← Essays

Adaptive AI Operating System: Universal Principles for Routing Intelligence

A portable, generic principle set for designing AI systems that treat intelligence as infrastructure.

What this is: A portable, fully generic principle set for designing AI systems that treat intelligence as infrastructure. No personal or setup-specific content; it transfers to any builder, team, or agent. Read the thesis first, then the five layers, then the Laws. The Open Frontier at the end is unresolved on purpose.

Core thesis: AI systems should route intelligence the way infrastructure routes power: use the cheapest sufficient capability, preserve context, adapt over time, and automate anything deterministic. Intelligence should be applied only where uncertainty, synthesis, or judgment exists; everything else should become infrastructure.

The whole thing compresses to five subsystems working as one: model routing, memory governance, skill graph, deterministic execution, and continuous evaluation, all sitting on top of one architectural commitment: own the substrate, rent the intelligence.

How to read this

  • Each principle is a statement plus why it matters (the failure it prevents).
  • Principles are grouped into five layers; the layers are a system, not a menu.
  • The Laws are the irreducible compression. If only one section survives transfer, keep that one.
  • Vocabulary is deliberate. Phrases like skill graph, Decision OS not Agent OS, evidence not truth, controlled creativity, creative idempotency, state delta, orientation < pointer < merge < proof, and the map is not the work are compression handles. Preserve them verbatim so the meaning reconstructs cleanly.

Layer A. Routing and efficiency · where intelligence is spent

A1. Job-relevant efficiency, not benchmark efficiency. Evaluate a model by what the job actually costs: tokens, latency, energy, output quality, error rate, and human-correction cost, not abstract benchmark scores. Billing is per token, not per job, so the cheapest model is the one that finishes the job well with the fewest tokens. The missing eval is which model does which kind of job, scored objectively on time, energy, quality, and tokens.

A2. Route to capability; do not be loyal to a model. Cheap models for trivial or deterministic work; strong models for ambiguity, synthesis, architecture, debugging, and high-risk calls. Both directions waste money: under-powering hard tasks creates rework, over-powering trivial ones just burns.

A3. Make routing a shared map, not private trial-and-error. The right model-for-task balance should be discoverable guidance, so every person and team does not re-derive it by hand. (The meta-cost, that routing is itself judgment, is unresolved; see Open Frontier.)

A4. Deterministic work must escape the LLM loop. If a procedure is deterministic, generate a script, tool, or workflow once and run it forever. Do not spend tokens on mechanical repetition that needs no synthesis. Intelligence should stay where it belongs.

A5. Optimize total cost, not token cost. Tokens, latency, money, human review, maintenance, and complexity are all costs. Systems that minimize tokens alone routinely inflate everything else. The tiebreaker is that smoothness and reliability outrank raw token cost: a cheap path that fails costs more than the expensive one that works.

A6. Creative idempotency. Harden the proven into cheap, deterministic, reusable form; keep the unproven liquid, multi-angle, and exploratory. The timing is the whole discipline. Standardize too early and you kill discovery; too late and you cement a mess. A4 says what to make deterministic; this says when, and to leave exploration alone.

Layer B. Memory and knowledge · what the system knows

B1. Memory must be recall-aware. Storage is not enough. Memory needs trigger rules for when to recall, when to ignore, when to update, when to delete, and incoming information is adjudicated (reject, park, promote, operationalize), not merely stored. Knowing when to remember is the hard part.

B2. Memory is evidence, not truth. Stored is not true. Stored is a claim. Every memory carries source, confidence, last-verified date, contradiction history, and a review or expiry policy. Otherwise the store silently fills with stale assumptions.

B3. Detect drift and update in batches. The system must know when facts, docs, skills, and procedures go stale, then refresh them in batches rather than letting them rot in place.

B4. Load context by relevance, not by location. Do not ask which folder holds this. Ask what is relevant right now. Retrieval should be semantic and perspective-weighted, not path-based.

B5. Learn system-wide from local events. Information surfaced in one session or context may matter to a different part of the system that looks unrelated at first. And the system's own operating history is itself a behavioral dataset (episodes, repeated workflows, contradictions, taste, decision habits, failure modes) to be mined, not a log to be searched. Local discoveries must not stay trapped where they appeared.

Layer C. Skills and capability · what the system can do

C1. Skills are a graph, not a flat list. A skill should be able to trigger other skills conditionally; the agent selects the path based on context, goal, risk, and intermediate results. This is controlled creativity: branching with guardrails. Skills assembled from external sources are taken as evidence and inspiration, adapted by fit, never adopted as authority wholesale.

