Insights
Essays on SAP BTP, enterprise AI architecture, agent-extension boundaries, Clean Core, S/4HANA extensibility, and post-go-live failure patterns where implementation success is not the same as architectural validity.
Where to start
New here
Start with Read by Situation. Pick the symptom your team recognizes before choosing a model or service page.
Already know the boundary
Use Read by Boundary if the problem is already clearly about identity, tenant, data, integration, lifecycle, execution, or authorization.
Evaluating Jiandong
Start with Core essays, About, and For Architecture Teams to assess builder-side experience, SAP BTP / Enterprise AI boundary judgment, and internal capability fit.
Read by Situation
Start from the symptom your team recognizes. The article path should lead to a boundary decision, not just more content.
If Postman works but Work Zone fails
Start with identity propagation, AppRouter, Work Zone, runtime surface, and integration boundary analysis.
If one tenant works but the next breaks
Treat the first successful tenant as insufficient proof. Look at tenant isolation, onboarding, routing, and lifecycle contracts.
If S/4 data is copied into HDI
The question is not whether the copy works. It is whether business truth, write authority, and lifecycle remain governed.
If RISE is approved but extension architecture remains unclear
RISE and Clean Core set direction. They do not prove the SAP BTP extension architecture is structurally safe to evolve.
If AI agents, workflows, and extensions blur responsibility
Classify truth, capability, process, execution, context, lifecycle, and accountability before the agent acts.
If the system runs but cannot evolve
Look at lifecycle, reconstructibility, ownership, and whether the architecture depends on manual repair to survive change.
Enterprise AI / Agent Architecture
Agent–Extension Boundary Model
A responsibility model for SAP agents, extensions, workflows, assistants, and core business systems.
Read →Agent, Extension, or Workflow?
A practical decision guide before enterprise AI creates responsibility drift.
Read →SAP AI Agent Security Is Not Just Identity
Why valid tokens are not enough when RAG, tools, workflows, and model context introduce new authorization boundaries.
Read →Why Autonomous Enterprise Cannot Be Model-Driven
The model can change, but enterprise behavior cannot drift without explicit lifecycle governance.
Read →Full essay: Agents Do Not Replace Extensions
The full A023 essay behind the Agent–Extension Boundary Model and responsibility taxonomy for SAP enterprise AI.
Read →Is This Agent Safe to Execute?
The Boundary Model for SAP enterprise agents in the age of trusted execution.
Read →Enterprise AI Responsibility Architecture
Why agent governance is not enough without truth, execution, lifecycle, and accountability boundaries.
Read →AI-Generated Extensions on SAP BTP
AI accelerates code generation, but boundary correctness still determines whether extensions remain stable by tenant, identity path, and lifecycle over time.
Read →Future topics: Agent Memory Is Not Business Truth; Agent Lifecycle Is Behavior Migration.
Core essays
Why BTP Projects Fail — The Boundary Model Every Architect Must Master
Introduces the Boundary Model and explains why failures surface at runtime boundaries months after go‑live.
Read →Why SAP BTP Identity Breaks Even When Everything Looks Correct
Identity propagation failures across layers despite correct configuration; where runtime context differs from design intent.
Read →Is This Agent Safe to Execute?
Enterprise agent readiness requires identity, tenant, data, integration, lifecycle, and execution boundaries before trusted action.
Read →Should This Be an SAP Agent, an Extension, or a Workflow?
A responsibility model for deciding when SAP enterprise AI work belongs in an agent, extension, workflow, assistant, automation, or core system.
Read →SAP AI Agent Security Is Not Just Identity
Enterprise agent security fails when valid identity tokens allow unauthorized business context to enter RAG, tools, workflows, and model reasoning paths.
Read →Tenant Boundary on SAP BTP
Multitenancy on SAP BTP is not a configuration choice; it is a tenant boundary contract that determines whether tenants can evolve together safely over time.
Read →Why Autonomous Enterprise Cannot Be Model-Driven
Autonomous Enterprise cannot be governed by model behavior alone; model upgrades need lifecycle boundaries so business execution remains stable while intelligence evolves.
Read →Read by Boundary
Identity
- Why SAP BTP Identity Breaks Even When Everything Looks Correct — Identity propagation failures across layers despite correct configuration; where runtime context differs from design intent.
Tenant
- Tenant Boundary on SAP BTP — Multitenancy on SAP BTP is not a configuration choice; it is a tenant boundary contract that determines whether tenants can evolve together safely over time.
- Inside SAP BTP — Multitenancy, CAP, Work Zone, S/4HANA Extensions, and AI — Builder-side analysis of multitenancy truth in BTP and why extensions must treat tenant boundaries as first-class architecture.
