Friday, April 10, 2026

Vision and design: Versioned filesystem for modern workloads

This is a design for a VMS‑style automatically versioned filesystem reimagined for:

SQLite and other page‑oriented databases
streaming and append‑heavy workloads
cloud‑local hybrid operation
semantic, provenance‑rich development environments

The core move: version at the block/page layer, not at the “whole file” layer, and expose a VMS‑like versioned namespace as a projection over an immutable, content‑addressable store.

1. Vision

1.1 What we want

A filesystem where:

Every file has a versioned history by default (like VMS foo.txt;17).
Versions are cheap to create and store, even for large, mutable files.
SQLite databases and similar workloads get transaction‑consistent snapshots without hacks.
Streaming and append‑heavy workloads don’t explode the version count.
The same underlying store can back:
- local development
- cloud sync
- semantic code storage
- time‑travel debugging and provenance

1.2 Core principles

Immutability at the block level: once written, blocks never change.
Copy‑on‑write structure: new versions share blocks with old ones.
Semantic version boundaries: versioning is aligned with meaningful events (fsync, close, WAL checkpoint, explicit commit), not every write.
Content addressability: blocks are identified by hash, enabling deduplication and integrity.
Namespace as projection: the “filesystem” is a view over a versioned object graph, not the primary storage primitive.

2. Goals and non‑goals

2.1 Goals

Automatic versioning: every file has a history without application changes.
SQLite‑friendly: support efficient, consistent snapshots of SQLite DBs and similar page‑oriented stores.
Streaming‑friendly: support long‑lived, append‑heavy files without pathological version growth.
Cloud‑ready: support remote block storage, local caching, and multi‑device sync.
Debuggable and explainable: versioning rules and boundaries are explicit and inspectable.

2.2 Non‑goals (for v1)

Not a full POSIX replacement: we target a FUSE‑style or OS‑integrated filesystem, but we can initially accept some edge‑case incompatibilities.
Not a distributed consensus system: multi‑writer concurrency is handled via version branching and merge semantics, not strong global transactions.
Not a full Git replacement: we can integrate with Git, but we’re not re‑implementing its UX.

3. Core concepts

3.1 Block store

Primitive: fixed‑size blocks (e.g., 4 KB or 8 KB).

ID: block_id = hash(block_contents)
Properties:
- immutable
- content‑addressed
- deduplicated
- stored in local cache + optional remote store

3.2 File version

A file version is a logical object:

FileVersion {
  file_id        // stable identity for the logical file
  version_id     // monotonically increasing or hash-based
  parent_version // optional, for history/branching
  path_at_time   // path in the namespace when this version was created
  block_list     // ordered list of block_ids
  size           // byte length
  metadata       // timestamps, permissions, etc.
  tags           // optional semantic labels (e.g., "checkpoint", "autosave")
}

Multiple FileVersions share blocks via block_list.

3.3 Namespace

The live filesystem view maps paths to a current version:

Path -> FileVersion(version = "latest")

Historical versions are accessible via extended syntax, e.g.:

foo.txt;17
foo.txt;latest
foo.txt;timestamp:2026-04-10T23:17Z
foo.txt;version:abc123

Internally, this is just a lookup into the version metadata store.

3.4 Version boundary

A version boundary is an event that causes a new FileVersion to be committed:

close()
fsync()
SQLite WAL checkpoint
explicit ioctl / API call
time‑based or size‑based thresholds (e.g., at most 1 version per second per file)

Between boundaries, writes mutate an uncommitted working state (in memory or temp structures) that is not yet a committed version.

4. Architecture

4.1 High‑level components

Block store
- Local block cache (disk)
- Optional remote block store (cloud)
- Content‑addressable, immutable
Metadata store
- File identities (file_id)
- File versions (FileVersion)
- Directory structure and path mapping
- Indices for lookup by path, time, tags
Versioned filesystem layer
- Implements POSIX‑like operations
- Maintains working state for open files
- Decides when to commit new versions
Sync and replication layer
- Push/pull blocks and metadata to/from remote
- Conflict detection and version branching
Semantic layer (optional, higher level)
- Tags versions with semantic events (e.g., “test passed”, “build succeeded”)
- Integrates with tools like Git, CI, editors, agents