C2. Capabilities are discovered, not hardcoded. The system should dynamically learn what each tool, model, and skill can actually do, rather than baking assumptions in and going stale.

C3. Own the substrate, rent the intelligence. (architectural keystone) There must be an owned core (memory, evidence, routing, control logic, promotion logic, writeback protocol) that is never delegated to a replaceable executor. Executors, whether models, agents, tools, or providers, are swappable; the spine is not, and no executor is ever allowed to become the source of truth. Every executor runs the same operating loop rather than carrying its own memory, config, and stale interpretation.

C4. The execution harness is LLM-agnostic. Models are replaceable workers behind stable interfaces and adapters. Provider-neutrality is the consequence of owning the substrate (C3), not a goal pursued on its own. Agent-agnosticism is proven by replacement, not by adapters existing: swap the primary executor mid-task and the work continues from spine context, or the claim is orientation (D6), not proof (D5).

Layer D. Governance and provenance · how the system stays trustworthy

D0. Govern in proportion to risk. (the meter for every principle in this layer) Receipts, observability, claims, and approval all cost. Spend them in proportion to reversibility and blast radius, never uniformly; applied uniformly they defeat the system they are meant to protect. Four tiers:

  • Tier 0, read, search, classify: automatic, with aggregated or sampled evidence.
  • Tier 1, reversible local edit: automatic in scope, with a state delta plus rollback reference.
  • Tier 2, bounded spend or side effect: a pre-authorized budget, with a full receipt plus validation.
  • Tier 3, public, destructive, financial, or security-sensitive: explicit or pre-authorized approval, with a full trace, preview, and recovery plan.

D1, D3, and D4 below are read through this meter; they describe the Tier-3 ceiling, not a universal floor.

D1. Every action leaves a receipt, proportional to its tier (D0). What happened, why, on what evidence, which model, skill, memory, or tool, and what changed. Tier-0 reads are sampled; Tier-3 acts are fully traced. The invariant is accountability: actions stay reconstructable. "Every action, full forensic receipt" is the wrong rung, and it bankrupts the system on overhead.

D2. Preserve explicit uncertainty. Agents must distinguish I know, I think, I suspect, I do not know, and carry that uncertainty through the entire chain. Treating all information as equally certain is a primary source of failure.

D3. Humans own irreversible decisions, by setting the envelope, not by being paged. The invariant is that an agent must be authorized for the consequences it imposes. But authorization is mostly standing, not synchronous. You grant an envelope in advance (scope, budget, blast-radius, reversibility ceiling) and inside it the agent acts without asking. It escalates only when an action would leave the envelope: spend over the cap, blast radius beyond the grant, an irreversibility class you never pre-approved, or a kind of action you have never authorized. "Post for me" inside an approved topic, tone, and rate policy is automatic; "wire $10k," "delete prod," or "post outside the policy" escalates. Asking permission to do the thing you already authorized is itself a governance failure: a nagging agent is violating D3, not enforcing it.

D4. Observability before autonomy. Build the ability to explain why an agent acted before granting it autonomy to act. If you cannot explain it, do not automate it. Observability is passive, so pair it with active self-healing: the system hunts its own decay (drift, stale memory, duplicate authority, orphan outputs, cost leaks, dead automations) and proposes the smallest fix, naming the owner. Self-healing has levels (detect, diagnose, propose, auto-fix only reversible known failures, escalate) and may never silently rewrite canonical policy, memory rules, or approval boundaries. The system does not get to amend its own constitution in the name of repair.

D5. Proof is a state delta, not a document. A report describing success is not success. Verify by what actually changed: what retired, what got greener, what is now recallable, whether the surface count went down. Never verify by the existence of an artifact about it. This is the harder twin of D1: a receipt records a change, this insists the change be real before the receipt means anything.

D6. Integration has levels: orientation < pointer < merge < proof. Knowing a thing exists, linking to it, actually consolidating it, and proving it runs are four distinct states. Most "done" claims are the first or second wearing the costume of the fourth. Always name the level you are actually at.

D7. Claim before you touch. An executor leases the surface it is about to modify, so authority stays singular and two agents never write conflicting truth into the same place.

Layer E. Evolution and intent · how the system grows

E1. Separate intent from execution. "I want 10k installs" is intent; SEO, Reddit, ASO, and partnerships are execution. Hold goals independently of implementation, or execution patterns ossify into rigid habits.