Data
- Why SAP BTP Data Boundaries Break — And Why Extensions Fail Long After They “Work” — Data ownership and integrity drift at runtime causes post–go-live failures that code fixes cannot resolve.
Integration
- The Integration Boundary — Integration jurisdiction at runtime differs from connectivity success; why governance must cross system edges.
Lifecycle
- Why Autonomous Enterprise Cannot Be Model-Driven — Autonomous Enterprise cannot be governed by model behavior alone; model upgrades need lifecycle boundaries so business execution remains stable while intelligence evolves.
- The Stability Window of BTP Extensions — Long‑term survivability depends on lifecycle boundary design, not just initial correctness.
Execution
- Is This Agent Safe to Execute? — Enterprise agent readiness requires identity, tenant, data, integration, lifecycle, and execution boundaries before trusted action.
Responsibility
- Should This Be an SAP Agent, an Extension, or a Workflow? — A responsibility model for deciding when SAP enterprise AI work belongs in an agent, extension, workflow, assistant, automation, or core system.
Authorization
- SAP AI Agent Security Is Not Just Identity — Enterprise agent security fails when valid identity tokens allow unauthorized business context to enter RAG, tools, workflows, and model reasoning paths.
Clean Core / Governance / Long-Term Architecture
Not every failure pattern is a bug
Many recurring SAP BTP extension failures are boundary and jurisdiction failures. Use the patterns to recognize the situation, then move to a decision.
See failure patterns → · Implementation vs verdict → · SAP BTP Architecture Review → · SAP BTP Extension Audit →
Prefer concrete, recognizable situations?
See Representative Cases — anonymized post‑go‑live cases that connect the model to live system reality.
Read by role
- CIO / CTO → Architecture Review · Strategic Boundary Verdict · Verdict Authority
- Lead Architect → Identity · Tenant · Data · Integration · Lifecycle
- Program Leadership → Full Boundary Audit · Ownership / jurisdiction map
- Security Architect → Identity propagation · Trust boundaries · Security hardening
- Integration Lead → Integration Boundary · Cross-system contracts
Full archive
- Why Autonomous Enterprise Cannot Be Model-Driven — 2026-06-17 The Model Upgrade Boundary
- Tenant Boundary on SAP BTP — 2026-06-10 Why Multitenancy Is a Contract, Not a Configuration
- SAP AI Agent Security Is Not Just Identity — 2026-06-04 Why Tokens, RAG, Tools, and Workflows Need New Authorization Boundaries
- Should This Be an SAP Agent, an Extension, or a Workflow? — 2026-05-27 A Responsibility Model for SAP Enterprise AI
- Is This Agent Safe to Execute? — 2026-05-14 The Boundary Model for SAP Enterprise Agents in the Age of Trusted Execution
- RISE Does Not Decide Your SAP BTP Extension Architecture — 2026-05-04 Why Clean Core Still Requires Architectural Judgment
- When a SAP BTP Extension Problem Stops Being a Delivery Problem — 2026-04-14 And Becomes an Architecture Judgment Problem
- Clean Core: The Architectural Reason SAP Never Fully Explained — 2026-03-24 Why Clean Core Is Not About Cost, Upgrades, or Best Practices — But About the Structural Survival of Enterprise Systems
- The Stability Window of BTP Extensions — 2026-03-03 Why Lifecycle Architecture Determines Long‑Term Success
- The Integration Boundary — 2026-02-03 Why Connectivity Is Not Integration
- Why SAP BTP Identity Breaks Even When Everything Looks Correct — 2026-01-20 Identity propagation failures across layers despite correct configuration; where runtime context differs from design intent.
- When CAP Forgets Its Boundaries - An Architect’s View from the Builder Side — 2026-01-08 CAP projects often pass unit and contract tests yet fail at runtime boundaries — identity propagation, tenant routing, and integration jurisdiction.
- AI-Generated Extensions on SAP BTP — 2025-12-15 AI accelerates code generation, but boundary correctness still determines whether extensions remain stable by tenant, identity path, and lifecycle over time.
- Why SAP BTP Data Boundaries Break — And Why Extensions Fail Long After They “Work” — 2025-12-09 Data ownership and integrity drift at runtime causes post–go-live failures that code fixes cannot resolve.
- Why BTP Projects Fail — The Boundary Model Every Architect Must Master — 2025-12-02 Introduces the Boundary Model and explains why failures surface at runtime boundaries months after go‑live.
- Why Even Single-Customer S/4 Extensions Must Use Multitenancy on BTP — 2025-11-28 Architectural Truth from the Builder Side
- Inside SAP BTP — Multitenancy, CAP, Work Zone, S/4HANA Extensions, and AI — 2025-11-25 An architect’s view from the builder side