4.2 Data flow: write path

Application opens foo.db.
Filesystem resolves file_id and current FileVersion.
Writes go to a working file state:
- In memory or temp file
- Tracked as a list of modified blocks
On version boundary (e.g., fsync, WAL checkpoint, close):
- Compute hashes for modified blocks
- Store new blocks in block store (if not already present)
- Construct new FileVersion with updated block_list
- Update namespace mapping for foo.db → new version

4.3 Data flow: read path

Application opens foo.db (or foo.db;17).
Filesystem resolves the requested FileVersion.
Reads map file offsets to block indices.
Blocks are fetched from:
- Local block cache if present
- Otherwise remote store, then cached locally

5. Versioning semantics by workload

5.1 Regular files (text, code, configs)

Default behavior:

New version on:
- close()
- fsync()
- explicit versioning call
Optional throttling:
- If a file is opened/closed rapidly, coalesce versions within a time window.

This gives a natural history of edits without overwhelming storage.

5.2 SQLite and page‑oriented databases

SQLite is special and important.

Key properties:

Writes in fixed‑size pages.
Uses WAL mode for concurrency and durability.
Checkpoints consolidate WAL into the main DB file.

Design:

Track SQLite DBs explicitly (by extension, magic bytes, or configuration).
Treat WAL checkpoints as version boundaries:
- Before checkpoint: DB is at version N.
- After checkpoint: DB is at version N+1.
Optionally, treat WAL segments themselves as versioned objects for finer‑grained time travel.

Benefits:

Each version is transaction‑consistent.
No version spam from individual page writes.
Snapshots are cheap: only changed pages create new blocks.

5.3 Streaming and append‑heavy files

Examples: logs, video recording, long‑running data streams.

Problems to avoid:

Creating a new version for every append.
Keeping infinite history for unbounded streams.

Design:

Maintain a live append version:
- Writes extend the current version’s block_list.
Version boundaries:
- On close()
- Periodic checkpoints (e.g., every N MB or N seconds)
Retention policy:
- Keep only the last K checkpoints or last T time window.
- Older versions can be garbage‑collected or compacted.

This keeps the version tree manageable while still enabling time‑bounded rewind.

6. Namespace and UX

6.1 Path and version syntax

Expose a VMS‑inspired syntax while remaining POSIX‑compatible.

Default path: foo.txt → latest version.
Explicit version: foo.txt;17
By timestamp: foo.txt;@2026-04-10T23:17Z
By label/tag: foo.txt;tag:checkpoint

Internally, these resolve to specific FileVersion objects.

6.2 Tools and introspection

Provide tools to explore history:

vls foo.txt → list versions with timestamps, sizes, tags.
vcat foo.txt;17 → print specific version.
vdiff foo.txt;17 foo.txt;23 → diff two versions.
vmeta foo.txt;17 → show metadata and block structure.

These tools make the system explainable and debuggable.

7. Consistency, concurrency, and branching

7.1 Single‑writer per file (v1 assumption)

For simplicity, assume:

At any moment, a given file_id has at most one active writer.
Concurrent writes from multiple processes are serialized by the filesystem layer.

This matches typical local FS semantics and avoids distributed locking.

7.2 Multi‑device / multi‑replica

When multiple devices modify the same logical file:

Each device creates its own FileVersion chain.
On sync, if two new versions share the same parent, we have a branch.
Branches can be:
- kept as parallel histories
- merged via higher‑level tools (e.g., text merge, DB merge)
- resolved by user choice

The filesystem itself remains neutral: it records divergent histories; it doesn’t auto‑merge semantics.

7.3 Atomicity and durability

A FileVersion is either fully committed (all blocks stored, metadata updated) or not visible.
Crash during commit:
- Blocks may be present, but metadata not updated → GC can reclaim or finalize.
Durability guarantees depend on:
- local fsync to block store
- remote sync policy

8. Storage, GC, and retention

8.1 Storage growth

Storage grows with:

number of unique blocks
number of versions
retention policy

Because blocks are content‑addressed and shared:

Repeated edits that reuse content are cheap.
Large files with small changes are efficient (only changed blocks are new).

8.2 Garbage collection

GC operates at the block and version levels.

Version GC:
- Apply retention policies:
  - keep last N versions
  - keep versions newer than T
  - keep tagged versions (e.g., “checkpoint”, “release”)
- Delete metadata for expired versions.
Block GC:
- Periodically scan for blocks not referenced by any remaining FileVersion.
- Delete unreferenced blocks from local and/or remote stores.

