Autonomous AI agents no longer just respond. They make decisions, execute actions, and modify your information system without waiting for explicit instructions. This autonomy challenges the very foundations of software architecture as we know it.<\/p>\n\n\n\n
Traditional software architectures (monoliths, microservices, event-driven) rest on a principle: each component executes explicit instructions according to predefined rules. An order management microservice receives a request, applies deterministic logic, and returns a response. Everything is traced, predictable, auditable.<\/p>\n\n\n\n
This predictability allows architects to draw clear diagrams. If the user does A, the system does B. If stock is empty, the order is blocked. Patterns like CQRS or Saga rely on this certainty: we know in advance what each component can do.<\/p>\n\n\n\n
An AI agent analyzes context, reasons about the objective to achieve, and autonomously determines which actions to undertake. It doesn’t execute a pre-established script. It decides. This autonomy creates a gap between architectures designed for rigid processes and agents capable of unpredictable decisions.<\/p>\n\n\n\n
Agents can act simultaneously on the same data without centralized coordination. Unlike microservices that collaborate according to predefined orchestrations, agents decide on the fly.<\/p>\n\n\n\n
Example:<\/strong> A system deploys three agents: support, billing, loyalty. A customer reports a defective product. The support agent processes the complaint while the billing agent generates a payment reminder and the loyalty agent offers a discount voucher. The customer simultaneously receives a refund, a late payment reminder, and a compensation voucher. Three contradictory actions, no coordination.<\/p>\n\n\n\n Traditional coordination patterns (orchestrator, saga) assume predefined sequences. Here, sequences emerge from context. We need to rethink coordination for unprogrammed workflows.<\/p>\n\n\n\n According to Gartner, by 2028, 33% of enterprise applications will include agentic AI, up from less than 1% in 2024 (Source: Gartner, 2025<\/a>). This growth makes coordination critical.<\/p>\n\n\n\n An agent with database access can theoretically perform any operation authorized by its permissions. However, classic access controls (RBAC, ACL) were designed for human users or deterministic processes, not for entities capable of discovering new actions.<\/p>\n\n\n\n Example:<\/strong> An agent automates supplier contract management with read\/write access. A supplier contacts the agent to renegotiate. The agent decides to unilaterally reduce prices by 30% to “maintain the business relationship.” Technically, it had the rights. Strategically, it’s a disaster.<\/p>\n\n\n\n Access controls answer “who can do what?” but not “in which business context is this action legitimate?” We need guardrails that go beyond technical permissions.<\/p>\n\n\n\n Traditional logs record “what happened,” not “why.” With agents, the “why” is crucial.<\/p>\n\n\n\n Example:<\/strong> An incorrect invoice applies a 50% discount instead of 10%. Tracing back the chain, we discover that a loyalty agent had marked the customer as “priority VIP” following a complaint. The billing agent interpreted this status as a signal to apply maximum discount. Neither violated their rules.<\/p>\n\n\n\n Traceability for agentic systems requires a decision graph model. Each decision must be recorded with its context: data consulted, inferences drawn, alternatives considered, reason for the choice.<\/p>\n\n\n\n This traceability has a cost in storage and performance, but becomes essential for debugging and regulatory compliance (GDPR, AI Act).<\/p>\n\n\n\n Agents read and modify data over workflows spanning several minutes or even hours. ACID transactions, effective for atomic operations, no longer hold.<\/p>\n\n\n\n Example:<\/strong> An agent reads 10 units in stock and decides to order 5 additional units. During price negotiation (2 minutes), a second agent reserves 8 units. When the first agent finalizes, actual stock is at 2 units, but it orders based on 10. Result: unnecessary overstock.<\/p>\n\n\n\n Event-driven architectures (Event Sourcing, CQRS) offer paths forward, but require adaptations: optimistic locking, contextual validations before commit, compensation procedures in case of late conflict.<\/p>\n\n\n\n Traditional metrics (latency, throughput, error rate) no longer suffice. They provide a technical view, not a behavioral one.<\/p>\n\n\n\n Example:<\/strong> The dashboard displays “200 requests\/minute, 120ms latency, 0% error.” Everything seems nominal. Yet agents consume massive volumes of LLM tokens, generating unexpected costs. Some enter infinite reasoning loops, blocking business workflows. Technically, no error. Functionally, the system is broken.<\/p>\n\n\n\n We need to track: active agents, actions per agent, average decision chains, LLM tokens consumed, human escalation rate, objective resolution time. These metrics detect abnormal behaviors before they degrade service.<\/p>\n\n\n\n A supervisor agent centralizes coordination decisions. It receives intentions from other agents, arbitrates their execution, decides action order, and resolves conflicts. This pattern suits environments where consistency trumps reactivity (finance, critical workflows). The flip side: the supervisor becomes a potential contention point, and agents lose part of their autonomy.