Skip to content

13. Honest limits — optimization is empirical because workloads, models, and vendors move

~22 min read. A lead AI engineer does not optimize a single number; they make the tradeoff visible, measured, and reversible.

Builds on 00-eli5.md. The fuel ledger can explain the fleet, but the road, cars, prices, and passengers keep changing.

What previous chapters solved before this pressure appears

Capacity planning pulled every lever into a forecast. What still breaks is overconfidence: a spreadsheet can look precise while model versions, provider prices, cache semantics, traffic mix, eval criteria, and user behavior shift underneath it. This final chapter teaches the lead-engineer stance: optimize with measurements, guardrails, and rollback plans, not permanent certainty.

The accumulated lesson is already visible in the taxi fleet. meter ticks expose money, the ETA call exposes perceived wait, the dispatch board exposes route choice, and the fuel ledger keeps those choices honest. This file adds the next constraint without forgetting the earlier ones: every optimization relieves one pressure and creates another that some subsystem must absorb.

What this file solves

This file starts from this failure: six-month optimization plan misses by 40% after a provider changes pricing and a new prompt version lengthens outputs. It shows the concrete design move a lead engineer makes, the artifact to inspect, and the signal that proves the optimization helped instead of merely moving pain elsewhere.

The opening failure shows up in a concrete artifact

The failure is not abstract: a six-month optimization plan misses by 40% after a provider changes pricing and a new prompt version lengthens outputs. Here is the early artifact a reviewer can inspect.

An honest optimization review keeps a bet register beside the metric chart.

Optimization bet register:

Bet Expected win Guardrail Actual drift Action
prompt cache redesign $26k/mo hit rate >70% provider semantics changed revise
small-model route $40k/mo repair <12% workload repair 35% rollback slice
output cap -35% output incomplete <3% incomplete 11% rollback
edge fallback -250 ms TTFT success >88% 84% old devices segment

A smart team might try to fix the most visible line in that artifact. That is tempting, and it is incomplete. The root cause is moving ground: the workload and serving substrate are not constants. So how do we make cost-latency work reliable when the exact numbers keep changing? This is the root-cause pivot: not a local metric problem, a boundary-and-pressure problem.

A tiny version exposes the whole mechanism

A toy request makes the pressure visible: one request looks fine in isolation, but after route mix, retries, context, or output length changes, the user-visible workflow changes. The smallest example is enough to show why the lever must be measured at the workflow boundary.

Rule: Treat every optimization as a measured bet with an owner, expected pressure relief, new pressure, guardrail metric, and rollback path.

Why this rule exists. The taxi fleet manager knows the map changes: fuel prices, roadworks, new riders, and new cars force repeated measurement. The fuel ledger matters because it shows whether the new pressure landed in cost, latency, memory, quality, or operator attention.

1) Turn optimization claims into monitored bets

Start with the workflow, not the vendor feature. In Maya's review, the team takes one request and follows it from API ingress to model call, tool call, runtime behavior, and resource consequence. That cross-layer trace is the shortest path from symptom to lever. If the symptom is cost, the trace follows meter ticks. If the symptom is silence, it follows the ETA call. If the symptom is serving pressure, it follows the carpool lane and boot space.

user request
API gateway ── route/version ──► model/runtime
    │                              │
    │                              ├─ tokens / queue / KV / output
    │                              ▼
    └──────── outcome ◄──────── fuel ledger row

The counterintuitive part is that the most obvious metric can improve while the product gets worse. A smaller bill can hide more failed outcomes. Higher tokens/sec can hide longer queueing. A shorter prompt can hide missing evidence. The mechanism in this chapter is useful only when the trace keeps the relieved pressure and the newly created pressure in the same picture.

2) The bet register beside the dashboard

Picture the chapter as a pressure transfer, not a free lunch.

Before optimization                    After optimization
┌──────────────────────┐              ┌──────────────────────┐
│ visible pain          │              │ relieved pain         │
│ cost / wait / memory  │──change──►   │ lower local metric    │
└──────────┬───────────┘              └──────────┬───────────┘
           │                                      │
           ▼                                      ▼
 hidden cause not named                 new pressure appears
 retries, route mix, context,           quality, queueing, cache,
 output, provider limits                memory, fallback, ops

The diagram is the reason this module keeps returning to the fuel ledger. The ledger is where the second box becomes visible instead of surfacing as an invoice surprise, p99 incident, or quality complaint weeks later.

3) Maya writes an optimization decision record with rollback triggers

Maya threads one workload through the design review: a production assistant with real traffic, route versions, prompt versions, and outcome labels.

Attempt A — optimize the visible line

The first attempt changes the local knob associated with the opening symptom. The local dashboard improves. The team celebrates too early because the request boundary is still broken: retries, quality loss, queueing, cache misses, or memory pressure move elsewhere.

Attempt B — optimize with the pressure chain

The second attempt keeps the artifact, the rule, and the guardrail together. Maya writes the expected improvement, the pressure that may worsen, the owner of that pressure, and the rollback trigger. The dispatch board may change a route, the memorized route may change a prompt prefix, or the carpool lane may change scheduling, but the same request ID proves whether the user outcome survived.

