Foundational paper

Non-invasive change at runtime

Not every urgent requirement belongs inside the application. Some change is safer, faster and more reversible when it is programmed around the live interaction.

Context

Why this paper exists

TomorrowX explored runtime change because enterprises face a structural mismatch: core systems are planned and released over long horizons, while cyber threats, regulation, customer expectations and operational incidents arrive continuously. The research sought a disciplined way to respond without bypassing governance and without touching the systems whose stability had to be protected.

Why internal application change is expensive

A mature application is more than its source code. It includes data structures, infrastructure dependencies, operating procedures, security controls, test suites, release calendars and people with specialised knowledge. A seemingly small functional change can therefore trigger a full chain of analysis and assurance.

That cost is justified when the system’s internal responsibility must change. It is wasteful when the required outcome concerns only the interaction entering or leaving the system. Yet many organisations have no recognised alternative, so every requirement becomes an application release.

The result is predictable: long queues, high coordination cost, growing repair work and a widening gap between operational need and delivery capacity.

Urgent demand does not respect the release plan

A new vulnerability may require immediate sanitisation. A regulator may change how information is exposed. A migration may need temporary dual-run logic. An AI initiative may need controlled access to a legacy action. These requirements are time-sensitive and often cross several systems.

The annual plan and the application backlog were not designed to absorb every unplanned demand. Adding more emergency releases weakens the stability those processes were created to protect.

The architectural question is not how to make every release urgent. It is how to create a governed place for urgent change that does not require an invasive release.

Two Ways To Introduce ChangeApplication change and interaction change are both legitimate. They carry different scopes, risks and lifecycles.
TWO WAYS TO INTRODUCE CHANGE
CHANGE THE APPLICATION
Code, rebuild, regression test and release
CHANGE THE INTERACTION
Define, mediate, prove, deploy and observe
REVERSIBLE OUTCOME
Adjust or remove without touching the application
NON-INVASIVE DOES NOT MEAN UNGOVERNED. IT MEANS A DIFFERENT UNIT OF CHANGE.
Application change and interaction change are both legitimate. They carry different scopes, risks and lifecycles.

What non-invasive means

Non-invasive change preserves the internals of the systems on either side. A Programmable Data Agent is deployed in the data path, understands the relevant protocol and programs the required behaviour against the interaction.

The mediated solution may validate, transform, route, hold, enrich, compare or block data. It can invoke deterministic logic, probabilistic intelligence, services and models. To the surrounding users and systems, the visible behaviour changes. The original application remains on its existing release and support path.

Non-invasive does not imply invisible or informal. The mediation is an explicit software asset with ownership, versioning, deployment constraints and operational evidence.

Runtime does not mean uncontrolled

Speed without control merely relocates risk. A runtime solution must retain the same classes of concern expected of enterprise software: security, performance, resilience, availability, location, testing, audit and support.

TomorrowX treats functional and non-functional requirements as connected parts of the solution. Functional behaviour is programmed in the Editor. Non-functional requirements are selected, bound and deployed through the Console. Probes and telemetry observe the result after go-live.

This creates a lifecycle tailored to mediated change rather than an exemption from lifecycle discipline.

Reversibility changes the economics of decision-making

Internal changes can create dependencies that are difficult to unwind. A mediated intervention can be enabled for a bounded population, shadowed, measured, progressively expanded or removed. The surrounding estate does not need to be permanently redesigned before the outcome is known.

This supports safer experimentation and faster incident response. It also makes proof more meaningful: the organisation can validate behaviour under real operating conditions while preserving a controlled route back.

Reversibility is not the absence of commitment. It is the ability to make commitment proportionate to evidence.

Where runtime mediation fits best

Strong candidates share one or more characteristics:

  • the requirement concerns data crossing a known boundary
  • the underlying system is difficult, costly or unsafe to change
  • the control must apply before an interaction completes
  • multiple technology generations need a consistent outcome
  • the change may be transitional, conditional or reversible
  • evidence must be retained across the complete data journey

Examples include legacy MFA, zero-day controls, format and protocol transformation, migration shadowing, sovereign data movement and governed AI access.

Where deep internal state or fundamental system responsibility must change, the application lifecycle remains appropriate. Data Mediation is an alternative unit of delivery, not a universal excuse to avoid sound engineering.

Next in Interoperability and change · Step 4 of 4

Change the environment around the system

Apply contemporary capability around a system that still performs its original role.

Read the next paper