Skip to main content

ADR-0012: Position UpsQuad as agnostic workforce-governance middleware

  • Status: Proposed (awaiting founder sign-off — strategic positioning)
  • Date: 2026-06-01
  • Decision owners: Founder (proposer + sign-off), Principal Architect (technical validation), Product Manager (PRD downstream)
  • Related:
    • GEAP evaluation milestone: parent upsquad-ai/work-tracker#56; child evals upsquad-ai/upsquad-core#1185–#1197
    • Agent Decision Receipt brainstorm: upsquad-ai/upsquad-core#1184
    • "Wrap A2A with our own protocol" parent: upsquad-ai/work-tracker#36
    • ADR-0002 (dual business model — cloud + on-prem) — directly reinforces this positioning
    • ADR-0003 (managed-agents evaluation) — adjacent prior context

Context

Google announced Gemini Enterprise Agent Platform (GEAP) at Cloud Next '26 (April 2026), with 12+ sub-products that map almost 1:1 to UpsQuad components: Agent Runtime, ADK (authoring SDK), A2A (interop protocol), Agent Registry, Agent Identity, Agent Gateway + Model Armor (governance / content safety), Agent Observability, Gen AI Evaluation Service (trajectory eval), and Projects in Gemini Enterprise (workspace for agent-employee collaboration — direct overlap with our Quad concept).

Hands-on evaluation (logged under the milestone above) confirms GEAP is GA-quality on every table-stakes axis: agent runtime, MCP middleware, observability, content safety, trajectory eval, authoring SDK, agent registry. Google has structural advantages we cannot match on three axes: model gravity (Gemini), distribution (every Workspace tenant is one toggle from trying GEAP), and operational maturity (already scaled).

The founder asked: does UpsQuad's vision of being a cloud-agnostic, model-agnostic, platform/middleware that connects human workforce and agent workforce survive this overlap? Analogy proposed: ElevenLabs survived OpenAI/Google having voice models; specialized middleware repeatedly survives big-cloud bundling (Stripe, Datadog, Auth0, Snowflake, HashiCorp, Twilio).

This ADR records the answer and binds the engineering organization to its consequences.

Decision

UpsQuad positions itself as the agnostic workforce-governance middleware between human and agentic workforces — cloud-agnostic, model-agnostic, deployable in cloud or on-prem.

The category permission for this positioning is structurally durable, because each cloud is one of the things to abstract over (GCP cannot ship credible "governance across AWS, OpenAI, Azure, on-prem Llama, and us"). But category permission alone does not constitute a moat. Three specializations and one distribution discipline are bound to this positioning as preconditions for it to pay out:

Specialization 1 — Multi-tenant SaaS isolation at the data plane

GEAP scopes by GCP project; one tenant = one GCP project, which does not scale for B2B SaaS with hundreds or thousands of customers. UpsQuad's tenant_id-row-level isolation + namespace-isolated K8s remains structurally unattackable from inside a hyperscaler. This is the strongest moat and the primary reason a B2B SaaS builder picks UpsQuad over GEAP.

Specialization 2 — Hierarchical org + clearance model

UpsQuad's org_model_v2.3 (members + teams + 3-layer permission enforcement, 5 clearance tiers Standard → Executive, humans and agents as siblings in the same tree) maps to actual enterprise org structure in a way GEAP's IAM + Agent Gateway policies do not. Empirically verified during the eval: Agent Registry's data model has zero governance fields (no clearance, no team, no approval-required). The cascade governance with sticky-deny (internal/governance/cascade.go) is also without published GEAP equivalent.

Specialization 3 — Decision receipts and audit replay

The Agent Decision Receipt proposal (upsquad-ai/upsquad-core#1184) is differentiated against current alternatives (Microsoft Agent Governance Toolkit Tutorial 33, IETF AIVS, IETF Agent Audit Trail, IETF AI Agent Auth, OAP/aport, IETF SCITT) on five axes none of them anchor: policy bundle content hash, matched-policy content hash, guardrail-compiler version, member-state hash, public-Merkle inclusion proof. Shipping the predicate + a reference verifier — and registering it against in-toto/SLSA/Sigstore Rekor — is a category-defining artifact that positions UpsQuad as the standard for replayable agent decisions, the way Stripe became the standard for payment receipts.

Distribution discipline — pick exactly one channel

History of agnostic-middleware plays (Stripe, Datadog, Auth0, Snowflake) shows the moat collapses without distribution discipline. UpsQuad must commit to exactly one of these three motions and resource accordingly:

ChannelImplication
B2B SaaS embeddingPublic SDK (ADK-equivalent investment), white-label, embeddable Quad surface, freemium-or-OSS tier, developer-led growth
Compliance pullDecision-receipt spec as the public artefact, regulator-targeted briefings (EU AI Act Art. 12, SOC 2 for AI), partnerships with Big-4 audit firms
Direct enterprise saleAccount executives, RFP discipline, SI partnerships, multi-quarter sales cycles — competes head-on with Microsoft/Google account teams

Spreading effort across all three loses to whoever specializes. The recommended pick is B2B SaaS embedding as primary (it leans into the strongest moat — multi-tenant isolation — and matches the team's current shape), with compliance pull as a secondary marketing motion driven by the decision-receipt spec.

