References

Theoretical foundations.

The primary references that directly informed the design of CIRK and DD6.

Primary references

Huyen, C. (2025). AI Engineering. O'Reilly Media. +
  • Compound mistakes (p.278): agent accuracy drops exponentially with steps (95% per step → 60% over 10). Justifies DD6's proportional discovery.
  • Agent failure modes (pp.298–300): wrong tool, wrong plan, compound errors. CIRK dimensions map directly to these categories.
  • Guardrails architecture (pp.451–455): input/output guardrails as standard AI engineering pattern.
  • Model router (pp.456–460): routing by complexity. CIRK's model tier mapping implements this pattern.
Snowden, D.J. — Cynefin Framework (2007, 2021) +
  • Four complexity domains (Clear, Complicated, Complex, Chaotic) with domain-appropriate response strategies.
  • DD6's depth mapping (Skip, Shallow, Standard, Deep, Emergency) adapts Cynefin's domains for AI-assisted software discovery.
  • Core principle: you must understand the domain before choosing a response.
OWASP Agentic AI Top 10 (December 2025) +
  • First formal taxonomy of risks specific to autonomous AI agents: goal hijacking, tool misuse, identity abuse, supply chain risks.
  • CIRK's K (Integration Risk) and R (Review) map directly to several of these categories.
  • DD6's discovery process helps prevent goal hijacking by clarifying intent before execution.
NIST AI Risk Management Framework 1.0 (January 2023) +
  • Four functions: Govern, Map, Measure, Manage.
  • DD6 operates in the "Map" function (understanding the problem space).
  • CIRK operates in the "Measure" function (quantifying execution risk).
  • Together they span two of the four NIST functions.
EU AI Act (2024) — high-risk obligations effective August 2026 +
  • First enforceable, risk-based AI regulatory regime requiring documentation, monitoring, traceability, and human oversight.
  • DD6's discovery audit trail provides traceability.
  • CIRK's R3 and K3 scores can trigger compliance review requirements.
Singapore Model AI Governance Framework — Agentic AI (IMDA, January 2026) +
  • Government framework: risk bounding upfront, human accountability, transparency, ecosystem trust.
  • DD6 aligns with "risk bounding upfront" — classifying the problem before agents act.
  • CIRK aligns with "human accountability" — defining when humans must review agent output.
McKinsey 2026 AI Trust Maturity Survey (March 2026) +
  • ~500 organizations: only 30% report governance maturity ≥ 3. 64% of large companies reported losses > $1M from AI system failures.
  • Establishes the business case for governance standards like DD6 and CIRK.

Related work

Torres, T. (2021). Continuous Discovery Habits. Product Talk. +
  • Cadence-based discovery with hypothesis tracking and Opportunity Solution Trees.
  • Influences DD6's structured session phases and proportional discovery principle.
Evans, E. (2003). Domain-Driven Design. Addison-Wesley. +
  • Bounded Contexts and Event Storming as discovery techniques for complex domains.
  • DD6's Domain depth (D) and Boundary clarity (B) dimensions address DDD's concern about understanding domain boundaries.
Stacey, R.D. (1996). Strategic Management and Organisational Dynamics. +
  • The Stacey Matrix (Agreement × Certainty) for classifying organizational problems.
  • DD6's two-axis nature draws conceptual inspiration from assessing agreement and certainty independently.
Microsoft Agent Governance Toolkit (April 2026) +
  • Open-source runtime security governance for AI agents.
  • Validates that execution governance (CIRK) and pre-execution classification (DD6) are recognized industry needs.
ISO/IEC 42001:2023 — AI Management Systems +
  • First certifiable AI management system standard with 38 controls.
  • DD6 and CIRK provide the operational layer ISO 42001 requires at the process level.
Adzic, G. (2011, 2012). Specification by Example & Impact Mapping. +
  • Examples as specifications and WHY→WHO→HOW→WHAT structure for connecting goals to deliverables.
  • DD6's Testability (T) and discovery template phases draw from these approaches.
Richardson, C. (2026). "Why GenAI-based coding agents are a complex domain in Cynefin." +
  • AI coding agents are inherently complex — consequences only visible through testing.
  • Validates DD6's premise that problem classification must precede agent execution.
Bühler (2024), Yawson & Goryunova (2025), Cascio (2020), INCOSE (2025), Emerald (2022) +
  • AI Bubbles, Nested Complexity, BANI framework, Pleko framework, VUCA systematic review.
  • Collectively validate multi-dimensional complexity classification and domain-specific adaptations of sense-making frameworks.

The references below (Related Work section) were identified and mapped with the assistance of AI research. They inform or validate the model and are cited for context, not as endorsement of having read each in full.

Related standards

CIRK

Execution classification model. 4 dimensions (C, I, R, K). Score range 4–12.

 DD6

Deep discovery classification model. 6 dimensions (I, D, S, T, P, B). Score range 6–18.
Understand the problem before the agent touches it.