8.3 Tiered storage

Support multiple storage tiers:

Hot: local SSD cache for recent blocks and metadata.
Warm: remote object store (e.g., S3‑like).
Cold: archival storage or compressed packfiles.

Policies can move blocks between tiers based on age, access frequency, or tags.

9. Integration and migration

9.1 Integration with existing tools

Git:
- Map Git commits to snapshots of a directory tree.
- Store Git objects in the same block store for deduplication.
- Allow git checkout to be implemented as a cheap namespace projection.
Editors and IDEs:
- Provide an API to tag versions with semantic events (save, build, test).
- Allow time‑travel debugging by mapping source versions to runtime traces.
CI/CD:
- Pin builds to specific filesystem versions.
- Reproduce builds by re‑mounting the same versioned tree.

9.2 Migration path

Start as a user‑space filesystem (FUSE or equivalent).
Allow mounting a directory as versioned storage.
Existing applications can run unmodified:
- SQLite uses the filesystem as usual.
- Logs and streams write to regular files.

Over time, add:

OS‑level integration (kernel module).
Tooling and UI for history exploration.
Cloud sync and multi‑device support.

10. Open questions and extensions

10.1 Policy configuration

How configurable should version boundaries be per file/path?
Do we expose a policy language (e.g., “for *.db, version on WAL checkpoint; for logs/, checkpoint every 10 MB”)?

10.2 Semantic tagging

How deeply do we integrate with higher‑level semantics (tests, builds, deployments)?
Do we treat semantic events as first‑class objects linked to FileVersions?

10.3 Security and encryption

Per‑block encryption with keys managed per user or per project.
Integrity verification via hashes is already built‑in.

10.4 Observability

Expose metrics:
- version creation rate
- block deduplication ratio
- storage usage by tier
Provide tracing for:
- version commit paths
- sync operations
- GC cycles

Wednesday, April 1, 2026

ios stolen phone protection makes it easy for officials you might not be having fun with to unlock your phone by just showing it to your face? why doesn't it then also require the passcode? seems like apple is either dumb or willfully ignorant about how this flies in the face of their own feature of clicking your heels together five times to disable biometrics?!

Saturday, March 28, 2026

zuperh8

it still kills me just how bad and broken all the ai-agent ui ux is in vscode, be it copilot, or claude, or whatever.

no kings

reality distortion fields

iOS stolen device protection UX is utter dog poo.

Saturday, March 21, 2026

there's no such thing as gravity, code just sucks

license: public domain CC0

Design Document: Semantic Gravity Architecture for Agent‑Native Software Development

1. Overview

This document proposes a new architectural and UX paradigm for software development:
Semantic Gravity Architecture (SGA) — a system where code is organized, refactored, visualized, and executed according to conceptual purpose rather than file boundaries.

SGA replaces file‑based editing with a semantic graph of conceptual nodes (views, flows, invariants, transitions, models, integrations, etc.), and introduces a categorical gravity model that guides where code “wants” to live. An AI agent continuously analyzes code fragments, infers their gravity vectors, proposes refactors, and negotiates exceptions with the developer through explicit annotations.

The result is a development environment that is:

agent‑native
explainable
architecturally principled
visually navigable
mock‑data‑rich
friction‑minimizing
semantically grounded

This system aims to restore immediacy and joy to programming by eliminating file silos, reducing cognitive friction, and enabling continuous, isolated execution of conceptual units.

2. Motivation

2.1 The Problem with File‑Based Development

Files are:

storage artifacts, not conceptual boundaries
friction points for navigation
poor containers for mixed concerns
hostile to visual representations
resistant to automated refactoring

Developers naturally write code “where their eyes are,” leading to:

logic leaking into views
business rules leaking into controllers
integration code leaking into domain models

Existing patterns (MVC, MVVM, Clean Architecture) rely on manual discipline, which is fragile and cognitively expensive.

2.2 The Missing Ingredient: Architectural Gravity

Architectures fail because they lack:

a principled way to classify code by purpose
a mechanism to detect conceptual drift
a negotiation loop for exceptions
a semantic memory of architectural intent

2.3 The Opportunity: Agent‑Native Architecture

With an AI agent continuously observing, refactoring, and negotiating, we can:

infer purpose
maintain structure
generate mock data
provide multiple views
run conceptual nodes in isolation
record architectural decisions

This is the first time such a system is feasible.

