Research / Decision Cascade

Decision Cascade

Graduated Autonomy: A Four-Tier Resolution Model for AI Coding Agents

Ruoqi Jin·April 2026·Engineering Report

The Problem: The Binary Autonomy Trap

When an AI coding agent encounters ambiguity — an unclear requirement, an unfamiliar code pattern, a permission question — existing systems offer two options: hallucinate an answer (pretend confidence where none exists) or escalate immediately to the human developer.

Both fail at scale. Hallucination produces plausible-looking code that violates unstated architectural conventions, introduces subtle bugs, or contradicts decisions made in previous sessions. Immediate escalation turns the developer into a babysitter — constantly interrupted by questions the system should be able to answer from prior context.

The fundamental error is treating autonomy as binary. Real-world decision-making is not a choice between “act alone” and “ask the boss.” It's a gradient of resolution strategies with different costs, latencies, and confidence levels. An organization doesn't escalate every question to the CEO — it has layers of institutional knowledge, peer consultation, and specialist review before human leadership is involved.

The decision cascade implements this gradient for AI coding agents.

Related Work

ReAct (Yao et al., 2023) interleaves reasoning and action, but operates within a single session with no memory of prior decisions. When the same ambiguity appears in session #200 that was resolved in session #47, ReAct has no mechanism to recall the prior resolution.

Reflexion (Shinn et al., 2023) adds self-reflection within a single episode, but the reflection is ephemeral — it doesn't persist across sessions or accumulate into institutional knowledge. It also uses a single model for both reflection and action, missing the cost optimization of routing to cheaper models first.

Human-in-the-loop systems (HITL) represent the industry standard: interrupt the human on every non-trivial decision. This is safe but unsustainable. As AI agents become more capable, the number of decisions they face grows, but the developer's attention remains constant. HITL does not scale.

Constitutional AI (Anthropic, 2022) constrains model behavior through training-time principles. This operates at a different layer — shaping the model's default behavior rather than routing specific decisions at inference time. The two approaches are complementary: Constitutional AI reduces the number of decisions that reach the cascade; the cascade handles the ones that remain.

Multi-agent debate (Du et al., 2023) routes decisions to multiple models that argue toward consensus. This is expensive and doesn't leverage prior knowledge. The cascade checks knowledge first, debates only when knowledge is insufficient.

The Architecture: Four Tiers

When an AI agent encounters a decision point, the cascade routes it through four tiers in strict order. Each tier has an explicit cost and confidence threshold. Escalation occurs only when the current tier's confidence is below its threshold.

[Tier 1] Knowledge Base Lookup              cost: ~0    latency: <100ms
  Search prior decisions, architecture memories, debug patterns.
  If match found with high relevance → apply directly.
    ↓ not found or low relevance

[Tier 2] Cheap Model Consult                cost: ~$0.01  latency: ~2s
  Ask a fast model (Gemini Flash / Haiku) for strategic guidance.
  Provide the question + relevant KB context.
  If response confidence > threshold → apply.
    ↓ low confidence or conflicting signals

[Tier 3] Dedicated Research Session         cost: ~$0.50  latency: ~60s
  Spawn a dedicated AI agent session to research the question.
  The session has full codebase access and KB context.
  Read code, analyze patterns, produce a reasoned recommendation.
    ↓ still unresolved or high-stakes decision

[Tier 4] Human Escalation                   cost: variable  latency: variable
  Surface the question to the developer with full context:
  what was tried, what each tier found, and why it's unresolved.
  The human's answer is persisted to the KB for future Tier 1 hits.

Key Properties

Monotonic Cost Ordering

Tiers are strictly ordered by cost. The cascade never skips a tier to reach a more expensive one. This ensures the cheapest resolution is always attempted first. In practice, the vast majority of decisions resolve at Tier 1 — the knowledge base already contains the answer from a previous session.

Convergence Through Learning

Every resolution at Tier 2, 3, or 4 produces a knowledge entry that feeds back into Tier 1. Novel questions are expensive the first time they appear. The second time, they resolve instantly from the KB. Over time, the decision distribution shifts left: more Tier 1 hits, fewer escalations. The cascade gets cheaper the longer it runs.

Context Preservation

When a question reaches Tier 4 (human escalation), the developer doesn't receive a bare question. They receive the full resolution trail: what the KB search returned, what the cheap model suggested, what the research session found, and why none of these were sufficient. This transforms the human's role from “answer this from scratch” to “adjudicate between these informed perspectives.”

