From charter to architecture: the hand-off CORE
The charter answers what the system is. The architecture answers how the system works. The hand-off between the two is a discipline: no claim appears in the architecture that was not present in spirit in the charter, and no claim in the charter is left without an architectural consequence. If the charter says “the research agent reads public web sources,” the architecture says which tool runs that read, which prompt it uses, which rate limit governs it, and where the sources land on disk. If the charter says “a scheduled summary fires every Sunday evening,” the architecture says which scheduler invokes the summary, what time zone the cron expression is in, and which shared-state file the summary writes to.
The discipline matters because architectures written in isolation from their charters tend to drift toward whatever the student has been reading about most recently. A student who just watched a tutorial about vector databases may add a vector store to the architecture that the charter never asked for. A student who was frustrated by slow local inference may add a cloud fallback the charter did not authorize. These drift moves are not wrong in the abstract; they are wrong here, because they enlarge the system past what the charter committed to. The rule for Lesson 10.2 is that architecture changes that enlarge the system require a charter amendment, and charter amendments are written, signed, and dated. An architecture that quietly adds a component the charter never described is an architecture the rubric will catch and the reviewer will flag.
The architecture document is the second-longest frozen artifact in the capstone folder — three to five pages, depending on how much detail each component demands. It is longer than the charter because the level of specificity is different: the charter commits to what; the architecture commits to the mechanical how. A student who writes an architecture the same length as the charter has either written a too-long charter or a too-short architecture. The middle length is the right one.
The architecture is also the document Claude Code, Cowork, or any coding agent will read in Lesson 10.3 as the build spec. A well-written architecture can be pasted into a fresh coding-agent context and will produce component skeletons that match the charter. This is not the primary purpose of the architecture — the primary purpose is human clarity — but it is a useful secondary test. An architecture that a fresh agent cannot turn into sensible scaffolding is probably an architecture a fresh student cannot either.
The six sections of the architecture CORE
The architecture document has six sections. The shape is prescriptive so the parent-facing rubric can check each section against a named evidence-block, and so the reviewer can compare this architecture to one the student writes later (for a project after the course) with minimal re-orientation.
Section 1 — Inventory. A table of components. For each: the name (carried over from the charter), the shape (one of the four from Lesson 10.1), the tool it runs on (Claude Code, Cowork, a cron job, a shell script, a scheduled task on a local box), the invocation mode (scheduled / on-demand / triggered-by-another-component), and the data class it touches (public / personal / sensitive). The inventory is the index the rest of the architecture refers back to.
Section 2 — Data flow. A prose-plus-diagram section describing how data moves through the three components. Which component produces what; which component consumes what; where shared state lives (a folder on disk, a database table, a message queue, a single markdown file the student appends to). The diagram is a simple box-and-arrow drawing; the prose names the format of each arrow (markdown file / JSON file / SQLite row / HTTP POST / function call).
Section 3 — Trust boundaries. Carried forward from Section 3 of the Module 9 posture document, with a capstone-specific refinement: every arrow in the data flow diagram that carries text from an untrusted source — the open web, an inbox, a stranger’s file, an upstream component that itself read untrusted text — is marked as a trust boundary. The section lists each boundary and the hardening at each. If a boundary is new (the capstone’s data-flow pattern introduces a trust edge the Module 9 posture did not consider), the student amends the posture document and notes the amendment in this section.
Section 4 — Schedule and cadence. Every component’s schedule. Scheduled components name their cron expression (or the scheduling-tool equivalent), the time zone, and the expected wall-clock invocation pattern (“Sundays at 18:00 local, weekly”). On-demand components name their invocation pattern (“student runs this Monday mornings after the weekly planner component has written to shared state”). This section is also where the kill-switch mechanism lives: one command or UI action that halts every scheduled component at once.
Section 5 — Pre-flight cost estimate. Inheriting the Module 8 format: per-invocation cost for each component, per-day total, per-week total for the seven-day observation window. The estimate is first-pass — it will be revised in Lesson 10.3 when the student actually runs a component — but it needs to be defensible in one paragraph now. The section ends with a one-sentence verdict: “This estimate fits within the monthly budget of \$X with ~\$Y/month headroom,” or, if it doesn’t, the charter-amendment note that records the scope change needed to make it fit.
