Skip to content

13. Honest admission

~7 min read. Twelve chapters of apparatus. None of them solve the problem entirely. This chapter is the calibrated list of what the on-call apparatus cannot fix, where the community is young, and the limits a thoughtful lead should be transparent about.

Continues from 12-architect-checklist.md. The previous chapters built confidence; this one is the counterweight. The apparatus is a powerful discipline; the discipline has boundaries.

The AI on-call apparatus is a load-bearing piece of platform engineering. It catches AI-specific failures, makes response routine, and turns incidents into apparatus improvements. None of that makes it complete.

1 — The apparatus does not improve the AI

A well-designed apparatus catches and contains AI failures faster. It does not make the AI better. The model, the prompt, the retrieval, the data quality — none of these are improved by the apparatus. The apparatus's job is to make the AI's failures recoverable; the AI's own quality is the work of the AI engineering modules. A team that hopes the apparatus will compensate for a fragile underlying system will be disappointed.

2 — Apparatus quality cannot exceed the signal quality

The alert plane depends on signals from production: eval-on-traffic, gateway telemetry, cost data, safety classifiers. If any of these signals is noisy, sparse, or missing, the alerts they feed have the same limitations. The apparatus is bottlenecked by its weakest signal source. Investing in apparatus while neglecting the signal pipeline produces an apparatus that looks complete and behaves blind.

3 — Drills cannot anticipate the novel incident

The scenario library covers known failure shapes — those the team has observed or imagined. The first incident of a truly novel shape will catch the apparatus unprepared. The runbook does not exist; the escalation path is improvised; the postmortem documents lessons the team never had a chance to drill. The apparatus's recovery is the discipline of learning fast from novel incidents, not the impossibility of having drilled them.

4 — Alert precision and recall trade off against each other

Tightening thresholds improves precision and degrades recall. Loosening does the opposite. The apparatus cannot have both maximum precision and maximum recall on a single alert; some balance is chosen, and the choice has costs. Per-tier alerts (paging tier vs. ticket tier) help; they do not eliminate the trade-off. A lead should know where on the curve each alert sits and why.

5 — Postmortem learning is bounded by who is in the room

Postmortems extract what the participants notice. Insights specific to systems outside the participants' expertise — a subtle interaction with the data pipeline, an undocumented behaviour in the model gateway, a regulatory implication — may not surface. The mitigation is to broaden participation, but the bound remains: postmortems are as good as the room. Teams over-rely on the document and under-invest in cross-team postmortem participation.

6 — The apparatus runs on humans

Every chapter ultimately depends on engineers being awake, attentive, and responsive. The apparatus's design can reduce the load, distribute it fairly, and detect overload — it cannot eliminate the requirement that humans be in the loop. A platform's apparatus health is bounded by its rotation health; degrading rotation health is a structural risk the apparatus design cannot fix from inside.

7 — Multi-tenant alert fatigue compounds across teams

A team running one or two AI features can tune alerts per feature. A platform with dozens of features faces compound alert fatigue: each feature's alerts add to the on-call's stream. Engineers exposed to ten features' alerts mute earlier than engineers exposed to two. The apparatus's design at platform scale needs alert prioritisation, deduplication, and severity tiering that single-feature teams may not need. Scaling the apparatus is not just replicating it.

8 — Provider escalation is asymmetric

The apparatus can detect provider drift in minutes. The provider's response timeline is theirs, not yours. For provider incidents, the apparatus's value is independence from the provider's response — fallback chains, model pinning, cache fall-through. The apparatus cannot make providers faster; it can only make the team less dependent on them being fast.

9 — Cost containment is a blunt tool

Feature flags, tenant quotas, agent rate limits — the cost-spike runbook's kill paths — are blunt. They protect the bill at the cost of user impact (the affected tenant's feature is degraded or off). The apparatus accepts this trade because the alternative is worse, but the trade is real. A user who pays for a service and loses it temporarily because of an internal cost issue has a legitimate complaint. The apparatus should accept that some cost incidents produce customer-success conversations.

10 — Drill realism is bounded by what is safe to inject

Chaos injection at the gateway can simulate drift, latency, error rates. It cannot easily simulate the second-order effects: angry customer escalations, regulator inquiries, social-media spread. Live drills exercise the technical apparatus; they do not exercise the organisational apparatus. The team's response to a real reputational incident is rarely fully drilled.

11 — Apparatus debt is silent

Unlike technical debt in the codebase, apparatus debt does not slow daily engineering work directly. Stale runbooks, deferred drills, unwired alerts, broken escalation hops — none of these slow the next feature ship. The cost is paid in the next incident, not in the next sprint. A team that prioritises feature work over apparatus work will look productive until the apparatus fails. The discipline is to make apparatus debt visible (the checklist, the readiness score) so the trade-off is conscious.

12 — Some failures the apparatus rationally accepts

Not every failure is worth preventing. A very low-frequency, low-impact failure may be cheaper to absorb than to alert on, runbook for, drill against, and remediate. The apparatus should not aim for zero incidents; it should aim for incidents within acceptable cost. The discipline is to be explicit about which failures are accepted, why, and at what cost — not to pretend the apparatus catches everything.