No Hallucination by Default

The cascade's default behavior on uncertainty is escalation, not fabrication. If no tier produces a high-confidence answer, the question reaches the human. This is a critical safety property: the system never silently acts on low confidence. The developer can trust that if the system proceeded without asking, it had high-confidence backing.

Integration with the Knowledge Base

The cascade's effectiveness depends entirely on the quality of Tier 1. A shallow keyword search over a flat document store would miss most relevant prior decisions. MissionD's knowledge base uses hybrid search (FTS5 full-text + embedding vector similarity, combined via ranked fusion) across 1,400+ categorized entries.

Knowledge entries are typed: architecture, ops, policy, debug, bugfix, feature. The cascade weights entry types based on the question category. An architectural question prioritizes architecture and policy entries. A debugging question prioritizes debug and bugfix entries. This type-aware retrieval dramatically improves Tier 1 hit rates compared to untyped search.

Knowledge entries also carry relationships: prerequisite, supersedes, relates-to. When a Tier 1 match is found, its related entries are included in the context, providing the cascade with the full decision neighborhood rather than an isolated fact.

Practical Behavior

In production use across a microservice ecosystem with 10+ services, the cascade exhibits characteristic distribution patterns:

  • Tier 1 (KB) handles the majority of decisions. Common patterns: “which error handling style does this project use?”, “what's the naming convention for database migrations?”, “has this exact bug been seen before?”
  • Tier 2 (Cheap Model) handles novel but non-critical questions. Common patterns: “should this function return Option or Result?”, “is this the right module for this code?”, general code style questions.
  • Tier 3 (Research Session) handles complex questions requiring code reading. Common patterns: “will this change break downstream consumers?”, “what is the thread-safety model of this component?”
  • Tier 4 (Human) handles genuine policy decisions. Common patterns: “should we support backwards compatibility for this API?”, “is this performance trade-off acceptable?”, “which of these two architectural approaches do you prefer?”

The system tracks tier distribution over time. A healthy cascade shows Tier 1 hit rate increasing as the knowledge base grows. A sudden spike in Tier 3/4 hits indicates the codebase entered new territory (new domain, major refactor) that requires knowledge seeding.

The Autonomy Boundary as Engineering

The current debate around AI agent autonomy often frames it as a policy question: how much should we trust AI agents? The cascade reframes it as an engineering question: given a specific decision with specific context, what is the cheapest resolution strategy that meets the confidence threshold?

This reframing has practical consequences:

  • Trust is not global — The same agent may be fully autonomous for style questions (Tier 1 resolves them) and require human oversight for architectural decisions (Tier 4). Trust varies per decision category, not per agent.
  • Trust increases over time — As the KB accumulates policy decisions, more question categories shift from Tier 4 to Tier 1. The developer explicitly chose the answer once; the system applies it consistently thereafter.
  • Trust is auditable — Every decision records which tier resolved it and with what confidence. A developer can review all Tier 1 resolutions to verify the system is applying prior decisions correctly, or audit Tier 2 resolutions to check the cheap model's judgment.

Limitations

  • Cold-start problem — A fresh knowledge base means everything falls through to Tier 2+. The system improves with use but requires initial investment. Mitigated by bootstrapping the KB from existing documentation and CLAUDE.md files.
  • Stale knowledge — KB entries may become outdated as the codebase evolves. The supersedes relationship type and manual invalidation handle this, but automated staleness detection is not yet implemented.
  • Tier boundary calibration — Confidence thresholds are currently hand-tuned per deployment. Automated threshold optimization based on historical tier distributions and human override rates is future work.

The Thesis

AI agent autonomy is not a binary switch. It is a gradient that can be engineered through tiered resolution with explicit cost and confidence trade-offs. A cascade architecture that checks institutional knowledge before consulting models, and consults cheap models before expensive ones, and consults expensive ones before interrupting humans, produces a system where:

  • Developers are interrupted only when genuinely needed
  • The system gets more autonomous over time as knowledge accumulates
  • Every human decision is captured and reused, not lost
  • The autonomy boundary is auditable, not opaque

The result is a tractable engineering approach to a problem usually discussed in abstract policy terms. The cascade doesn't answer “how much should we trust AI?” It answers “given what we already know, what's the cheapest way to resolve this specific question safely?”

Helper Disconnected