Section 6 — Posture inheritance. A one-paragraph statement that the Module 9 posture document governs the capstone, followed by any posture-specific amendments (for a new trust boundary, a new secret, a changed data class, a new rotation cadence). If there are no amendments, the paragraph says so. This section is the evidence the rubric uses to check that the capstone is actually operating under a posture, not adjacent to one.
A good architecture fits in three to five printed pages. Shorter than three pages is almost always too thin to guide the build; longer than five is almost always a document that is trying to substitute volume for precision. If the student is tempted to write a sixth section, the right move is to tighten one of the six existing ones.
Drawing the system diagram CORE
The diagram is not optional, and it is not fancy. A simple box-and-arrow drawing on paper, photographed into the architecture file, is fine. A whiteboard snapshot is fine. A diagramming tool’s output pasted in as an image is fine. What is not fine is an ASCII-art block that the student spent forty minutes formatting; the time-to-value ratio is wrong and the ASCII is harder to read than a photo of a notebook page.
Three boxes (or more), one per component. Arrows between boxes, with labels naming the data type crossing each arrow. Arrows to and from the outside world (the open web, the mailbox, the student’s local folder, the calendar) labeled with the data class. Trust boundaries marked as a thick line across any edge where untrusted text enters. The kill switch’s scope marked as a dotted outline around the components it halts.
The diagram’s purpose is to be looked at by the student and the reviewer before the build. A student who cannot draw the diagram without going back to the charter to check something has not yet internalized the design. A reviewer who cannot follow the diagram in ten seconds will not be useful as a reviewer.
A second purpose of the diagram is the demo video in Lesson 10.5. The video’s second beat — “here is what the system looks like on paper” — is the diagram. A diagram drawn in Lesson 10.2 is a diagram the student does not need to redraw for the demo. Keep the diagram file accessible in the capstone folder; name it system-diagram.png or equivalent.
A third purpose: the diagram is what the reviewer will use to decide whether to sign off in Lesson 10.5. The sign-off asks whether the reviewer would trust the system to operate unattended under its posture, and a diagram that does not clearly show the trust boundaries and the kill switch is a diagram the reviewer cannot evaluate.
Posture inheritance and what it means CORE
The Module 9 posture document governs the capstone. That is the starting claim and most of the work. The six sections of the posture — threat model, data classification, trust boundaries, secrets, cost, incident loop — apply to the capstone without revision unless the capstone’s architecture introduces a specific new thing the posture did not consider.
The three most common “new things” the capstone introduces:
The first is a new trust boundary. A capstone that adds a research agent reading a feed the posture did not mention has a new trust boundary at that feed. The posture is amended to include it; the architecture’s Section 3 names both the new boundary and the posture amendment.
The second is a new secret. A capstone that calls a third-party API the posture did not mention introduces a new key the student must store according to the Module 9 secrets posture. The key goes where keys go (environment variable, OS keychain, provider vault); it does not appear in the architecture document; the posture is amended to record its rotation cadence and scope.
The third is a new data class flow. A capstone that routes sensitive data the posture did not previously contemplate — the student’s own health notes, a household member’s information, a friend’s trust — gets a data-class amendment to the posture. The new flow runs on the local model per the Module 9 rule, or it does not run at all.
Most capstones introduce at most one of these. A capstone that introduces all three has a posture document doing too much work in Lesson 10.2 — the student is better served taking a day, writing the amendments formally, and re-running Lesson 9.5’s incident drill against the amended posture before returning to Lesson 10.2. The posture is the operating contract; changes to it are not casual.
A posture that does not need amendment is the better outcome. A capstone whose architecture fits inside the posture the student wrote before they knew what the capstone was is a capstone scoped well. If Section 6 of the architecture says “no amendments,” the student has demonstrated that their posture document was forward-looking enough to absorb the capstone — which is a strong signal about the quality of the Module 9 work.
The first-pass cost estimate CORE
A cost estimate at Lesson 10.2 is not a final number. It is a defensible first pass the student will sharpen in Lesson 10.3 once they have actually invoked each component once. The estimate is structured the same way the Module 8 pre-flight was — by component, by invocation, rolled up to the week — and the rule is the same: the student can defend each number in one sentence, or the number is a guess.
