Agentic methodology

ATLAS-Agentic methodology — 7 steps to ship an agent swarm in production.

Our ATLAS-Agentic methodology adapts the ATLAS Legacy framework (10 code-modernization steps) to the agent swarm context. It keeps the key ATLAS principles (kill/go gates, proven parity, observed-behavior register) by transposing them to AI non-determinism and agentic security.

Scope my agent swarm →See the Intelligent orchestration hub →

Why a variant

Four specificities of the agentic context require a dedicated methodology.

No source code to port

The deliverable is a swarm, not a rewrite. No line-by-line migration; custom design of specialized agents.

Intrinsic LLM non-determinism

Parity is defined as human-agreement rate on double-run, not deterministic line-by-line parity like in ATLAS Legacy.

Radically different agentic security

ZSP, JIT access, reverse offensive audit, multi-tenancy isolation — new classes of risk requiring a dedicated framework.

Continuous loop (agentic cycle)

Delivery is not an end but a continuous operations mode — mandatory quarterly recertification, 24/7 observability.

The 7 steps

ATLAS-Agentic in 7 steps, with kill/go gates between each.

2-4 weeks

Agentic Intake

ObjectiveScope the perimeter, identify candidate processes, set success criteria and constraints (data, security, compliance, budget, schedule).

Key deliverables

▸Signed client scoping note
▸Prioritized list of candidate processes (3-10)
▸Constraint matrix (data sensitivity / GDPR / SLA)
▸Quantified success criteria
▸Budget estimate ± 50 %

Exit gateBusiness + IT + security + finance alignment on the criteria.

3-6 weeks

Discovery

ObjectiveDeeply understand the selected processes. Map data sources, tools, humans involved, explicit and implicit business rules.

Key deliverables

▸AS-IS process mapping (BPMN)
▸Inventory of data sources and their APIs
▸Tools inventory and MCP compatibility
▸Documentation of implicit business rules
▸Baseline KPI measurement

Exit gateSource volume and quality validate feasibility.

2-3 weeks

MCP mapping

ObjectivePrecisely identify which MCP connectors will be reused, which need adaptation, which created. Specify interface contracts.

Key deliverables

▸Target MCP architecture diagram
▸Connector list (existing vs custom to develop)
▸Interface contract specifications
▸ZSP / JIT / multi-tenancy governance plan
▸Custom connector effort estimate

Exit gateSufficient MCP coverage. If too much custom, replan or pivot.

3-5 weeks

Target swarm architecture

ObjectiveDesign the agent swarm that will deliver value. Choose LLMs (vendor-neutral 'it depends'), define agents and their roles, specify guardrails and selective supervision policy.

Key deliverables

▸5-layer swarm reference architecture
▸Spec of each agent and its role
▸LLM choice per agent (justified)
▸Business and security guardrail spec
▸Selective supervision policy
▸Observability architecture (logs, audit, FinOps)

Exit gateInternal Access architecture review + client review.

6-16 weeks

Swarm build

ObjectiveDevelop the swarm per E4 architecture. Short iterations with client demos. Per-agent unit tests, integration tests on the swarm.

Key deliverables

▸Swarm code (client or Access repo)
▸Custom MCP connectors developed
▸Per-agent unit tests (>80% coverage)
▸Integration tests with sandboxed real data
▸Runtime operator documentation

Exit gateClient demos OK + integration tests passing + internal security review.

4-8 weeks

Supervised validation

ObjectiveRun the swarm on real data in parallel with humans on a representative sample. Measure agreement rate, identify divergences, tune guardrails.

Key deliverables

▸Double-run period swarm + human (2-6 weeks)
▸Global and per-category agreement rate measurement
▸Observed-behavior register
▸Guardrails / prompts / supervision tuning
▸Intrusion tests (reverse offensive audit)
▸DPO-signed compliance validation

Exit gateAgreement rate ≥ E1 threshold + zero critical vulnerability + DPO sign-off.