3. Core Concepts

3.1 Semantic Graph as Source of Truth

The system stores code as a semantic graph, not files.

Nodes include:

UI surfaces
transitions
guards
invariants
domain models
integration endpoints
workflows
computations
mock data generators
personas
architectural annotations

Edges encode:

dependencies
data flow
control flow
invariants
purpose relationships

Files become projections, not the canonical representation.

3.2 Gravitational Loci

A locus is a conceptual “home” for code.
Examples:

UI
Domain
Integration
Security
Computation
Cache
Graphics
Observability
Orchestration

Each locus has a defined purpose and intended content.

3.3 Categorical Gravity Vectors

Each code fragment receives a vector of categorical ratings:

Low — barely relevant
Medium — somewhat relevant
High — natural home
Antagonist — conceptually opposed

Example:

UI: High
Domain: Low
Integration: Antagonist
Security: Low
Computation: Medium

This vector guides:

placement
refactoring
splitting
warnings
architectural negotiation

3.4 Antagonism as Architectural Pressure

Antagonist does not mean “illegal.”
It means:

“This code is fighting the purpose of this locus.”

The agent surfaces antagonism and asks the user how to proceed.

3.5 Legalization Annotations

When the user intentionally keeps antagonistic code in place, they annotate it:

@legalize("Runtime-generated query; temporary placement for flow simplicity.")

This:

records intent
suppresses future warnings
becomes part of semantic provenance
guides future agents
enables architectural archaeology

3.6 Controlled Natural Language for Mock Data

Mock data is essential for:

isolated execution
UI previews
flow simulation
testing
debugging

The agent supports controlled natural language:

“Give me international names, not just Anglo‑Saxon.”

The agent translates this into a structured generator spec.

Mock data becomes a first‑class resource.

3.7 Visual Representations

Because the source of truth is a semantic graph, the system can render:

state machines
data lineage diagrams
control flow graphs
UI interaction graphs
architectural layering views
performance hot paths
semantic diffs
runtime animations

All views are editable and always in sync.

3.8 Isolated Execution of Conceptual Nodes

Any node can be run independently:

render a view with mock data
simulate a transition
test a guard
run a workflow
animate a state machine

The agent automatically:

stubs dependencies
generates data
simulates environment
isolates effects

4. Comparisons to Existing Paradigms

4.1 MVC / MVVM / Redux / Elm

These patterns enforce separation of concerns through:

folder structure
file boundaries
manual discipline

SGA replaces this with:

semantic gravity
agent‑assisted refactoring
architectural negotiation
conceptual nodes

4.2 Clean Architecture / Hexagonal Architecture

These emphasize:

domain purity
dependency inversion
strict layering

SGA preserves these goals but:

removes file friction
adds explainability
supports exceptions
uses categorical gravity instead of rigid rules

4.3 Visual Programming Tools

Traditional visual tools fail because:

diagrams drift out of sync
they cannot express edge cases
they are not the source of truth

SGA solves this by:

making the semantic graph canonical
generating diagrams as projections
allowing edits from any view

4.4 Linting and Static Analysis

Linters detect issues but:

cannot negotiate
cannot refactor
cannot record intent
cannot generate mock data

SGA’s agent is a semantic collaborator, not a rule enforcer.

5. Applications

5.1 Large‑Scale Web Applications

consistent architecture
automatic lifting of logic
mock data for every view
isolated execution of flows

5.2 Game Development

visual state machines
graphics loci
physics loci
runtime simulation
mock entities

5.3 Backend Systems

workflow orchestration
integration endpoints
caching strategies
security invariants

5.4 AI‑Driven Tools

explainable pipelines
data lineage
model lifecycle flows

6. Detailed Design Features

6.1 Gravity Inference Engine

Uses:

vocabulary
dependencies
side effects
invariants
call graph context

Produces:

categorical gravity vector
antagonism flags
refactor suggestions

6.2 Architectural Negotiation Loop

Agent detects antagonism
Surfaces suggestion
User chooses:
- lift
- split
- legalize
Agent applies change
Semantic graph updates

6.3 Mock Data Subsystem

type‑driven generators
controlled‑natural‑language refinement
personas
adversarial cases
semantic fuzzing