A worked example to model on. Consider a capstone with three components: a research agent that reads five public feeds each Sunday evening (shape 3), a coding agent the student invokes on demand each morning to process the research output (shape 2), and a custom skill that reformats the morning output to the student’s style guide (shape 4). The student’s rough estimate: the research agent runs five read-and-summarize cycles, each costing ~\$0.08 on the cloud model — \$0.40 per Sunday invocation. The coding agent runs once per day, uses ~\$0.25 of cloud per invocation on average — \$1.75 per week. The custom skill uses ~\$0.03 per run, once per day — \$0.21 per week. Total weekly cost ≈ \$2.36. Over seven days of the observation window, ~\$2.36. Over the month, ~\$10. Monthly budget per the posture: \$80. Headroom: ~\$70.
The estimate is defensible. The student knows where each number comes from. A \$2.36 weekly estimate that turns out to be \$4.50 when actually run is acceptable — the student adjusts in Lesson 10.3. A \$2.36 weekly estimate that turns out to be \$45 is a sign the estimate was pulled out of the air; the student returns to the charter and tightens.
The same worked example has a failure mode. Suppose the student’s research agent reads fifty feeds instead of five — because “more sources is better” crept into the design between the charter and the architecture. Per-invocation cost becomes ~\$4. Over four invocations per week (not one Sunday but every-other-day), the research cost alone is \$16/week, \$64/month — 80% of the monthly budget, with no headroom for the other two components. The architecture either gets a charter amendment to narrow the research agent, or the scope is cut. This is the kind of decision the cost estimate forces. An architecture without a cost estimate is an architecture where this kind of drift happens invisibly and surfaces as a surprise in Lesson 10.4.
Two practical notes. First, if a component runs against the local model instead of the cloud, its direct dollar cost is zero — but the time cost (local inference latency) is not, and the student notes that as a one-liner in the Section 5 verdict. Second, the provider’s hard cap from the posture is the safety net, not the estimate. A student who estimates \$10/month and has the hard cap set at \$80 has ~\$70 of cushion for legitimate surprises and catastrophic bugs alike. A student who estimates \$10/month and has no hard cap has neither.
Filling the template and freezing the file RECIPE
Create /capstone/capstone-architecture.md using the template from /resources/module-10/capstone-architecture-template/. The template has the six sections pre-skeletoned. Copy the charter’s Section 3 (components) into the architecture’s Section 1 (inventory) as the starting point, then fill each row with the additional fields the inventory needs.
Draw the diagram. Tool choice is the student’s. For most students the shortest path is: open a blank page in a note-taking app (Notes, Obsidian, a paper notebook photographed later), draw three boxes, draw arrows, label everything, export the image. Save the image as /capstone/system-diagram.png and link it from the architecture file under Section 2.
Walk the posture document. Open /capstone/security-posture.md side by side with the architecture. For each of the six posture sections, ask: does the capstone introduce anything this section did not already consider? If no, write “no amendment” in Section 6 of the architecture. If yes, write the amendment — one sentence per change — in the posture itself, re-date the posture’s Last reviewed field, and note the amendment in Section 6 of the architecture. The format is the same amendment-and-re-date pattern the posture document has used since Module 9; there is no new tooling.
Run the cost estimate. The Recipe Book entry pre-flight cost estimate for a pipeline (from Module 8, still current) carries the math; the capstone’s estimate is the same format. If the estimate is over budget, the charter is amended and Lesson 10.1’s revision is re-run before Lesson 10.3 begins.
Freeze the file. The architecture freezes at lesson end — which means the top of the file gets a Frozen: YYYY-MM-DD date stamp and a one-line commitment, and the file is considered the binding design for Lesson 10.3. Later amendments are marked with Amendment: <date> — <reason> entries at the bottom of the file, not silent edits. This is the same freeze header the charter carries in Lesson 10.1; no new format.
Try it — Write the architecture, draw the diagram, freeze the file CORE
deliverables: /capstone/capstone-architecture.md filled with all six sections; /capstone/system-diagram.png (or equivalent) saved and linked; posture amendments (if any) added to /capstone/security-posture.md; architecture file frozen
Part 1 — Inventory.
