Reference · Context Engineering

Context system — architecture-review checklist

Context system architecture-reviewSemantic searchRetrieval augmented generationContext engineeringContext window

Published

Take this into any AI design review · pairs with Lesson 5 & the cheat sheet
The one sentence: every AI assistant is a context strategy with a model attached — name the strategy (pre-indexed vs read-on-demand vs none) and you’ve already named its failure mode.

Architecture-review checklist — the ten questions for any AI design

  1. What’s the context strategy? pre-index · read-on-demand · none — predicts cost shape & failure mode.
  2. Recall and precision as separate stages — retrieve wide, then rerank? Is it hybrid (lexical + semantic)?
  3. Chunking strategy — split on meaning, overlap, per-chunk contextual prefix so a chunk stands alone?
  4. Index freshness / invalidation — invalidate on write, or stale-by-default? Fetch live for volatile data?
  5. Is retrieval evaluated — recall@k / hit-rate on a labeled set — not just final answers (“vibes”)?
  1. Token budget + compression for long sessions — summarize, prune, prioritize within the window?
  2. Observe the assembled context per call — log exactly what was sent, so a wrong answer is debuggable & auditable?
  3. Are all five failure modes covered? missing · wrong · outdated · conflicting · excessive
  4. PII / compliance in retrieval — redaction, access control at the retrieve stage, injection defense (OWASP LLM)?
  5. Deterministic vs semantic retrieval matched to the data type — exact → structured query, fuzzy → hybrid + rerank?

Product teardown — name the strategy, the failure falls out

ProductContext strategyStrengthsWeaknessesSignature failure
CursorPre-indexed repo embeddings + semantic retrieval (+ open files)Fast recall across huge repos; finds code before you know the filenameIndex staleness; embeddings miss exact identifiersRetrieves a topically-similar but wrong file
Claude CodeAgentic read-on-demand via tools (grep / glob / read); no persistent indexAlways fresh; precise; transparent about what it readMore tool round-trips → latency & token cost; depends on good searchesMisses a file it never thought to grep
ChatGPTConversation history + optional retrieval / uploads / connectors / memoryBroad general capability; cross-session memoryWeak grounding in your live systems without connectorsHallucinates when nothing was retrieved
GitHub CopilotOpen files + nearby code + (newer) repo / workspace indexing for chatLow-latency inline local contextLimited surrounding window; weaker whole-repo reasoningSuggests plausible code that ignores a distant constraint

Product specifics are version-dependent / at time of writing — review the architecture, not the version.

Production design — match retrieval to the data type

AgentContext strategy (matched to data)ScalabilityCostReliabilityObservability
BillingMATCH Deterministic structured query / SQL keyed by account_idnever fuzzy embeddingsCheap point lookupsLow tokensNo hallucinated numbers; quote only what was pulled, never synthesizeLog every assembled context + tool call for audit / disputes
SupportHybrid over help-center KB + customer history (memory); rerankKB grows; cache hot articlesModerateKB freshness; PII handling / complianceRetrieval hit-rate; deflection/escalation; cite sources to user
EngineeringCodebase hybrid + structural retrieval and/or read-on-demand; tests as a grounding signalLarge repos; token-heavyToken cost dominatesGround in real code; run testsLog which files / symbols loaded per task
ResearchMulti-source web/doc retrieval, multi-step; compress intermediate findings; keep citationsMany calls / sourcesHigh (fan-out)Adversarial verification; dedupe conflicting sourcesSource provenance per claim

The senior reflex: exact & financial → structured query; fuzzy & textual → hybrid + rerank; volatile → fetch live; long-running → compress + remember.

