Home · Architecture · Authority · Execution Trace · Dogma

Agentic Control Plane — Architecture

A deterministic, controller-driven execution model with explicit state transitions and strongly typed boundaries.

This page describes the core architecture of the agentic execution engine. It reflects the system as implemented — not a conceptual or aspirational design.

Architecture Overview

The system is built around a Controller with well-defined input and output contracts. The Controller is a pure, finite executor that coordinates agent calls, tool execution, and validation through an explicit state machine.

Agents are treated as untrusted. All side effects occur outside the Controller.

System Structure


Caller / API
    |
    v
+----------------------+
|      Controller      |
|  Pure FSM Executor   |
|  PLAN → WORK → TOOL  |
|        → CRITIC      |
|        → END         |
+----------------------+
    |           |
    |           v
    |      AgentDispatcher
    |      (schema + retries)
    |
    v
+----------------------+
|    ToolRegistry      |
|  Typed, deterministic|
|  external side effects
+----------------------+

(State is explicit and external)

Architectural Invariants

Pure Controller: No hidden state and no side effects.
Finite execution: Exactly one task per request.
Explicit FSM: PLAN → WORK → TOOL → CRITIC → END.
Untrusted agents: Agents emit JSON only.
Typed boundaries: All agent and tool interactions are schema-validated.

What This System Does Not Allow

No autonomous looping or self-advancing workflows.
No tool execution inside agents.
No hidden retries or implicit control flow.
No mutation of domain state by the Controller.
No non-deterministic failure modes.

Architectural Tradeoffs

Central Controller vs autonomous agents
Chosen for determinism, auditability, and testability.
Tradeoff: reduced emergent behavior.
Explicit FSM vs implicit chaining
Chosen to make execution traceable and bounded.
Tradeoff: more up-front structure.
External tools vs agent-native tools
Chosen to isolate side effects and enforce contracts.
Tradeoff: less agent autonomy.

Failure Modes Explicitly Handled

Schema-invalid agent outputs.
Unknown worker or tool identifiers.
Multiple tool requests in a single execution.
Invalid planner or critic outputs.
Non-terminating execution attempts.

Production Boundary

This system is a prototype. Production deployment would require:

Durable persistence and replayable state.
End-to-end observability and alerting.
Secrets management and execution isolation.
Versioned agent and tool contracts.
Concurrency, quota, and cost controls.