Open the template. Fill Section 1 (inventory). Copy component names from the charter. For each, add: tool (Claude Code / Cowork / cron / script / whichever), invocation mode (scheduled / on-demand / triggered), data class (public / personal / sensitive). The inventory is factual. No prose.
Part 2 — Data flow and diagram.
Fill Section 2 (data flow). Write the prose first — two or three short paragraphs describing how data moves from component to component. Name the format of each hand-off: a markdown file at a known path, a JSON blob, a database row, a function return value.
Then draw the diagram. Three boxes, labeled. Arrows between boxes, labeled with the data type. Arrows to and from external systems (the web, a mailbox, the student’s folder), labeled with data class. Save and link.
Part 3 — Trust boundaries and posture amendments.
Fill Section 3. Carry over the trust-boundary map from the Module 9 posture. Add any new boundary the data flow introduced. For each new boundary, decide whether the posture needs an amendment; if yes, write the amendment into /capstone/security-posture.md under the relevant section and re-date the posture’s Last reviewed line. Note the amendment in Section 6 of the architecture.
Part 4 — Schedule and kill switch.
Fill Section 4. Every scheduled component gets a cron expression or scheduler entry; every on-demand component gets an invocation trigger description. Name the kill-switch mechanism in one sentence: “Running capstone-killswitch.sh halts every scheduled component at once,” or “Disabling the capstone-scheduler toggle in the Cowork dashboard halts all scheduled components.”
Part 5 — Cost estimate.
Fill Section 5. Per-component, per-invocation, per-day, per-week. One-sentence rationale for each number. Roll up to the weekly total. Compare to the monthly budget from the posture. Write the one-sentence verdict.
If the estimate is over budget, stop and amend the charter. The architecture is not frozen until the estimate fits. Most students do this at least once; it is not a failure, it is the system working.
Part 6 — Posture inheritance and freeze.
Fill Section 6. One paragraph: “The Module 9 posture document governs this capstone. Amendments this lesson: [list, or ‘none’].” If there are amendments, the posture’s Last reviewed is re-dated; if not, nothing in the posture changes.
Freeze the architecture file. Add the freeze header at the top:
**Frozen:** 2026-04-18
**Author:** <your name>
**Reviewer:** <reviewer>
**Binding design for Lesson 10.3.** Amendments below this line are dated and signed.The architecture is now the binding design for the build in Lesson 10.3.
If your diagram has more than five boxes
Five boxes is the ceiling for a Module 10 capstone architecture a reviewer can read in ten seconds. Six boxes means you have added infrastructure that was not in the charter (a database, a message broker, a reverse proxy) or you have split a component into sub-parts that should have been one. Either way, reconsider — most six-box architectures collapse to four-box without losing anything real.
Done with the hands-on?
When the recipe steps and any activity above are complete, mark this stage to unlock the assessment, reflection, and project checkpoint.
Quick check
Three short questions. Tap each to reveal the reasoning.
QC1. A student’s architecture adds a vector database the charter never mentioned, citing “retrieval is better with vectors.” What does the lesson recommend?
The architecture either drops the vector database (if the charter’s retrieval need can be met without it) or the charter is amended to include it, with a signed rationale. Quiet additions that enlarge the system are the drift the hand-off discipline exists to prevent.
QC2. A capstone introduces a new third-party API call. What posture sections are amended, and where does the new key go?
The secrets section and, if the API reads text the system then processes, the trust-boundaries section. The key goes to the Module 9 secrets store — environment variable, OS keychain, or provider vault — never into the architecture file, a chat transcript, or a committed file.
QC3. A student’s first-pass cost estimate says “\$20/week, I think this will be fine.” Why does the lesson call this a guess rather than an estimate?
Each number in a real estimate has a one-sentence rationale (“research agent reads five feeds at ~\$0.08 each”). “I think” has no rationale. A guess can be right by luck; an estimate is defensible to the reviewer.
Quiz
Four questions. Tap a question to reveal the answer and the reasoning.
Show explanation
Answer: B. The length difference is a difference in kind, not in effort. (A) is false — the rubric checks for the six-section structure and evidence, not word count. (C) is wrong — the architecture describes the system, the code lives in /capstone/pipeline-v1/. (D) is absurd.
