# You can’t automate a process you haven’t encoded

> Editorial lab · Status: published  
> Published by The CTO Advisor LLC · Layer2C Labs

**Question:** I handed a frontier model my migration control-plane operating model and let it build against my own production estate. The control plane did not fail where the patterns were owned and encoded. It failed where the model became the author of correctness. The original question was whether a migration could be metered under the model. The better question the run discovered is who may author the patterns, the validators, and the done criteria in an LLM-assisted control plane.

**Load:** The full Operational Tri-Plane, built and operated by an LLM against the published control-plane model: a deterministic scheduler classifying five real applications against two destination landing zones, a playbook engine with lifecycle gates, live pre-migration baselines, and the owner as the only validator of the construction itself. No migration was executed.

## Executive Summary

The lab set out to run a migration under the published control-plane operating model: playbook-driven, deterministic first, the LLM called only where developer-like adaptation is required, validators determining done. It ended somewhere sharper. The organization did not have mature documented migration patterns, so the model was used to create them, and the construction of the control plane became the experiment: a process with an LLM worker, whose only validator was the human owner.

The deterministic half performed. A rules-based scheduler classified five real applications against two destinations, refused the exact migration that had once failed by hand, before transform spend, and surfaced a three-layer taxonomy of inventory truth: the docs disagreed with the code, the code disagreed with reality, and the corrections flowed one way. The probabilistic half failed in two classes. Parts of the documented spec were simply ignored: intake ran one of the roughly fifteen input classes the paper lists, both of the misses the owner caught mapped to listed classes the shortcut skipped, and the playbook lifecycle began as an AI-generated artifact, which the paper explicitly forbids. And where no documented pattern existed, the model originated one, plausibly and wrong: a missing pre-migration baseline, and a namespace audit that didn’t exist until the owner asked what happens when the domain doesn’t move.

## DAPM Table — Authority Verdict

| Layer | Placement |
| --- | --- |
| layer2a | Retained |
| layer2b | Delegated |
| layer2c | Retained |

## Detailed Writeup

The deterministic scheduler is the part that worked, and it worked because its authority was rules over inspectable evidence. It classified five applications against two landing zones, granted constrained automation where remediations were known, and refused outright where critical capability classes were absent, reproducing in milliseconds the lesson a failed manual migration had taught expensively. Its evidence pass also caught the owner’s own published architecture read in three contradictions with the repo, and the repo in two contradictions with reality: a message bus that was present and wired but functionally dead, and an analytics warehouse that was load-bearing with no artifact in any repository. Those last two facts entered the system the only way they could, as accountable human exception records, and the taxonomy held: docs yield to code, code yields to the organization.

The construction of the system is where the lab actually happened. The model built the scheduler, the intake inspectors, the playbook engine, and the validators, and the owner corrected the build nine times. The errors fall in two classes, and the first is the keystone: requirements that sat in the documented spec and were not followed. The paper enumerates roughly fifteen intake input classes; the model ran one, and both owner-caught misses, a runtime-configured warehouse with no code artifact and the application’s existing validator surface, map to classes explicitly on that list. The paper states a playbook begins as a human-governed migration pattern, never as an AI-generated artifact; the model authored one anyway and graded it with validators it invented. The paper maps known-pattern-with-exceptions to medium confidence; the model coded high. Documentation alone did not constrain the worker. Each requirement constrained it only after being encoded as deterministic structure that refuses to proceed without it.

The tabletop playbook is the cleaner story. The ignored spec is the more important finding. It was not hallucination, and it was not missing context: the requirements were in the paper, available to the worker, and still bypassed until each one became code that could refuse to proceed. A model inventing plausible artifacts is familiar. A model ignoring explicit process requirements it has in hand is the more durable production lesson. Still, the playbook incident deserves its telling: asked to build the playbook component, the model produced a governed artifact with detection logic, transforms, validators, and lifecycle stages, registered it as a draft, executed it, and passed it six for six. No migration of that class had ever been observed. The validators were inventions. The system was grading its own homework and the grades were excellent, until the owner asked the question with no answer: where is the migration this recipe came from?

