Docs/00 foundations/03 50 50 rule

The Deterministic Boundary

Version: 1.0.0
Last updated: 2026-07-16

Purpose

Place probabilistic judgment and deterministic enforcement on the correct sides of an AI system boundary.

Why

“50/50” is a mnemonic, not a staffing, code-volume, or runtime quota. The correct split follows risk: use models for interpretation and generation; use code for identity, authorization, invariants, execution, accounting, and audit.

How

  1. List every proposed operation and its failure impact.
  2. Assign semantic work—classification, extraction, drafting, ranking—to the model.
  3. Assign enforceable policy—permissions, limits, schemas, transactions—to deterministic code.
  4. Validate the proposal against current authoritative state.
  5. Require approval for irreversible or high-impact actions.
  6. Evaluate both model quality and boundary enforcement.
const proposal = ProposalSchema.parse(await model.propose(request));
authorize(user, proposal.action, proposal.resource);
enforceBusinessLimits(proposal);
const result = await executeInTransaction(proposal);
await audit({ userId: user.id, proposal, result });

When

Apply this boundary to every feature that uses model output downstream, especially agents, financial operations, access-controlled retrieval, and external communications.

Tradeoffs

Choice Benefit Cost
Deterministic execution gate Prevents unauthorized effects Additional implementation
Human approval for high impact Reduces irreversible harm Higher latency
Model-only drafting Fast iteration Requires downstream verification

Anti-Patterns

  • Literal 50/50 allocation: invents a precision the heuristic does not support.
  • Authorization by prompt: asks the model whether a user may act.
  • Semantic rules in regex alone: forces ambiguous language understanding into brittle code.
  • Model executes its own proposal: collapses the control and data planes.

Enterprise Considerations

Map actions to risk tiers, segregation-of-duties controls, approval SLAs, and audit retention. Policy engines and resource APIs—not prompts—must remain the source of truth.

Checklist

  • Every side effect has a deterministic authorization check
  • Model output is schema-validated
  • Business invariants are enforced against authoritative state
  • Irreversible actions require proportionate approval
  • Audit records link proposal, decision, actor, and result
  • The split is justified by risk, not an arbitrary percentage

Changelog

  • 1.0.0 (2026-07-16): Reframed the 50/50 mnemonic as a risk-based deterministic boundary.