2-4 weeks + ongoing

Delivery and operations

ObjectiveShip the swarm to production in supervised mode then progressively autonomous. Transfer skills to human orchestrator. Set up continuous observability.

Key deliverables

▸Progressive go-live (canary release)
▸Human orchestrator training (2-5 days)
▸Operations documentation (runbook, escalation)
▸Observability dashboard (FinOps + quality + security + audit)
▸Quarterly recertification plan
▸LLM model update plan

Exit gateValidated runbook + trained orchestrator + operational observability + approved recertification plan.

Guiding principles

Nine guiding principles inherited from ATLAS Legacy, transposed to agentic.

01Parity proven by double-run (vs line-by-line parity in ATLAS Legacy)
02Observed-behavior register (every swarm / human divergence is tracked)
03Open MCP-first architecture (no vendor lock-in, substitutable LLM)
04Zero Standing Privilege applied systematically
05Reverse offensive audit from E6 and continuously in E7
06Selective supervision tuned by continuous feedback post-E7
07Vendor-neutral by design — LLM recommendation depends on the case, not on a closed partnership
08Mandatory quarterly recertification — falls back to degraded mode otherwise
09Embedded FinOps — inference cost tracked per agent and per decision, drift alert

Key differences

ATLAS Legacy vs ATLAS-Agentic — what changes.

AspectATLAS LegacyATLAS-Agentic

Main deliverable

Rewritten code

Agent swarm

Parity criterion

Deterministic line-by-line

Statistical double-run agreement rate

Security

Classical audit

ZSP + JIT + reverse offensive audit

Mission end

One-shot cutover

Progressive go-live + continuous operations

Recertification

Not standardized

Mandatory quarterly

Vendor

Technology target fixed at E4

Substitutable LLM, vendor-neutral

Frequently asked questions

ATLAS-Agentic — what architects and CIOs ask.

Why an agentic-dedicated ATLAS variant rather than ATLAS Legacy?+

Four specificities require a variant: no code to port (deliverable = swarm), intrinsic LLM non-determinism (statistical parity not line-by-line), radically different security (ZSP / JIT / reverse offensive audit), continuous loop (delivery is not an end but an operations mode). ATLAS-Agentic keeps the key ATLAS principles (kill/go gates, discrepancy register) by adapting them.

How long does a full ATLAS-Agentic program take?+

From E1 to go-live (E7): 4 to 7 months depending on complexity. E1 Intake 2-4 weeks, E2 Discovery 3-6 weeks, E3 MCP 2-3 weeks, E4 Architecture 3-5 weeks, E5 Build 6-16 weeks, E6 Validation 4-8 weeks, E7 Delivery 2-4 weeks + ongoing operations. The most variable phase is E5 depending on swarm complexity (3-10 agents typical).

What is the observed-behavior register?+

Agentic equivalent of the ATLAS Legacy discrepancy register. Every swarm / human divergence is tracked during E6 Supervised validation and continuously in E7. Each entry is analyzed and classified: acceptable (normal variability), to fix (tune guardrail / prompt), to escalate to human (case systematically routed up). Industrializes continuous improvement.

What happens if the swarm doesn't reach the target agreement rate in E6?+

The E6 → E7 gate does not open. Three options: iterate on guardrails and prompts to improve the rate, broaden the selective supervision policy (more cases routed to humans), or pivot the scope (remove a too-complex process). No go-live until the gate is crossed.

How does mandatory quarterly recertification work?+

At every major LLM update used, or every three months minimum, the swarm is revalidated on the reference test set (from E6). If the agreement rate drops below threshold, the swarm automatically falls back to degraded mode (humans only) until corrected. Prevents silent drift.

Can we combine ATLAS-Agentic with ATLAS Legacy?+

Yes, often. Legacy modernization + agentic swarm deployment on the modernized system. ATLAS Legacy delivers the technical foundation (Java, .NET, TypeScript), ATLAS-Agentic delivers the intelligent orchestration layer on top. The two methodologies chain together, with shared gates on critical junctions.