundaries]:::autonomy
P8[8. Trusted control + untrusted data]:::safety
P9[9. Fail closed, fail known]:::honesty
P10[10. Simple enough to operate]:::honesty
P1 --> P6
P4 --> P2
P5 --> P6
P8 --> P2
P2 --> P3
P9 --> P7
P6 --> P7View Mermaid source
graph TB classDef foundation fill:#e8f5e9,stroke:#2e7d32,color:#000 classDef safety fill:#fff3e0,stroke:#e65100,color:#000 classDef autonomy fill:#e3f2fd,stroke:#1565c0,color:#000 classDef honesty fill:#fce4ec,stroke:#ad1457,color:#000
P1[1. Measurable]:::foundation P2[2. Bounded blast radius]:::safety P3[3. Reversible before irreversible]:::safety P4[4. Execute, don't trust]:::foundation P5[5. Attestable + replayable]:::foundation P6[6. Progressive autonomy]:::autonomy P7[7. Humans at semantic boundaries]:::autonomy P8[8. Trusted control + untrusted data]:::safety P9[9. Fail closed, fail known]:::honesty P10[10. Simple enough to operate]:::honesty
P1 --> P6 P4 --> P2 P5 --> P6 P8 --> P2 P2 --> P3 P9 --> P7 P6 --> P7Related
Section titled “Related”- Canonical whitepaper home — decision (issue #198, #201)
- The pre-#195
/whitepapers/URLs redirect automatically to/whitepaper/