6.4 Visual Views

always in sync
editable
explainable
animated for runtime

6.5 Semantic Provenance

Every architectural decision is recorded:

legalizations
refactors
invariants
purpose tags
generator specs

This enables:

replayable development
semantic archaeology
agent‑assisted reconstruction

7. Future Work

adaptive gravity thresholds per project
user‑defined loci
collaborative multi‑agent architecture
semantic version control
cross‑project architectural learning
domain‑specific gravity profiles

8. Conclusion

Semantic Gravity Architecture replaces file‑based programming with a principled, agent‑native, concept‑driven environment. It introduces gravitational loci, categorical gravity vectors, architectural negotiation, and first‑class mock data generation — all grounded in a semantic graph that supports multiple synchronized views.

This system is not an incremental improvement.
It is a new substrate for software development, designed for a world where humans and agents collaborate on architecture, semantics, and intent.

Wednesday, March 18, 2026

a sufficiently friendly compiler

license: public domain CC0

Design: Interactive, Constraint‑Driven Compiler Collaboration

This doc sketches a compiler system where the programmer, an agent, and the compiler negotiate lowering from high‑level code to low‑level implementation using annotations, dials, and an explicit constraint graph.

1. Goals and non‑goals

Goal: Make lowering from HLL → LLL explicit, explainable, and steerable without sacrificing safety.
Goal: Treat performance and representation decisions as first‑class, checkable semantics, not opaque heuristics.
Goal: Allow interactive refinement of lowering choices with clear knock‑on effects.
Non‑goal: Replace all compiler heuristics with manual control. The system should augment, not burden, the programmer.
Non‑goal: Require annotations everywhere. Defaults must be reasonable and compositional.

2. Core concepts

2.1 Annotations (hard constraints)

Annotations are semantic contracts attached to code or types. If they cannot be upheld in the lowered program, the compiler must reject the program.

Examples:
- @heap — value must be heap‑allocated.
- @stack — value must be stack‑allocated.
- @region("frame") — value must live in a specific region.
- @noescape — value must not outlive its lexical scope.
- @pure — function must be side‑effect‑free.
- @noalias — reference must not alias any other reference.
- @soa / @aos — layout constraints.
- @inline(always) — must be inlined (subject to well‑formedness rules).
Properties:
- Hard: Violations are compile‑time errors, not warnings.
- Compositional: Annotations propagate through the IR and participate in constraint solving.
- Semantic: They describe what must be true, not how to implement it.

2.2 Dials (soft preferences)

Dials are global or scoped optimization preferences that guide heuristics but do not invalidate programs.

Examples:
- opt.memory = "cache_locality" vs "allocation_count".
- opt.layout = "prefer_soa" for a module.
- opt.inlining_aggressiveness = high.
- opt.vectorization = "prefer_branchless".
- opt.reg_pressure_budget = medium.
Properties:
- Soft: They influence choices but never cause errors by themselves.
- Scoped: Can apply to a project, module, function, or region.
- Negotiable: The agent can propose dial changes to satisfy constraints or improve performance.

2.3 Constraint graph

Lowering is modeled as a constraint satisfaction problem over an IR:

Nodes: IR entities (functions, blocks, values, allocations, regions, loops).
Constraints:
- From annotations (hard).
- From language semantics (hard).
- From dials and heuristics (soft).
Edges: Dependencies between decisions (e.g., “if this escapes, stack allocation is impossible”).

The compiler maintains this graph and uses it to:

Check feasibility of annotations.
Explore alternative lowerings.
Explain knock‑on effects.

3. Architecture

3.1 Pipeline overview

Front‑end:
- Parse source → AST.
- Type check, effect check.
- Attach annotations to AST nodes.
Semantic IR:
- Lower AST to a high‑level IR with:
  - explicit control flow,
  - explicit effects,
  - explicit allocation sites,
  - explicit regions/scopes.
- Preserve annotations as IR metadata.
Constraint extraction:
- Build a constraint graph from:
  - annotations,
  - type/effect system,
  - lifetime/escape analysis,
  - alias analysis,
  - layout rules.
Initial lowering plan:
- Apply default heuristics + dials to propose:
  - allocation strategies,
  - inlining decisions,
  - layout choices,
  - vectorization/fusion decisions.
Interactive negotiation (optional mode):
- Expose the plan and constraint graph to the agent + programmer.
- Allow adjustments to annotations/dials.
- Re‑solve constraints and update the plan.
Final IR + codegen:
- Commit to a consistent lowering.
- Emit low‑level IR / machine code.
- Optionally emit a “lowering report” for debugging and learning.

