home strategic briefing
spine agent specs physics engine sovereignty map motion map lexicon identity graph provenance infrastructure
screen 08 — infrastructure requirements

Infrastructure Stack

You need less “AI magic” and more boring authority. Agents only behave when the surrounding system forces them to.

Infrastructure first. Autonomy later. That’s not caution; it’s arithmetic.
1 Canonical Data Layer identity first
Identity is the first constraint. If identity is fuzzy, every downstream “signal” is just mislabeled noise.
  • id graphAccount ↔ Domain ↔ Contact ↔ Lead ↔ Opportunity. And the conversion rules between them.
  • normalizationPick the “source of truth” fields: industry, employee_range, region, icp_tier, owner, stage.
  • dedupe policyDeterministic first, probabilistic second, human review for conflicts. In that order.
2 Data Pipeline & Event Model event stream
Agents need an event stream, not a pile of tables. Speed-to-signal is a data engineering problem wearing a GTM costume.
  • connectors
    CRM (SFDC / HubSpot)
    Marketing Automation
    Sales Engagement
    Web Analytics
    Product Telemetry
    Data Warehouse
  • event schemawho / what / when / source / context with stable IDs. Not emails as primary keys.
  • freshnessTimestamps, SLAs, and “signal decay” rules. If data is stale, agents must know it’s stale.
the constitution

Control plane services

This is the “constitution” every agent must obey.

3a Permissions & Secrets
  • rbac / abacRole- and attribute-based access. Agent can read X, write Y, never touch Z.
  • secretsShort-lived tokens, rotation, no plaintext keys in prompts or logs. Ever.
3b Policy Engine code, not guidelines
Implement as code, not guidelines.
“No CRM writes without approval.”
“No campaign send without preview + human confirm.”
“No enrichment purchase beyond budget threshold.”
3c Provenance Logging
For every agent decision. This is your audit trail and your debugging tool.
field
type
description
inputs_used
object[]
All data inputs consumed
tool_calls
object[]
Every external API call: tool, params, response
model_version
string
Prompt + model semantic version
confidence
float
0.0 – 1.0
output
object
The decision / recommendation produced
human_approved
boolean
Whether a human reviewed before execution
4 Tooling Layer safe action interfaces
Agents shouldn’t call Salesforce or HubSpot directly. Build thin wrapper APIs (“safe tools”) that enforce permissions, validate payloads, rate-limit, require approvals for high-impact operations, and log everything.
If the agent is an operator, these wrappers are the lock on the door.
enforce permissions
Every call checked against RBAC before execution. No bypass.
validate payloads
Schema validation on every write. Reject malformed data at the boundary.
rate limit
Per-agent, per-tool, per-hour. Prevent runaway loops from burning API quotas.
require approvals
High-impact operations queue for human review. Campaign send, stage change, ownership change.
log everything
Every tool call produces a provenance record. No silent actions.
fail safely
Timeouts, retries with backoff, graceful degradation. No hanging state.
5 Human-in-the-Loop Workflow not optional
Approvals aren’t optional; they’re how you scale without becoming reckless.
  • queuesRecommended actions: routing change, stage change, sequence launch, budget reallocation. All queue before execution.
  • approver rolesRevOps, Marketing Ops, Sales Ops, Finance. Each has a defined domain.
  • escalationTimeout policies. If no approval within SLA, escalate or auto-reject. No actions stuck in limbo.
6 Evaluation Harness before you let agents loose
Treat agents like production software. No eval harness = no right to autonomy.
  • offline replayRun agents on historical weeks/quarters. Compare recommendations against known outcomes.
  • golden datasetsKnown-good mappings, known-bad edge cases. Curated, versioned, maintained.
  • metricsFalse positive rate for “ready.” Time-to-action. Stage inflation detection. Routing accuracy. Downstream win-rate lift (later).
No eval harness = no right to autonomy.
7 Observability & Incident Response
Agents will fail. Your job is to make failure loud, bounded, and reversible.
  • monitoringTool-call anomalies, permission drift, unexpected write volume.
  • alertingSlack/PagerDuty thresholds. Humans find out in minutes, not days.
  • kill switchPer-agent and global. No heroics.
  • rollbacksFor CRM writes and configuration changes. Every write is reversible.
8 Environment & Deployment Discipline
  • environmentsDev / staging / prod with separate credentials and datasets. No sharing.
  • versioningPrompts, policies, and tools. Treat prompts like code.
  • ci/cdAutomated tests for policy compliance and tool wrappers. Deploy like software because it is software.
minimum viable

The stack that counts as real

If you’re trying to build an MVP without a six-month platform project, the minimum that still counts as “real”:

1
Identity Graph
+ dedupe rules
2
Event Schema
+ freshness tracking
3
Tool Wrappers
+ permissions + logging
4
Approval Workflow
for writes
5
Provenance
+ basic monitoring

Everything else is acceleration; those five are survival.

Infrastructure first. Autonomy later. That’s not caution; it’s arithmetic.
agent spec template back to doctrine