Open Design · Drawing Set OD-2026theme: true-blueprint [locked]
// Engineering review · Product management
Present an Engineering Blueprint like a Principal Architect
Decision brief for the eng org: how the sandbox, the sidecar, and the daemon fit together, what the invariants are, and the one irreversible step we're asking every team to sign off on this sprint.
DWG NO.OD-ARCH-014
DECISIONSIDECAR-ONLY IPC
OWNERPlatform
DATE2026-07-09
Cover styled as a drawing sheet: title block bottom-left carries the drawing number, the decision under review, the owning team and the review date. The whole deck is one engineering document to be read before the review meeting.
// Sheet index
Three sheets before we vote
SHT 01 · The pain
Why three plugin teams already asked for a back door around the daemon, and what that costs us.
SHT 02 · Tradeoffs
Direct daemon access vs sidecar-only IPC, compared on latency, audit coverage, and blast radius.
SHT 03 · Recommendation
The rollout, the CI gate that makes the rule self-enforcing, and how we measure it held.
Table of contents framed as a sheet index — each card is one section of the drawing set, ordered so the pain justifies the tradeoff analysis before the recommendation lands.
01
Sheet one
Agents keep finding the back door
Section divider: outline-stroked giant number bottom-right, drawn with text-stroke in the ink color so it reads as a construction line. Sets up the pain: exception requests are already happening.
// SHT 01 · system schematic
One door in, three daemon surfaces
Architecture schematic drawn as pure inline SVG: dashed component boxes, ice-blue connector lines with arrowheads, one amber annotation as the dimension line. The point of the diagram: the sandbox has exactly one path to the daemon's three surfaces.
// SHT 01 · invariants at risk
Four rules the exception would break
Every daemon-facing capability obeys four invariants today. A direct-access back door breaks all four at once, not just the one a team asks for.
Sidecar is the only broker in or out — no direct daemon socket from agent code
Every daemon data path derives from one resolved RUNTIME_DATA_DIR
Sidecar process stamps carry exactly five fields — app, mode, namespace, ipc, source
App business logic never imports another app's private internals directly
Exceptions asked
3 plugin teams — past two sprints
Latency claimed
~40ms/call — never independently measured
Audit coverage if granted
0% — direct calls bypass the sidecar log
Rollback cost
~3 weeks — full IPC path rewrite per team
Two-column layout: invariants as a checklist on the left, a dashed spec table on the right quantifying the cost of the requested exception — reads like a materials schedule on a real drawing.
02
Sheet two
Two paths, one clears the bar
Second divider. Same construction-line number device — introduces the two options under review.
// SHT 02 · sidecar-only IPC, scored against the status quo
What sidecar-only actually costs us
+2ms
added latency per call from sidecar validation
100%
of daemon calls covered by one audit trail
1
attack surface — one IPC socket, not N direct sockets
0
daemon internals imported by app code today
KPI grid: four measured costs and benefits of enforcing sidecar-only IPC. The amber number is the true cost — 2ms — set against three near-total wins.
// SHT 02 · cost of granting direct daemon access, scored 0-100
Where the risk concentrates
92blast radius
78audit gaps
61rollback risk
12latency saved
Direct access buys ~12 points of latency and costs 70+ points of audit and blast-radius risk. The exception doesn't clear the bar.
Bar chart rebuilt with hatched CSS bars. The amber hatched bar is the worst-scoring dimension — blast radius — set against the tiny latency win the exception would actually buy.
// SHT 03 · recommendation, rollout in four phases
Land the rule in one sprint
Freeze
No new direct-daemon exceptions merge after this review. Existing three stay on notice.
Migrate
Route all three exception requests through the sidecar broker within the sprint.
Enforce
CI gate fails any PR that imports daemon internals outside the sidecar boundary.
Measure
Audit-coverage dashboard tracked weekly for one quarter; report back at the next review.
Process steps with bracketed [01]–[04] counters, like detail callouts on a drawing. This is the recommendation: freeze, migrate, enforce via CI, then measure for a full quarter.
// SHT 03 · revision delta
Direct access vs sidecar-only IPC
Option A — grant the exception
Direct daemon access
Bypasses the sidecar's single audit trail
Three separate sockets, three separate blast radii
~3 weeks to unwind per team if reverted
Option B — this recommendation
Sidecar-only IPC
One broker, one audit trail, every call logged
+2ms measured cost, no team has hit a real ceiling
CI gate makes the rule self-enforcing going forward
Comparison: the exception the three teams are asking for vs the standing rule. Semantic good/bad tokens stay within the locked palette — coral and mint read as redline annotations.
"One broker, one audit trail, no exceptions."
— the irreversible step this review asks for
sign off: sidecar-only IPC, no exceptionsCI gate ships next sprintaudit-coverage review — quarterly
Closer doubles as the sign-off block: the invariant as a pull quote, the ask stamped as an amber pill. This is the one decision every function in the room needs to leave agreeing on.