Skip to main content

Router Blueprint: Three Routing Planes

This is the implementation guide for routing in agentic systems. What Is an Intent Router explains why routing belongs at ingress. This blueprint explains how to build all three planes: intent before the loop, orchestration inside it, and model selection at the gateway.

THE CLAIM

The model proposes; the system routes. Intent, orchestration, and model selection are separate platform decisions. Collapse them and you cannot eval, own, or audit failures in isolation.

What you are building

Production routing is three connected capabilities on one request path:

  1. Plane ① Intent: versioned route table, entitlement filter, layered classifier, route decision record
  2. Plane ② Orchestration: agentic app, scoped manifest, planner proposals, PEP/PDP on side effects
  3. Plane ③ Model: LLM gateway, capability matrix, task-aware endpoint selection per inference call

PlaneQuestionWhenWho acts
① IntentWhich workflow, agent profile, and tool manifest?Once per turn, before the loopIntent router (platform); system decides route
② OrchestrationWhich step, tool proposal, and policy gate inside the workflow?Inside plan → act → observeAgent planner proposes; PEP/PDP permits
③ ModelWhich approved model endpoint runs this call?Per inference (plan, synthesize, classify)LLM gateway (platform); registry picks endpoint

Shared rules (all planes)

RuleApplies to
Versioned platform configRoute table, manifests, capability matrix
Pin per session or requestroute_table_version, manifest_version, model route id
Trace every decisionRoute decision record, PEP verdict, model endpoint id
CI gate on changeInput golden set, policy scenarios, model canary
LLM does not own authorityRouter/planner propose; system permits

Do not collapse

Anti-patternFix
One LLM call routes, plans, and picks modelThree planes, three eval surfaces
Intent router inside the agent loopPlane ① at ingress only
Model choice only in the system promptPlane ③ at gateway
"Agent router" duplicates Plane ①Intent at ingress; planner inside Plane ②

Plane ①: Intent routing

Route before the loop. Implementation detail: How to Design an Intent Router.

Plane ① bar

A production intent router keeps the full route table in versioned platform config, filters by entitlements before any model sees labels, classifies in layers, emits a route decision record on every turn, and loads tool manifests only after route or user confirmation.

Five capabilities

  1. Route table: versioned rows that bind route_id, manifest, policy profile, and model tier
  2. Eligible routes: ingress claims intersect the table before classification
  3. Layered classifier: rules → classifier → LLM fallback → safety veto
  4. Outcomes: route, clarify, abstain, or top-k + user pick on high-risk paths
  5. Agentic handoff: manifest pin and scoped tool schemas; router stays outside the loop

Core artifacts

ArtifactPurpose
Route contract (table row)route_id, intent_label, manifest ref, policy_profile, model_profile
Route decision recordPer-turn audit: route_table_version, eligible_routes, outcome, router_layer
Session pinroute_table_version + manifest_version fixed for the session
Golden intent setCI fixtures for representative, edge, adversarial, session stickiness

Route table storage

PatternRegulated fit
GitOps + object storageStrong: PR review, immutable artifacts, rollback via active pointer
Route registry APIStrong: runtime rollback, multi-tenant, audit
Versioned file in repoGood pilot; rollback may need redeploy
Hardcoded in appDemos only

Eligible routes are computed at request time from ingress claims, not stored per user. See Route table lifecycle.

Intent playbooks

PlaybookOwns
Route table lifecycleVersion, promote, roll back route contracts
Layered classifierRules, classifier, LLM fallback, safety
Wire agentic appManifest load, clarify/abstain, handoff to Plane ②
Routing eval CIGolden set, release gates, incident replay

Eval: Eval Plane ①: Input.

Plane ① release gates

Change typeOffline gateOnline follow-up
New route rowIntent accuracy ≥ baseline − 1%Misroute rate by route
Route table version bumpAdversarial 100%; confusion matrix reviewedroute_table_version in audit
Classifier model changeGolden + adversarial passLayer 3 usage rate
Threshold tuneNo regression on high-risk pairsClarify rate monitor

Plane ②: Orchestration

Inside plan → act → observe. After Plane ① picks workflow and manifest, orchestration owns session custody, tool proposals, PEP gates, validation, and synthesis.

Plane ② bar

The agentic app orchestrates; the LLM proposes steps; the PEP permits side effects. This is not intent routing and not model routing.

What this plane decides

DecidesDoes not decide
Next tool proposal inside a scoped manifestWhich workflow or manifest is active (Plane ①)
When to call PEP, validation, step-upWhich LLM endpoint serves the call (Plane ③)
Session state, token custody, loop boundsEntitlements at ingress (IdP + Plane ①)

In G.A.I.N terms this is the agent planner inside the loop, not a second "agent router" at ingress.

Where to build it

Plane ② is documented under PGAR:

ResourcePurpose
PGAR BlueprintFive boundaries, SARAC, release gates
PGAR Runtime playbooksFoundation, assurance, boundary, domain
Agentic appLoop after intent route; manifest pin
Policy-Governed Agent RuntimeExecutive breakdown

Eval: Action plane · Tool plane.

Plane ② playbooks (PGAR)

Start at PGAR Runtime overview:

  1. Foundation: SARAC, token custody, PEP/PDP, audit
  2. Boundary: ingress through downstream
  3. Domain: manifests, RAG retrieval

Plane ③: Model routing

Per inference call. Plane ① may pin model_profile on the route row. The LLM gateway resolves that to a registry-approved endpoint (plan, synthesize, classify fallback).

Plane ③ bar

The model does not choose which model runs. Task-aware routing, abstention, and capability matrix live on the gateway, not in the agent prompt.

What this plane decides

DecidesDoes not decide
Which approved model endpoint for this callWhich workflow or manifest (Plane ①)
Cost, latency, region, data-class constraintsWhich tool to propose (Plane ②)
Canary vs stable route for a task tierPEP verdict on side effects

Where to build it today

ResourcePurpose
G.A.I.N LLMGateway stack, capability matrix, adaptive canary
model_profile on route rowsCoarse tier from Plane ① only

Plane ③ playbooks (planned)

Dedicated playbooks/model-routing is not shipped yet. Planned topics:

Playbook (planned)Topic
Capability matrixApproved models per task, data class, region
Gateway task routingPlan vs synthesize vs classify endpoints
Canary promotionEval-gated model swap and rollback

Until then, use G.A.I.N LLM for design and ownership.


Ownership

RolePlane ①Plane ②Plane ③
AI platformRoute registry, classifierAgentic app, PEP integrationLLM gateway, capability matrix
Security / IAMEntitlements for eligible routesToken shape, IdPData-class routing rules
Domain squadsRoute row definitionsDownstream tools, PDP contextUse-case model requirements
GovernanceAdversarial eval on routingPolicy surfaces, auditModel approval, canary sign-off
SRERouter latency, route rollbackVerdict log, choke pointsGateway SLOs, cost attribution

Implementation sequence

  1. Plane ① (when manifests differ per turn): Intent Router playbooks in order: route table → eval CI in parallel → classifier → wire app
  2. Plane ② (always for production agents): PGAR Blueprint and boundary playbooks
  3. Plane ③ (when multiple models or regions): G.A.I.N LLM gateway patterns

Series index

Insights

Plane ① playbooks

Plane ② playbooks

Plane ③ framework

Related