Consequences

Affirmative — what we stop doing

  1. Stop competing on table-stakes that GEAP / AWS Bedrock / Azure AI ship for free. Specifically:
    • Authoring SDK at framework depth (use ADK, LangChain, or our own thin wrapper — do not invest in matching ADK feature-for-feature).
    • Content safety at filter depth (adopt Model Armor as backstop for cloud tenants; investigate open-weights guard models for on-prem; do not invest in proprietary filter R&D).
    • Trajectory eval at metric-set depth (integrate Gen AI Evaluation Service as the default eval harness; do not build a parallel one).
    • Foundation-model gateway depth (route through Vertex MCP + OpenAI + Anthropic SDKs; do not build a proprietary inference gateway).
  2. Stop describing UpsQuad as "an agent platform" or "an agent runtime". Both descriptions invite head-on comparison with GEAP/Bedrock/Azure where we lose. Describe it as: the agnostic workforce-governance middleware, or, in long form, the multi-tenant governance + decision-receipt layer for agent fleets running on any cloud or any model.
  3. Stop positioning Quad as a standalone destination workspace. Projects in Gemini Enterprise plus Microsoft Copilot Pages will own that surface for enterprise IT buyers. Reframe Quad as the embedded agent surface for B2B SaaS builders — the surface their customers see inside their app, not a destination URL.

Affirmative — what we double down on

  1. Multi-tenant primitives — every UpsQuad PRD must answer "how does this work for 1000 sovereign tenants?" before merge.
  2. Hierarchical + clearance-aware governance — every governance feature must respect the cascade, the 5 tiers, and the unified human+agent tree. No exceptions.
  3. Decision receipt as the public artefact — ship the v1 spec + reference verifier within 90 days; publish as in-toto predicate type; register with IETF SCITT for enterprise tenants. Patent the sentence-to-bytecode compiler and the selective-disclosure Merkle scheme defensively.
  4. B2B SaaS embedding as primary GTM — invest in a public embeddable Quad surface, white-label, SDK, freemium tier, developer-led growth. The frontend persona-views work is a credible starting point but must be repackaged for embedding.

What this means for the GEAP integration surface

The eval (work-tracker#56) continues to completion, but the reshape recommendations now resolve to a consistent shape:

GEAP surfaceReshapeRationale
Agent RuntimeAdopt as one runtime option for cloud tenants; keep ours for on-prem and multi-tenantThey win on operability; we win on isolation
ADKAdopt as authoring SDK; wrap thinly for governance integrationStop competing on SDK depth
A2AAdopt as external wire protocol; standardize our subagent egress on itOpen standard, 150+ orgs, free interop
Agent RegistryInspired by, but UpsQuad-built as tenant-aware + governance-richThey have project-scoping that doesn't fit our multi-tenant
Agent IdentityAdopt SPIFFE+X.509 pattern; bind to our clearance modelTheir primitive is fine; their model is too flat
Agent Gateway + Model ArmorAdopt Model Armor as content-safety backstop; keep our middleware as the cascadeStop building a competing filter; keep the cascade
Agent ObservabilityAdopt Cloud Trace + OTel GenAI semconv as schema baselineStop competing on telemetry pipeline depth
Gen AI Evaluation ServiceAdopt as default eval harnessStop building a parallel one
Projects in Gemini EnterpriseDo not compete; reposition Quad as embeddedDifferent buyer; their distribution is structural
Vertex AI SearchKeep Context Engine for multi-tenant tenancy guaranteesThey can't deliver the isolation we need

Risks bound to this decision

  1. Risk: "agnostic" alone does not differentiate. Mitigation: bind specialization 1–3 above as non-negotiable preconditions; review quarterly against MICROSOFT AGT, AWS Bedrock, Workday Agent Workforce.
  2. Risk: distribution channel pick changes mid-flight. Mitigation: each PRD specifies which channel it targets; channel-switch requires a follow-up ADR.
  3. Risk: speed loss to converging incumbents. Mitigation: decision-receipt spec ships within 90 days; missed deadline triggers ADR reopen.
  4. Risk: the "human + agent workforce" framing is captured by Microsoft / Workday / ServiceNow first. Mitigation: marketing positioning and the decision-receipt spec must publicly land within Q3 2026.

Alternatives considered

  1. Compete head-on with GEAP as an agent platform. Rejected — Google's structural advantages on model gravity, distribution, and operational maturity make this a losing battle in 12-24 months.
  2. Pivot to a single-vertical solution (e.g. AI workforce for FinServ only). Rejected — premature narrowing before the agnostic positioning has been tested in market; can always vertical-specialize later if the broad play stalls.
  3. Become a GEAP partner / consultancy. Rejected — gives up product margins for service margins, and binds revenue to Google's roadmap.
  4. Continue current positioning (UpsQuad as "AI agent workforce platform"). Rejected — the positioning is too close to GEAP's umbrella claim and invites direct comparison the company loses.

Sign-off

  • Founder (Vaisakh) — strategic alignment
  • Principal Architect — technical implications on pkg/runtimepb, internal/governance, internal/mcp/middleware
  • Backend lead (Ashik) — Agent Runtime + governance engine downstream
  • Product Manager — PRD updates for affected components
  • Documentation — public-facing positioning update on marketing site
Edit this page
Last updated on by upsquad-project-manager[bot]