The five failure modes — symptom → cause → fix

ModeSymptomRoot causeFix
Missing”I don’t have info on that” / vague answerRelevant doc never retrieved (recall gap)Improve recall: hybrid retrieval, better chunking, raise k
WrongConfident answer about the wrong thingTopically-similar but incorrect chunk ranked topAdd rerank; lexical signal for exact identifiers
OutdatedAnswer reflects an old state of the worldStale index / cached docInvalidate on write; or fetch live for volatile data
ConflictingInconsistent answers; arbitrary choiceSources disagree; no resolution policyDedupe, prefer authoritative source, surface the conflict
ExcessiveSlow, costly, “lost in the middle”Too much low-signal context packed inTighten selection; rerank; compress; trim history

Where the failure enters the pipeline

ingest -> chunk -> index -> retrieve
      -> rerank -> assemble -> LLM -> log

MISSING      at retrieve   (recall gap)
WRONG        at rerank     (bad ranking)
OUTDATED     at index      (freshness)
CONFLICTING  at assemble   (no policy)
EXCESSIVE    at assemble   (over budget)

Each stage gets its own metric.
A wrong answer with the RIGHT context
= a reasoning bug.
With the WRONG context
= a retrieval bug.  Separate them.

RED FLAGS in a context architecture

”Just use vector search for everything” · semantic search over exact/financial data (returns most-similar, i.e. confidently wrong) · pure embeddings with no lexical / rerank stage · an index with no invalidation (stale-by-default) · “we evaluate by trying it” — no labeled set, no recall@k · no compression plan for long sessions · the assembled context is not logged (“the wrong answer is undebuggable”) · no PII redaction / access control at retrieve · tool/retrieved content trusted as instructions (injection) · “we’ll add observability later.”

Evaluation & observability — what to probe L6

The reflex: generation can only use what retrieval surfaced — so grade retrieval and the answer separately, then trace every call to the failing half.

Pre-retrieval & advanced RAG — decision points L7

ProbeReach for…When it justifies the cost
Recall is low — is the raw query transformed before retrieval?rewrite · multi-query · HyDE · decomposition · step-back · routingThe query is the worst search query you have; recall lost at retrieve can’t be recovered by any reranker or bigger model. Cheapest place to fix recall.
Does the retrieval structure match the question shape?local fact → small-to-big / parent-doc; large doc → hierarchical; ambiguous chunk → contextual; global theme → GraphRAGFlat top-k is a floor, not a ceiling. GraphRAG earns its keep only on theme-spanning questions; it’s wasted complexity (build + keep-fresh) on “what is X?”.
Multi-part question (e.g. “EU vs US refund policy”)?decomposition (split → retrieve each → combine)One embedding averages two facts and matches neither; verify both regions’ chunks appear in the assembled context.
Is an agentic / corrective loop used?grade docs · re-retrieve / web fallback · critique the draftONLY where correctness justifies the extra latency & cost — retrieval becomes an action in a loop, not a one-shot step.

Red flag: “a better reranker will fix our low recall” — reranking only reorders what was already retrieved; a doc never in the candidate set can’t be surfaced. That’s a pre-retrieval problem.

Embeddings, indexing & cost — what to probe L8

Caching, ordering & security — what to probe L9

The reflex: stable-first for caching, edges-first for attention, ACL-in-the-query for security — the production context layer.

Cost & ordering

  • Prompt structured stable-first / volatile-last? system + tools + few-shots + static docs in one byte-stable prefix at the top (the prefix is the cache key); query, retrieved docs, timestamps, session IDs strictly after it. Any edit above a token busts the cache from there down.
  • Ordering managed for lost-in-the-middle? attention is U-shaped — edges get read, the deep middle gets skimmed. Put the query last, the best retrieved doc at an edge, cap history / tool-output bloat. Caching and recency agree: the volatile query last satisfies both.
  • Explicit delimiters? XML tags / headers so the model separates instructions from data from query — also shrinks the injection surface.

Security & multi-tenancy

  • Retrieved content treated as untrusted? it is data the model reads, never instructions it follows — indirect prompt injection rides in through your own KB (even internal docs: pasted emails, scraped pages, uploads). Delimit it; filter output.
  • ACL IN THE QUERY Multi-tenant access control enforced in the RETRIEVAL QUERY (pre-filter by tenant_id / ACL at the index), NOT via a prompt instruction. The prompt is not a security boundary — like SQL row-level security, authorization belongs in the WHERE clause, not a comment asking the query to behave. If another tenant’s docs were retrieved, they’re already in context.
  • PII & OWASP LLM Top 10 covered? injection (#1) · sensitive-info disclosure (redaction, retention/residency limits, least-privilege retrieval) · data exfiltration (constrain tool egress, least privilege).

VP / leadership review questions