What the module did not cover

  • The technical depth of each signal source. Eval-on-traffic, drift detection, safety classifiers — each is a discipline with its own modules. The apparatus consumes them as inputs.
  • The product/customer-success dimension. Customer communication during incidents, status pages, post-incident follow-up with affected users. Touched lightly here; covered in broader incident management.
  • Cross-organisation apparatus design. The apparatus across multiple business units of a large company; consistency, federation, central vs. distributed ownership. The patterns are sketched; the deep design is beyond this module.
  • Regulatory-specific apparatus. Healthcare, financial services, children's products — each has compliance overlays that change the apparatus shape.
  • AI safety incidents at the model-development scale. Pre-training data issues, fine-tuning regressions at the model lab — these are upstream of this module.

A reader who needs depth in any of these should treat the module as a foundation, not a destination.

The lead engineer's honest position

When the apparatus is failing, the lead's job is to diagnose the layer:

  • Is it an alert problem? The signal is there but the alert is not wired or is tuned wrong.
  • Is it a runbook problem? The alert fires but the procedure is stale, ambiguous, or missing.
  • Is it an escalation problem? The runbook works but the next hop is undefined or unresponsive.
  • Is it a learning problem? The incident closes but the postmortem produces no apparatus update.
  • Is it a drill problem? The apparatus is documented but never exercised; real behaviour and documented behaviour diverge.
  • Is it a health problem? The apparatus is designed well but the engineers running it are overloaded.

Each layer is different work. The discipline is to know which layer is failing rather than treating every failure as "the apparatus is broken."

The unsettled patterns

Some patterns in this module are not stable yet:

  • AI-specific cause taxonomy. The eight categories in chapter 09 are a starting point; the community has not converged. A team's distribution should be reviewed periodically and the taxonomy refined.
  • Calibration of alert sensitivity to deploy windows. How tight to make the deploy-anchored window, how long it stays open, how to reset after. Patterns are emerging; consensus is not.
  • Cross-team postmortem participation. When the cause spans teams (data, model, gateway, product), who attends the postmortem, who owns the follow-ups. Practice varies.
  • Apparatus-debt budgeting. How to budget apparatus engineering work alongside feature work; how to make the trade-off visible to leadership. Few teams have a standard practice.
  • Drill-injection safety. Tools for safe chaos injection are improving; the practice is uneven across the industry.

A reader returning to this module in two years should expect these to have shifted.

Interview Q&A

Q1. The apparatus is mature; incidents still happen. What is the honest expectation? The apparatus's value is not zero incidents; it is incidents within acceptable cost. A mature apparatus catches AI-specific failures fast, contains them within minutes, learns from each one. The aim is mean time to contain bounded, repeat-shape incidents trending down, and apparatus updates flowing from each. Expecting zero incidents misaligns the team — they will either stop reporting or stop trying. Common wrong answer to avoid: "if we still have incidents, the apparatus failed" — incidents are the apparatus's load, not its failure.

Q2. Walk through the layer diagnosis when the apparatus is performing poorly. Six layers: alert (signal missing or tuned wrong), runbook (procedure stale or ambiguous), escalation (next hop undefined or slow), learning (postmortems produce no updates), drill (documented vs. real behaviour diverged), health (engineers overloaded). For each layer, the metric and the intervention differ. The diagnosis is structural: which layer is the symptom pointing to. Common wrong answer to avoid: "the apparatus needs a redesign" — usually one layer is failing; redesign is broader than needed.

Q3. The team has a layer-3 problem — escalation is slow. The fix takes a quarter of engineering. How do you make it visible to leadership? Quantify the cost of the layer-3 gap: incidents extended by N minutes because escalation took longer than SLO; the cumulative customer impact. Position the fix as bounded engineering work with a clear outcome (reduced mean time to context, reduced incident duration). Make apparatus debt visible the way technical debt is visible — through metrics, not through narrative. Common wrong answer to avoid: "leadership will understand" — they will not without numbers.

Q4. What is the honest position on what the apparatus cannot do? It cannot improve the underlying AI, exceed its signal quality, anticipate novel incidents, have both maximum alert precision and recall, eliminate human dependency, or make providers faster. It cannot eliminate apparatus debt without engineering investment, and it cannot pretend zero-incident operation. It is a discipline with bounded value within its boundaries. Common wrong answer to avoid: "the apparatus catches everything" — promises more than the discipline can deliver.

Q5. What is the most important thing a lead should not promise about the apparatus? The apparatus will not catch incidents whose shape is genuinely novel. The first time a failure family appears in a way the team has not seen, the apparatus's recovery — fast learning, fast apparatus updates — is the discipline, not zero-fault detection. Promising the apparatus prevents all incidents is a promise that will not hold; the team's reputation suffers when the inevitable novel incident arrives. Common wrong answer to avoid: "we have all the bases covered" — the bases the team knows about, yes; the bases ahead, no.

What to do differently after reading this

  • Treat the apparatus as a discipline with boundaries; do not promise more than it delivers.
  • Diagnose the layer when the apparatus is failing; do not treat every failure as the whole apparatus failing.
  • Make apparatus debt visible alongside feature work; budget for it.
  • Accept that some failures are rationally absorbed rather than prevented.
  • Treat this module as a foundation; revisit when the unsettled patterns settle.

Bridge. This closes the AI runbooks and on-call operations module. The on-call apparatus is one side of operational safety; tool-execution sandboxes are the other — isolating the AI's actions from the systems they touch. The next module is that discipline. → ../07_tool_execution_sandboxes/00-first-principles.md