Library
The Christensen Engine Has No Twin — But It Has Relatives in Surprising Places · 8 of 12
The Christensen Engine Has No Twin — But It Has Relatives in Surprising Places
technology CRITICAL

LLM Constraint Patterns

The Christensen Engine Has No Twin — But It Has Relatives in Surprising Places

Key Principle

Constrain the LLM's role from open-ended generation to classification and extraction. Three patterns enforce this: (1) the "Evaluates But Never Generates" principle — the system assesses and classifies but never generates original domain content; (2) the Fixed Command Grammar — a finite set of commands the LLM can output; (3) the "Available When" pattern — remove tools from the LLM's visibility rather than instructing it not to use them.

"Define a fixed, finite set of commands that the LLM can output — this is your contract between the non-deterministic LLM layer and the deterministic execution layer." (p. 3, chunk 004)

Why This Matters

LLMs hallucinate. In safety-critical domains, a single hallucinated recommendation creates catastrophic risk. By constraining the LLM to evaluation (classification, intent detection, sentiment analysis) and sourcing all domain content from expert-authored or rule-derived stores, you eliminate the entire category of hallucination risk in outputs that matter most. Teams that let the LLM generate domain content discovered they could not validate outputs at scale.

The Fixed Command Grammar transforms the LLM's job into something "much more reliable and fine-tunable with smaller models." (p. 4, chunk 004) You eliminate entire categories of failure modes by constraint, not by instruction.

Good Examples

  • Rasa CALM's Command Grammar: StartFlow("name"), SetSlot("key", value), CancelFlow(), SkipQuestion(), Clarify(["a","b"]), ChitChat(), HumanHandoff(). The LLM can ONLY output these commands — no arbitrary text, no arbitrary actions. (p. 3, chunk 004)

  • Equivalent commands for custom systems: AdvanceToState("state_name"), SetVariable("key", value), RequestClarification(), TriggerKillSignal(), LoopBackTo("state_name"), CannotHandle(). (pp. 3-4, chunk 004)

  • Salesforce "Available When": Conditions completely remove tools from the LLM's visibility when not met — "not just discouraged, but invisible." In a pre-verification state, only identity-verification tools appear. Post-verification, transaction tools become visible. (pp. 4-5, chunk 004)

Counterpoints

  • Instruction Bloat: The fundamental anti-pattern. Salesforce: "When customers try to control agent behavior through detailed instructions, it often results in agents not responding correctly." (p. 4, chunk 004) Instruction-based prohibition relies on the LLM correctly following a negative instruction every time. Prompt-level removal makes the prohibited action literally impossible.

  • The LLM Eagerness Problem: LLMs are trained to be helpful, which means resolving the user's problem — but in guided discovery, the user must reach the insight themselves. Woebot found the LLM skipped therapeutic exercises by providing the answer directly. (p. 3, chunk 003)

  • Chain-of-Thought abandoned (Salesforce): Prior Einstein Copilot used CoT reasoning but errors propagated through the chain irreparably. Replaced with 8-12 specialized language models per query. (p. 4, chunk 004)

Key Quotes

"don't tell the LLM not to use a tool — remove the tool from its prompt entirely" (p. 5, chunk 004)

"When customers try to control agent behavior through detailed instructions, it often results in agents not responding correctly." (p. 4, chunk 004) — Salesforce

"the main driver of improved outcomes was collecting clinically relevant information ahead of the human assessment — not the AI's therapeutic capability." (p. 1, chunk 004) — Limbic

Rules of Thumb

  • Use a fixed command grammar: the LLM classifies, it doesn't create.
  • Remove tools from visibility rather than prohibiting them in instructions.
  • The LLM should never see the full state graph — show only the current state's instructions and available transitions.
  • Separate deterministic-run actions (required validations) from LLM-tool actions (user-initiated, optional).
  • If you're writing longer instructions to fix LLM behavior, you're going the wrong direction. Extract the logic into the state machine.

Related References