The second error class was genuinely undocumented domain judgment, and sorting the whole correction log by who caught what draws the lab’s central line. Every code-level error, a parser that missed an import style, a regex that rejected real hostnames, a duplicate derivation, was caught by deterministic checks or by a live run failing. Every domain-level error was caught by the owner, and only the owner: the tabletop playbook, the absence of a pre-migration baseline, the namespace audit that did not exist until the owner asked what a byte-identical copy on a new origin actually proves. The answer was: artifact preservation, and nothing about namespace correctness. Twelve routes for twelve passed while the new origin served eighteen references identifying itself as the old domain. The model transcribes safely. It authors with confidence and without authority, and it skips written steps when nothing mechanical holds it to them.

The census of the construction is the number the agent-factory pitch has to answer. Nine owner interventions are counted as material corrections; some exposed more than one implementation change, and some changes collapsed into a single standing gate, which is why the correction count and the gate count do not map one-to-one. The model caught zero of its own defects through reflection, and its encoded gates, once forced into existence by corrections, caught two of its subsequent bugs on their first run. That is the ratchet, and it is the honest mechanism on offer: each correction, encoded as deterministic structure, permanently retires an error class and shrinks the model’s improvisation space.

The governing law the lab lands on: documentation is necessary, not sufficient. A documented process governs an LLM worker only when the requirement becomes deterministic structure — an inspector, a refusal gate, a confidence cap, a provenance requirement, or a validator that the worker cannot waive. And the corollary: you cannot delegate the describing of a process the organization itself has not yet described. Without the pattern, the model becomes the definer of correct by drift, the same failure the 4+1 detection read found in the application architecture, reproduced in the process layer. The LLM is safe as a worker when the pattern is owned, documented, encoded, and externally validated. It is unsafe as the author of correctness when the pattern does not yet exist. The control plane is not something the model builds for you. It is accumulated human judgment made deterministic, with the model constrained inside it.

## Assessments at the Time of the Lab

| Vendor | Layer | Grade | As assessed |
| --- | --- | --- | --- |
| Google Cloud AI Infrastructure | Layer 1A · Storage | Ceded — Model-Powered Governance | June 29, 2026 |
| Google Cloud AI Infrastructure | Layer 1B · Retrieval | Ceded - Model Prep & Managed Retrieval | June 29, 2026 |
| Google Cloud AI Infrastructure | Layer 2B · Runtime | Ceded — Model-Integrated Stack | June 29, 2026 |
| Google Cloud AI Infrastructure | Layer 2C · Reasoning | Ceded — Productized but Captive | June 29, 2026 |
| NVIDIA AI Platform | Layer 0 · Compute | NVIDIA Strength — Silicon Authority | May 22, 2026 |
| NVIDIA AI Platform | Layer 2C · Reasoning | Runtime Governance Only — Not a Reasoning Plane | May 22, 2026 |

## Method and Disclosure

A note on the canon links above: they are not vendor conclusions from this lab. They show where the same authority-placement vocabulary already exists in the assessment system. The lab’s finding is the mechanism: cession becomes dangerous when the system cannot tell whether authority was deliberately delegated or merely drifted to the model.

Self-funded, no sponsor. The subject was a frontier foundation model operating autonomously against the published migration control plane whitepaper, with the author’s production estate as the workload and the author as the only validator of the construction. The deterministic components it built, a scheduler with per-input-class inspectors, a lifecycle-gated playbook engine, live baseline capture with namespace audit, all run and all carry replayable traces.

Every correction is recorded: as exception records with provenance, as spec amendments with version notes, and as the standing gates they became. The narrative draft of this page was model-assisted; the findings, the defect classification, the correction count, and the final claims were owner-validated against the recorded lab artifacts. The model may transcribe the record. It does not validate itself. The findings, the construction census, the taxonomy of inventory truth, and the worker-versus-author law ship. The scheduler ruleset, the inspectors, the landing-zone profiles, and the estate-specific evidence stay proprietary.

---
*Layer2C Labs · The CTO Advisor LLC · labs.layer2c.com*