4. Error model for annotations

Annotations are part of static semantics. They can fail in well‑defined ways.

4.1 Typical error classes

Lifetime violations:
- Example: @stack on a value that escapes its function.
- Result: Error with explanation of the escape path.
Purity violations:
- Example: @pure function performs I/O or calls impure code.
- Result: Error with call chain showing the impure operation.
Alias violations:
- Example: @noalias reference proven to alias another reference.
- Result: Error with the aliasing path.
Layout violations:
- Example: @packed on a type requiring alignment; @soa on unsupported structure.
- Result: Error with the conflicting fields/types.
Inlining violations:
- Example: @inline(always) on a recursive function where inlining would not terminate.
- Result: Error with recursion cycle.
Region violations:
- Example: @region("frame") on a value that must outlive the frame.
- Result: Error with lifetime mismatch.

4.2 Error reporting shape

Core message: Which annotation failed and where.
Cause chain: Minimal slice of the constraint graph that explains why.
Alternatives: Valid strategies the compiler can suggest:
- remove or relax the annotation,
- adjust another annotation,
- tweak a dial (e.g., enable region allocation).

5. Interactive negotiation flow

This mode is optional but central to the design.

5.1 Baseline flow

Compiler proposes a plan:
- “Given current code + annotations + dials, here is the lowering.”
Agent summarizes tradeoffs:
- Example: “Using SoA for Particle improves cache locality but increases register pressure; loop fusion reduces parallelism.”
Programmer adjusts:
- Add/modify annotations.
- Change dials (e.g., “don’t fuse loops in this module”).
Compiler re‑solves constraints:
- Updates the plan.
- Detects any new annotation conflicts.
Agent highlights knock‑on effects:
- “Unfusing loops may disable vectorization; here’s the affected loop.”
Programmer accepts or iterates.

5.2 Conflict resolution

When an annotation is impossible:

Compiler: Rejects the program and marks the conflicting region.
Agent: Explains:
- the failing annotation,
- the dependency chain,
- possible fixes (e.g., remove @stack, add @noescape, introduce a region).

This keeps the system sound while still being negotiable.

6. Example scenario

6.1 Source sketch

@soa
struct Particle {
  position: Vec3,
  velocity: Vec3,
}

@pure
fn update(@noalias particles: &mut [Particle]) {
  for p in particles {
    p.position += p.velocity;
  }
}

6.2 Compiler’s initial plan

Use SoA layout for Particle.
Inline update into hot call sites.
Vectorize the loop.
Allocate particles in a region tied to the simulation frame.

6.3 Programmer adds a constraint

@stack
fn simulate_frame() {
  let particles = make_particles(); // large array
  update(&mut particles);
  render(&particles);
}

6.4 Constraint failure

@stack on particles conflicts with:
- its size (too large for stack) or
- its lifetime (if it escapes) or
- region strategy (if region is required).

Error:

@stack allocation for particles is impossible.
Reason: particles is passed to render, which may store it beyond simulate_frame.
Options:

Remove @stack and allow region/heap allocation.
Mark render so that it cannot retain particles (@noescape on parameter).
Introduce a frame‑region and use @region("frame") instead of @stack.

The programmer can then refine the design explicitly.

7. Open design questions

Annotation granularity:
How fine‑grained should annotations be (per value, per field, per function, per module)?
Default policy:
How much can the compiler do “well enough” without annotations, while still being explainable?
Annotation ergonomics:
How to avoid annotation bloat while still enabling precise control where needed?
Performance modeling:
How should the system surface performance tradeoffs (e.g., estimated cache misses, allocations, branch mispredicts)?
Agent protocol:
What is the minimal, compositional vocabulary for the agent to explain constraints and tradeoffs?

8. Summary

This design treats compilation as:

A constraint‑driven transformation from high‑level semantics to low‑level implementation.
A collaboration between programmer, compiler, and agent.
A space of explicit, explainable choices, not opaque heuristics.

Annotations are hard, checkable contracts.
Dials are soft, steerable preferences.
The constraint graph is the shared object of reasoning.