<\/p>\n\n\n\n Each agent has an explicit list of authorized actions. Any action outside the list is blocked by default, even if the agent has technical permissions. This approach inverts the traditional security model and effectively prevents unexpected actions. Recommended for agents interacting with sensitive data (finance, personal data, production systems). The trade-off: increased rigidity and heavy list maintenance.<\/p>\n\n\n\n Rules automatically trigger human validation for certain actions: financial amount, data criticality, agent confidence level, number of reasoning steps. This guardrail doesn’t prevent autonomy on simple tasks, but slows workflows requiring validation.<\/p>\n\n\n\n Each agent decision is recorded as a graph: data consulted, reasoning performed, actions executed, step order. This graph allows complete path reconstruction and becomes essential in regulated environments (health, finance, public sector) where automated decision traceability is legal. The cost: storage overhead and implementation complexity.<\/p>\n\n\n\n Each agent operates within a limited business domain and cannot exit its perimeter. An order management agent that needs to reserve stock solicits a “Stock” domain agent via an explicit API, rather than accessing the database directly. This separation limits impacts in case of failure, but restricts possible use cases.<\/p>\n\n\n\n Map risks.<\/strong> Identify which agents will access which data and assess the impact of an erroneous action. This mapping allows prioritizing security efforts.<\/p>\n\n\n\n Define autonomy levels.<\/strong> Classify agents into three categories: full autonomy, supervised autonomy, pure assistance. This classification must be documented and regularly revised.<\/p>\n\n\n\n Implement technical guardrails.<\/strong> Action whitelists, escalation rules, structured logs. These guardrails must be tested before production.<\/p>\n\n\n\n Test failure scenarios.<\/strong> Simulate two agents acting simultaneously, an agent making a wrong decision, canceling an action sequence. These tests reveal flaws before production.<\/p>\n\n\n\n Set up observability.<\/strong> Specific dashboards: active agents, actions per agent, decision chains, LLM costs, escalation rate. Alerts on abnormal behaviors.<\/p>\n\n\n\n Agentic systems challenge the foundations of modern software architecture. Proven patterns (microservices, event-driven, CQRS) remain valid, but no longer suffice. They must be complemented with new coordination, governance, and observability mechanisms.<\/p>\n\n\n\n Organizations integrating these patterns now deploy AI agents in production in a controlled, secure, and auditable manner. Others will suffer incidents, cost overruns, and functional inconsistencies.<\/p>\n\n\n\n The question is no longer whether you’ll deploy AI agents in your IS. The question is: is your architecture ready?<\/p>\n","protected":false},"excerpt":{"rendered":" Autonomous AI agents no longer just respond. They make decisions, execute actions, and modify your information system without waiting for explicit instructions. This autonomy challenges the very foundations of software architecture as we know it. The Gap: Architectures Built for Predictability How Classic Architectures Work Traditional software architectures (monoliths, microservices, event-driven) rest on a principle: … Continued<\/a><\/p>\n","protected":false},"author":2,"featured_media":2980,"template":"","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-2981","article","type-article","status-publish","has-post-thumbnail","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/article\/2981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/article"}],"about":[{"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/types\/article"}],"author":[{"embeddable":true,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/users\/2"}],"version-history":[{"count":3,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/article\/2981\/revisions"}],"predecessor-version":[{"id":2984,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/article\/2981\/revisions\/2984"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/media\/2980"}],"wp:attachment":[{"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/media?parent=2981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/categories?post=2981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/tags?post=2981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Action Governance<\/h3>\n\n\n\n
Decision Traceability<\/h3>\n\n\n\n
Data Consistency<\/h3>\n\n\n\n
System Observability<\/h3>\n\n\n\n
New Architecture Patterns<\/h2>\n\n\n\n
Supervisor Agent Orchestration<\/h3>\n\n\n\n
Action Whitelisting<\/h3>\n\n\n\n
Automatic Escalation<\/h3>\n\n\n\n
Decision Graph Traceability<\/h3>\n\n\n\n
Domain Isolation<\/h3>\n\n\n\n
Pattern<\/th> Main Advantage<\/th> Main Drawback<\/th> Typical Use Case<\/th><\/tr><\/thead> Supervisor agent<\/td> Centralized control<\/td> Bottleneck<\/td> Finance, critical workflows<\/td><\/tr> Action whitelist<\/td> Enhanced security<\/td> Rigidity, heavy maintenance<\/td> Sensitive data<\/td><\/tr> Automatic escalation<\/td> Guardrail without total blocking<\/td> Slows certain workflows<\/td> Selective human validation<\/td><\/tr> Decision graph<\/td> Total auditability<\/td> Storage overhead<\/td> Regulated environments<\/td><\/tr> Domain isolation<\/td> Impact limitation<\/td> Restricts use cases<\/td> DDD architecture<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n What Architects Must Do Now<\/h2>\n\n\n\n
Conclusion<\/h2>\n\n\n\n