4) Why measured experiments beat permanent rules

The plausible alternative is attractive because it is simpler to explain in a status update: change one knob, quote one percentage, and move on. That works for demos. It fails for lead-level ownership because it cannot answer which workload benefits and which workload pays.

Use this chapter's mechanism when the workload has the shape named in the opening artifact. Use the alternative when the product is small enough, stable enough, or low-risk enough that the extra machinery would cost more than it saves. The decision is not about elegance; it is about whether the signal-to-operator cost is worth it.

5) Drift is the pressure that invalidates yesterday’s win

Concrete numbers make the tradeoff review honest. The sample prices and memory figures below are illustrative; replace them with the provider, hardware, and workload numbers in your own stack.

Scenario Fresh input Cached input Output Extra condition Lesson
Prompt cache redesign 3500 2500 420 hit 80% $26k/mo expected
Provider cache semantics change 3500 800 420 hit 25% $7k/mo actual
Route to small model 2000 0 400 repair 10% $40k/mo expected
New workload mix 2000 0 400 repair 35% $18k/mo actual
Output cap launch 1800 0 250 incomplete +8% rolled back

The table teaches the design habit: every row says what improved and what might have worsened. If a row cannot name both, the proposal is not ready for production review.

6) The cache-saving plan that a provider update erased

Walk the failure from top to bottom. The user action enters the API. The application builds a prompt or route. The runtime spends tokens, queue time, cache memory, or output steps. The dashboard records a local improvement. Then the user-visible metric moves the wrong way.

That failure is not bad luck. It is what happens when the optimization changes one layer and the observation stops one layer too early. In a review, Maya asks for the missing link: where did the pressure go after the local metric improved? If nobody can answer, the change ships behind a small canary or does not ship.

7) Signals that reveal whether honest limits is healthy

  • Healthy behavior: claims include expected saving, quality guardrail, and rollback trigger.
  • First degrading metric: guardrail drift appears before finance or users escalate.
  • Misleading beginner metric: static benchmark result, because production mix changes.
  • Expert graph: decision register joined to dashboard: expected vs actual savings, quality, latency, and owner.

Mini-FAQ. "Why not watch the simplest metric?" Because the simplest metric is often the one the optimization directly manipulates. You need a paired guardrail that shows whether the system merely moved pain into another layer.

8) Boundaries where the chapter's lever works and where it turns pathological

  • Strong fit: ongoing production systems where models, prices, traffic, and prompts evolve.
  • Pathology: fixed offline batch jobs with stable inputs and low user risk.
  • Scale or workload limit: when you lack measurement, ownership, or rollback authority.

This boundary is not a disclaimer. It is a routing rule for engineering attention. The best optimization in one endpoint can be the wrong default for another endpoint with different latency tolerance, risk, context length, or outcome value.

9) Wrong mental model to replace

The wrong model is that optimization is a one-time cleanup. The better model is controlled adaptation: each lever changes the system, creates a new pressure, and must be revalidated as the ground moves.

The replacement model should change how you speak in design review. Do not say, "this reduces cost" or "this improves latency" without naming the request slice, expected magnitude, guardrail, and rollback trigger. Say which meter ticks, ETA call, carpool lane, or boot space pressure changed.

10) Other failure shapes you will recognize

  1. Sample failure. sample prices copied into docs and never refreshed.
  2. Benchmarks failure. benchmarks run on easy prompts only.
  3. Quality failure. quality guardrail omitted from cost experiment.
  4. Vendor failure. vendor feature semantics assumed portable.
  5. Rollback failure. rollback path missing for prompt/layout change.
  6. Savings failure. savings counted before repair and churn effects.
  7. Capacity failure. capacity forecasts not updated after route mix drift.

11) Cross-topic reinforcement — the same pressure shape returns

  • Every previous chapter supplied a lever; this chapter supplies the operating contract.
  • Dashboards are the evidence layer for whether a bet survived contact with production.
  • Reliability and incident-response modules reuse the same rollback-and-guardrail habit.
  • Inference serving engines next deepen the runtime mechanics behind batching, KV cache, and scheduling.

12) Design-review questions that catch shallow plans

  1. What pressure does this optimization relieve?
  2. What pressure does it create and who owns it?
  3. What production metric would force rollback?
  4. When will the assumption be remeasured?

Where this shows up in production

  • Enterprise support bot — turns route, token, cache, retry, and outcome rows into cost per resolved ticket rather than model spend per message.
  • Coding assistant — separates inline completions from agentic edits because typing flow, repo context, and repair loops have different budgets.
  • Search answer product — pays for rewriting, retrieval, reranking, synthesis, citations, and judge calls as one user-visible answer.
  • Voice assistant — treats dead air, cancellation, and local fallback as product features because users notice 100 ms gaps.
  • Back-office summarizer — uses larger queues and batches because humans care about daily throughput more than first-token immediacy.
  • Commerce assistant — protects purchase-changing actions with stronger routes while letting read-only advice run cheaper.
  • Internal data copilot — attributes spend by tenant, dataset, prompt version, and tool path so one team cannot hide another team's budget.
  • Education tutor — spends tokens on safety and pedagogy rules, then watches whether shorter answers still teach well.
  • Legal review workflow — keeps evidence and citation context even when compression pressure is high because unsupported claims are worse than cost.
  • Healthcare intake helper — uses conservative routing and buffered streaming because safety checks are part of the latency path.
  • Marketing content tool — controls output length and variant count because creative generation can silently explode spend.
  • Incident-response copilot — prefers predictable latency and logs over clever savings during high-severity operations.

