Reverse Pyramid Model
What is the "reverse pyramid model" in architecture
The reverse pyramid model is a way of designing systems and protocols in which the most important and least necessary information/functionality is transmitted first and guaranteed, and less critical details are added progressively and optionally. The term borrows an idea from journalism (the main thing is at first), but is adapted to engineering tasks: the critical path works under any conditions, everything else is "layers of enrichment."
Intuitive picture: The narrow top on top is the "minimum warranty contract" (MGC), below are extensions, optimizations and rich features that the system applies if there are resources/compatibility.
Where it applies
Network protocols and APIs: REST/gRPC/GraphQL, webhooks, event brokers.
Streaming channels: WebSocket, SSE, Kafka/NATS, RTC.
Service architecture: critical path vs. side effects (audit, analytics, cache warming).
Mobile/web clients: first "skeleton" UI and key data, then lazy loading of media and recommendations.
Payment and risk chains: authorization/reservation - in priority; anti-fraud/analysis - asynchronous, with deadlines.
Observability: always log/minimum level metric; trace/profiling - by sampling.
Model principles
1. Minimum Warranty Contract (MGC)
A set of fields and operations without which the script does not make sense. It is stable, backward-compatible and passes first.
2. Progressive enrichment
Additional fields/functions are delivered as optional extensions (capabilities/feature flags/Negotiation).
3. Degradation without failure
When overloaded or partially unavailable, the system discards the optional layers, keeping the MGC operational.
4. Explicit prioritization and SLAs
Each layer has its own SLO (latency, availability), queues and classes of service (QoS).
5. Additive evolution of circuits
New fields are added as nullable/optional, do not break clients; hard changes - only through the new version.
6. Observability by layer
Metrics and logs are marked by criticality: 'core.', 'enh.', 'batch.' To see what the system sacrifices under load.
Comparison with the "classic" layer pyramid
Classical architecture (bottoms - base, tops - UI) emphasizes dependencies.
The reverse pyramid emphasizes the importance and order of delivery: first "core," then "nice-to-have."
Model Protocol Design
1) REST/HTTP
MGC: minimum resource/endpoint and required fields.
Extensions:- Content negation ('Accept', 'Prefer'),
- Parameters'? include = '/'? fields = 'for selective granularity,
- Links to "heavy" attachments (pre-signed URLs) instead of inline.
- Degradation: when timeout, give MGC without nested collections; 206 Partial Content for large bodies
- Versioning: additive fields without changing old contracts; major version only for breaking changes.
2) gRPC
proto: new'optional 'fields with secure tag numbering; do not reuse deleted tags.
Server-side deadlines and per-method QoS (critical RPCs over priority).
Streaming: first messages - headers/totals, then detailing by chunks.
3) Event buses (Kafka/NATS)
Event-core: 'event _ type', 'id', 'occurred _ at', minimal business fields.
Enrichment: we take out in outbox/CDC and individual topics' -enriched '.
Sum up first, details later: consumers can complete the business process by core, and details are loaded asynchronously.
Patterns that fit well with the reverse pyramid
Critical Path First: Separate synchronous "mandatory" from asynchronous side effects.
Write-ahead/Outbox: record the fact of the event, the rest is background delivery.
Lazy & Incremental Fetch: pagination, cursors, 'If-Modified-Since '/ETag.
Capabilities Discovery - Server/Client explicitly communicate which extensions support.
Backpressure & Budgets: deadlines, CPU/IO limits per layer; cancellation of secondary tasks under load.
SLO-Scoped Caching: we cache the "core" more aggressively, enrichment - shorter/thinner.
Implementation algorithm
1. Scenario mapping: Write down User Journey and highlight the "moment of value."
2. Define MGC: minimum fields/operations to achieve value.
3. Divide into layers: 'core', 'extended', 'analytics/batch'.
4. Set SLO/SLA and QoS for each layer.
5. Design degradation: what do we discard at N% failure/p95 growth?
6. Evolution of schemes: version policy, additive-first.
7. Observability: layer tags in metrics/logs/tracks, alerts on "core."
8. Testing: chaos-engineering and fault-injection by layer.
9. Launch and feedback: turn on extensions on the ficheflags and roll out on the canary.
Metrics and SLO by layer
Core: p95/p99 latency, percentage of successful critical operations, fault tolerance during degradation.
Extended: percentage of enriched responses, average loading time.
Batch/Analytics: lag from real time, the proportion of processed events per window.
Business metrics: conversion to the "point of value" at vs. overload is normal.
Anti-patterns
"Everything is core": extensions become mandatory, degradation becomes impossible.
Breaking MGC changes without a new major version.
Hidden fragility: the critical path relies on external "secondary" dependencies (for example, synchronous anti-fraud call).
Implicit extensions: Clients do not know what can be enabled/disabled.
Lack of observability: the system "silently" degrades, and you do not see where.
Examples
A. User Profile (REST)
MGC: `id`, `display_name`, `avatar_url`, `tier`.
Extensions: 'badges []', 'social _ links []', 'recent _ activity []' by '? include ='.
Degradation: when timeout, give MGC and links to shared resources (HATEOAS/URLs).
B. Payment Authorization
MGC: authorization result (approved/declined), 'transaction _ id', 'amount', 'currency'.
Extensions: 3DS telemetry, risk rate, geo, partner attribution - asynchronous by the event'payment. authorized`.
Degradation: if analytics fails, payment goes, and audit/scoring catches up.
B. Stream Quotes
MGC: The latest price "snapshot."
Extensions: glass depth, aggregated indicators - stream after snapshot.
Degradation: under load, the frequency of extension updates drops, but the snapshot is stable.
Versioning and evolution
Additional-first: new fields' optional/nullable ', old ones remain.
Semantic Versions: 'v1' for kernel; 'v1. x '- extensions;' v2 '- when the MGC changes.
Contracts in code: JSON Schema/Protobuf + CI validation of "non-breaking" diffuses.
Safety and compliance
MGC signed/authenticated: the minimum set of fields has cryptographic integrity.
Least Privilege: access to enrichment by individual scopes.
PII/financial data: take-out in extensions, key separation and TTL.
Observability and debugging
Metric prefixes: 'core. request. duration`, `enh. attach. load_time`, `batch. lag`.
Sampling: 100% logs for core errors; sample extensions.
Feature flags telemetry: you can see which extensions are enabled for which customers.
Implementation checklist (short)
- MGC defined and documented.
- Extensions are declared via capabilities/flags.
- Configured SLO/QoS/queues by layer.
- Degradation tested by chaos tests.
- The evolution of schemes is only additive without "breaks."
- Metrics/trails/logs are layered.
- Documentation for customers to enable extensions.
FAQ
Does the reverse pyramid replace layered architecture?
No, it isn't. This is an orthogonal principle: how to deliver and prioritize functionality over familiar layers.
When not to apply?
In offline packages, where partial delivery is meaningless (crypto protocols with atomicity), or when all fields are equally critical.
What is different from graceful degradation?
The reverse pyramid initially projects the minimum sufficient contract and its priorities, and does not try to save the already overloaded system "after the fact."
Result
The reverse pyramid model helps architecture and protocols remain useful under any load: the main thing is first and for sure; the rest if possible. This increases the availability of the critical path, speeds up the display of features and simplifies evolution without breakdowns.