Architecture Decision Records — Whilly Orchestrator

ADR-001 — Whilly as Control Plane, Not Autonomous Developer

Status

Accepted

Context

AI agents can generate code, run commands and modify repositories, but their outputs are non-deterministic and may be incorrect. A safe enterprise system needs deterministic control over task state, validation, auditability and human review.

Decision

Whilly is a control plane for AI-assisted engineering workflows, not a fully autonomous developer.

Whilly owns task intake, validation, queueing, worker claiming, prompt construction, runner invocation, state transitions, audit events, observability, verification and review checkpoints.

AI agents own only the bounded execution attempt.

Consequences

Positive:

  • clearer safety boundary;
  • better auditability;
  • easier enterprise adoption;
  • more honest documentation.

Negative:

  • more integration work for verification, PR and review loops.

ADR-002 — Keep Deterministic Core State Machine

Status

Accepted

Context

The current system has a clear task lifecycle: PENDING, CLAIMED, IN_PROGRESS, DONE, FAILED, SKIPPED, with release paths back to PENDING.

Decision

Preserve the deterministic task state machine. Represent project-specific stages as events, execution records or profile-aware hooks.

Consequences

Positive:

  • backward compatibility;
  • simpler worker logic;
  • easier operational reasoning.

Negative:

  • states such as NEEDS_REVIEW or VERIFIED may need events/metadata unless a future migration adds statuses.

ADR-003 — Introduce Declarative Project Profiles

Status

Proposed

Context

Different project types need different verification and review workflows. Hardcoding this into the worker loop would create brittle conditionals.

Decision

Introduce YAML/JSON project profiles with typed Pydantic models.

A profile defines project metadata, project type, workspace, sources, pipeline stages, verification commands, human review requirements, sinks and default runner.

Consequences

Positive:

  • extensible project-specific behavior;
  • easier onboarding;
  • lower need for code changes per project.

Negative:

  • schema and validation complexity;
  • misconfigured profiles can block execution.

ADR-004 — Verification as Configured Stage

Status

Proposed

Context

A task may currently become DONE when the runner exits with code 0 and prints a completion marker. This does not guarantee verification.

Decision

Verification is an orchestrator-managed stage configured by project profile. Agent completion and verification success are separate concepts.

For MVP, required verification failure prevents the task from being treated as fully successful in reports and sinks.

Consequences

Positive:

  • more honest success criteria;
  • better QA integration;
  • domain-specific validation.

Negative:

  • requires careful backward compatibility with current DONE semantics.

ADR-005 — Human-in-the-Loop as First-Class Checkpoint

Status

Proposed

Context

Human review exists indirectly through handoff files, PR review expectations and external tracker comments.

Decision

Human checkpoints become first-class pipeline stages configured by project profile.

A checkpoint may require human input before execution, after completion, before PR, or before merge/release.

Consequences

Positive:

  • safer workflows;
  • clear dashboard visibility;
  • better governance.

Negative:

  • requires UI/API support for review queues.

ADR-006 — PR Creation is a Configured Sink

Status

Accepted

Context

GitHub PR helper exists, but current worker loop should not be assumed to automatically create PRs after DONE.

Decision

PR creation is an optional configured sink/stage. Documentation must not imply automatic PR creation unless wired.


ADR-007 — Multi-Repo Execution is Future Scope

Status

Accepted

Context

The current system is oriented toward one worker workspace/repository at a time.

Decision

Current Whilly explicitly supports single-workspace execution. Multi-repo orchestration is future architecture and must not be claimed as implemented.


ADR-008 — Security Hardening is Incremental and Fail-Closed

Status

Accepted

Context

Whilly has prompt-injection guards, dangerous command deny-lists, auth, audit events and metrics protections, but not full per-task VM/container sandboxing.

Decision

Document current safety boundaries honestly and add hardening incrementally. Safety-sensitive checks should fail closed.

Priority hardening areas:

  • verification command validation;
  • secret redaction;
  • branch protection preflight;
  • sandbox execution design;
  • rollback/restore design.