Recall — rebuild honest limits from memory

  1. What concrete failure opened this chapter, and which artifact made it inspectable?
  2. What root cause made the naive fix insufficient?
  3. State the rule in one sentence without using vendor language.
  4. Which pressure does the mechanism relieve, and which new pressure can it create?
  5. Which operational signal degrades first when the mechanism is misapplied?
  6. Where is the boundary where this lever becomes pathological?
  7. How does this chapter reuse the fuel ledger or dispatch board from earlier chapters?
  8. What would you put in the rollback trigger for this optimization?

Interview Q&A

Q: What problem does honest limits actually solve?

A: It relieves the specific pressure from the opening failure: a six-month optimization plan misses by 40% after a provider changes pricing and a new prompt version lengthens outputs. The important answer names the workflow metric, the moved pressure, and the guardrail that keeps the optimization honest.

Common wrong answer to avoid: It is just a generic way to make LLMs cheaper or faster.

Q: Why is the naive fix dangerous?

A: Because the naive fix attacks the visible symptom while the root cause is the root cause is moving ground. It can improve a local metric and damage outcome quality, tail latency, memory, or operational clarity.

Common wrong answer to avoid: If the local metric improves, the product improved.

Q: What artifact would you inspect first?

A: The first artifact is the joined request trace or table for this chapter: route/version, token buckets, latency stages, outcome, and the topic-specific signal. Without it, the team debates guesses.

Common wrong answer to avoid: I would start by changing model parameters.

Q: How do you know the optimization worked?

A: The relieved pressure improves while the guardrail remains stable: claims include expected saving, quality guardrail, and rollback trigger. You also check the first degrading metric: guardrail drift appears before finance or users escalate.

Common wrong answer to avoid: The dashboard line for cost or latency went down.

Q: When should you avoid this lever?

A: Avoid it in the pathological case: fixed offline batch jobs with stable inputs and low user risk. The workload shape must match the mechanism, or the optimization moves cost into quality, memory, or user wait.

Common wrong answer to avoid: Use it everywhere because it is a best practice.

Q: What is the common wrong mental model?

A: The wrong model is that optimization is a one-time cleanup. The better model is controlled adaptation: each lever changes the system, creates a new pressure, and must be revalidated as the ground moves.

Common wrong answer to avoid: The obvious intuition is good enough.

Q: How does this connect to earlier chapters?

A: It reuses the workflow boundary from cost anatomy, the stage trace from latency anatomy, and the fuel ledger discipline. The lever should be explained as pressure relief plus a new pressure, not as an isolated trick.

Common wrong answer to avoid: Earlier chapters are background only; this mechanism stands alone.

Apply now (10 min)

Step 1 — model the exercise. Use the modeled table in this chapter, then pick one feature you own or know. Fill in the same rows with rough numbers, change one assumption, and reproduce from memory which metric should improve, which guardrail could fail, and what rollback trigger you would set.

Step 2 — your turn. Pick a real LLM feature and write the same artifact with your own rough numbers. Name the pressure relieved, the pressure created, the owner, and the metric that would prove the change unsafe.

Step 3 — reproduce from memory. Close the file and redraw the two diagrams: request trace and pressure transfer. Then restate the rule and the first degrading metric without looking.

What you should remember

This chapter explained why the opening failure is not solved by changing one local knob. The useful move is to make the request boundary inspectable, apply the topic rule, and watch the paired guardrail so the optimization cannot hide its cost in another subsystem.

You learned to describe the lever as pressure movement: what it relieves, what it creates, and which team or resource absorbs the new cost. That is the difference between a trick and an operating practice.

Carry the diagnostic forward: if the dashboard cannot show the artifact, the route or version, the user outcome, and the first degrading signal in one place, the optimization is not yet reviewable.

Remember:

  • Treat every optimization as a measured bet with an owner, expected pressure relief, new pressure, guardrail metric, and rollback path.
  • The first artifact to inspect is the trace/table that exposes a six-month optimization plan misses by 40% after a provider changes pricing and a new prompt version lengthens outputs.
  • The first degrading signal is: guardrail drift appears before finance or users escalate.
  • The misleading beginner signal is: static benchmark result, because production mix changes.
  • Every optimization must name what pressure it relieves, what pressure it creates, and who owns the new cost.

Bridge. We have turned cost and latency optimization into measured pressure management rather than folklore. The next module goes deeper into inference serving engines, where batching, KV cache, schedulers, and hardware constraints become the runtime machinery behind these product decisions.

../02_inference_serving_systems/00-eli5.md