Notes on the Twelve-Factor App, for the AI Age (Part 1)
Adam Wiggins wrote the Twelve-Factor App in 2011 for stateless web processes on a PaaS, and it held for over a decade. I recently sat down and re-read it in the era of AI coding agents and AI-native apps, and took notes along the way: which factors still hold, which bend under the new load, and a few concerns the original never had to name.
Why I wrote this: I kept seeing teams (mine included) apply the twelve factors to AI systems as if nothing changed, and other teams throw them out as if everything did. Neither felt right. Nothing here retires a 2011 factor. The environment around them changed, not their truth, and that seemed worth writing down carefully.
Premises
Two premises drive the notes:
- The author and operator of the software are increasingly non-human.
- Behavior is now defined outside the repository. The commit no longer determines the running app.
From there I walk through all twelve factors and end each one with concrete things to do, tagged by who can actually check them: a machine at build time, or a human via audit. Most safety properties of AI systems fall in the second bucket, and pretending otherwise is, in my opinion, the characteristic failure of this era.
Dated Notes
These notes are dated. Read them as of 2026. Every durable claim carries a falsifiable expiry trigger, because most current constraints won't age well, and I'd rather be checkable than right-sounding.
Full piece here: Notes on the Twelve-Factor App, for the AI Age (Part 1)
Part 2 will cover what the twelve don't govern at all: the input, the evaluator, the acting agent, per-call economics, and data lineage through a model call. If you disagree with any of the expiry triggers, that's exactly the feedback I'm hoping for.
Comments
No comments yet. Start the discussion.