Show explanation
Answer: B. New untrusted-text sources are new trust boundaries; new trust boundaries get written into the architecture and amended into the posture. (A) is overcorrection — trust boundaries are hardened, not avoided, unless the source is needless. (C) misreads the Module 9 rule; being connected is not being trusted. (D) leaves the posture stale and would be caught by the rubric.
Show explanation
Answer: B. A defensible estimate traces each number to the capstone’s actual design. Past unrelated cost is evidence of nothing about the capstone’s cost. (A) feels reasonable but fails the discipline — the estimate is specifically about the workload the charter committed to. (C) papers over the problem. (D) misreads the lesson — weekly totals are fine as the rollup, but they rest on per-invocation math.
Show explanation
Answer: B. Posture documents that do not need amendment are posture documents that were written with future projects in mind; absorbing a capstone without change is a strength of the posture, not a gap. (A) is a fair suspicion but the lesson explicitly calls this out as a good outcome. (C) underclaims. (D) is partially true — a plugin almost always demands at minimum a register entry — but the lesson’s claim is the general one.
Reflection prompt
What did the architecture force the charter to admit?
Write a short paragraph (4–6 sentences) in your journal or my-first-loop.md in response to the following: Look at your charter from Lesson 10.1 and your architecture from Lesson 10.2 side by side. What is the most important thing the architecture forced you to decide that the charter left open? What decision, in hindsight, should have been in the charter the first time? When you build your next agentic system, is there a question you will put on your charter checklist based on what you just learned?
The purpose is to start building the student’s own sense of the charter’s limits. Every charter is a first pass; every architecture reveals what the charter did not yet know how to ask. The student who notices this begins to charter better on their second capstone.
Project checkpoint
By the end of this lesson, you should have: /capstone/capstone-architecture.md filled with six sections, in your own words, three to five pages when printed; /capstone/system-diagram.png (or equivalent filetype) saved and linked from the architecture file’s Section 2; posture amendments (if any) written into /capstone/security-posture.md with updated Last reviewed date; charter amendments (if any) written into /capstone/capstone-charter.md with a signed rationale; the architecture file frozen with the standard freeze header at the top; and a short note — one paragraph — to your reviewer letting them know the architecture is ready if they want a read-through before you start building. As in Lesson 10.1, do not block on their response.
Instructor / parent note
This lesson does two jobs that sit on top of Lesson 10.1’s charter work. First, it enforces a charter → architecture hand-off discipline: every claim in the architecture must trace back to the charter, and every claim in the charter must produce a specific architectural consequence. The rule catches the most common drift of the capstone week — a student watches a tutorial on Wednesday, and by Friday the architecture has a vector database, a cloud fallback, or a third service the charter never authorized. Second, it introduces posture inheritance as the default. The Module 9 posture governs the capstone; amendments are the exception, not the norm; and an architecture whose Section 6 reads “no amendments” is a strong signal the student built a posture that was genuinely forward-looking, not just the minimum the module required.
Watch for two failure modes. The first is the student who enlarges the architecture past the charter and calls it a “small addition.” There is no such thing for the purposes of this lesson. Walk them back: the addition either earns a written, dated, signed charter amendment, or the architecture drops it. The second is the student who copies the Module 9 posture amendments sloppily — writing “new API” in the posture without naming which secret, which rotation cadence, which trust edge. Amendments are one sentence each, specific, and re-date the posture’s Last reviewed line. A capstone is running under a posture or it is running adjacent to one, and the rubric can tell the difference from the amendment prose.
Parent prompt for the read-through: “If the system went sideways on a Tuesday while I was at work, could I find the kill switch from the architecture document in under a minute, and would I know what to do next?” If the answer is no, Section 4 (schedule and kill switch) or Section 3 (trust boundaries) needs tightening before the freeze. The architecture is the second of four frozen capstone artifacts; the posture amendments and the diagram are what make it more than a plan on paper.
Next in Module 10
Lesson 10.3 — Build sprint: three components, three runs, one pipeline.
You build. Each of the three components becomes a running program in /capstone/pipeline-v1/, and each one runs cleanly by itself before any wiring is added. This is the lesson with the most recipes and the most time; the architecture you just froze is the spec the coding agent reads.