E2. Every repeated success becomes infrastructure, when it earns it, not at a rep count. Promote when recurrence is likely, input variance is understood, exceptions are bounded, expected savings exceed build plus maintenance plus coordination plus failure cost, and the artifact has a removal path. A useful default, pays for itself within the next 3 to 5 uses, beats has already happened 5 times: a deterministic file-convert may earn it at 2, a subjective design pass may not at 20, a catastrophic failure earns a guardrail at 1. The promoted artifact encodes the standard, what "good" looks like, not just the steps, or it rots into bland repetition.

E3. Every repeated failure becomes a rule. Recurring mistakes (edits the wrong file, skips validation, hallucinates paths) generate guardrails, checks, policies, and deterministic validation. Learn from failure as aggressively as from success; a system that only learns wins learns slowly.

E4. The decision is the primary artifact. Projects, models, skills, and tools are implementation detail that churns. Decisions are durable. A mature system is a Decision OS, not an Agent OS: optimize for the quality and durability of decisions, not for agent behavior. But a decision only counts as an artifact if it carries its falsifier and review trigger: the expected outcome, the assumption that would invalidate it, and when to recheck. Without those, a Decision OS is a rationale archive, not a learning system.

E5. Default to subtraction. Net progress is fewer owners, fewer stale paths, fewer duplicate configs, fewer re-litigated decisions, and the smallest fix that works. A system that only adds is decaying while looking busy.

E6. The map is not the work. When analysis, setup, or synthesis starts standing in for execution, that is the trigger to force a bounded kill, keep, or merge, not to produce more map. It is the most dangerous failure mode, because it feels the most like progress.

The Laws · irreducible core

  1. Discover reality before acting.
  2. Own the spine; rent the executors.
  3. Route to the cheapest sufficient capability.
  4. Store evidence, not truth.
  5. Recall only what is relevant.
  6. Keep humans on irreversible decisions.
  7. Convert repetition into infrastructure.
  8. Learn from failures as aggressively as successes.
  9. Make everything observable.
  10. Prove the change; do not trust the report.
  11. Subtract by default.
  12. Separate intent from execution.
  13. Optimize for decisions, not agent behavior.
  14. Do not let the map become the work.
  15. The control plane must earn its keep. (every move yields an outcome delta or a system delta; system-only deltas need a payback argument, and the OS tax is capped. Law 14 is the trigger, 15 is the meter.)
  16. Govern in proportion to risk. (the intensity of receipt, claim, approval, and review scales with reversibility and blast radius, never uniform.)

Open Frontier · unresolved on purpose; do not transfer these as solved

  • The routing regress. Choosing which model to use is itself judgment. A naive router burns a strong model deciding whether to use a weak one, eating the savings it was meant to create.
  • Receipt overhead. "Every action leaves a receipt" (D1) is in tension with the anti-grind bias (A4). Provenance can cost more than the work it records. It is sharpened, not solved, by D5: even a real state delta has a price.
  • Drift-detection cost. Knowing when things go stale (B3) requires continuous re-verification, which is not free. The missing piece is the trigger policy. Event-based, scheduled, or confidence-decay?
  • One retrieval mechanism or two? Recall-aware memory (B1, the when) and relevance over location (B4, the how) may be the same weighted-perspective system or two distinct ones.
  • Who classifies "irreversible"? D3 puts humans on irreversible decisions, but labeling a decision irreversible is itself a decision, an infinite regress unless the default is: on uncertainty, escalate to a human.
  • The hardening threshold. (Downgraded, not closed.) E2 replaces a rep-count with an expected-value test (pays for itself within 3 to 5 uses). The residual is honesty about inputs: recurrence probability and input variance are themselves estimates, and a confident but wrong estimate cements noise into deterministic concrete just the same.
  • Subtraction versus resilience. Default-to-subtract (E5) assumes duplication is waste, but some duplication is fault-tolerance. "Fewer surfaces" can quietly delete redundancy that was protecting you. The missing piece is how to tell dead duplication from load-bearing redundancy.
  • Claim-leasing overhead. D7 (claim before you touch) stops two agents from overwriting the same surface, but the locking itself has a cost: every agent has to check what is already claimed, record its own claim, release it when done, wait when something is contended, and clean up stale claims left by runs that crashed mid-task. With one agent the machinery is pure waste; with many it grows with their number. The missing piece is when the coordination tax of leasing exceeds the cost of the collisions it prevents.

The shape underneath several of these (routing regress, receipt overhead, drift cost, hardening threshold, claim-leasing overhead) is one question: when is the meta-work worth its cost? It now has a partial answer in proportional governance (D0, Law 16), the OS-tax ceiling (Law 15), and the expected-value test (E2). But the honest residual remains: all three rest on cost and probability estimates, and the policy that estimates those well is still the real prize.