๐๏ธHardSystem Design
AI Lab System Design Interview
Design AI lab systems with clear goals, scale math, APIs, data models, overload behavior, permissions, eval gates, and operational debugging paths.
9 min read
Learning path
Step 153 of 155 in the full curriculum
AI Lab System Design Interview
AI lab system design rounds test whether you can turn ambiguous model-product requirements into a reliable backend. The winning answer is rarely the most complex architecture. It is the design that names the product goal, sizes the hard constraint, then adds queues, caches, model routing, evals, permissions, or human review only where requirements force them.
Use ecommerce, delivery, and customer-support examples when you need a concrete neutral domain: order lookup, shipment tracking, returns support, catalog search, and internal agent workflows have real latency, privacy, and support-debug constraints.
The design round script
Open with:
I will keep the first design simple, size the constraints early, then add queues, caches, sharding, model routing, or eval gates only when the requirement forces them.
Then follow this order:
- Goal: who uses it and what success means.
- Requirements: functional and non-functional.
- Scale: QPS, tokens, tenants, documents, latency, retention.
- API: external contract and important internal interfaces.
- Data model: entities, indexes, isolation, retention.
- Architecture: simplest request path first.
- Reliability: retries, idempotency, backpressure, overload, failover.
- Safety/security: permissions, audit, abuse controls, rollback.
- Observability: metrics, logs, traces, support views.
- Rollout: beta gates, canaries, eval gates, kill switches.
Prompt bank
| Prompt | Core design pressure | Common miss |
|---|---|---|
| Scalable web crawler | frontier, politeness, dedupe, retry policy | ignoring per-host backpressure |
| Model API gateway | keys, workspaces, rate limits, request IDs, model routing | no support/debug path |
| Inference scheduler | queueing, batching, latency, fairness, overload | optimizing throughput before latency SLO |
| Long-running coding agents | durable tasks, tools, checkpoints, permissions | unclear recovery and cancellation |
| Permission-aware retrieval | ACLs, freshness, deletion, tenant isolation | retrieving first and filtering later |
| Evaluation/safety monitor | offline evals, incidents, red teams, launch gates | treating eval as a dashboard only |
Drill 1: API gateway and rate-control plane
The gateway is the front door. It authenticates API keys, resolves workspace and organization limits, estimates request cost, routes to a model or queue, and emits a request ID that support can follow.
Design checklist:
- API keys map to workspace and organization.
- Limits apply across requests/minute, tokens/minute, model, and tier.
- Request IDs appear in responses and logs.
- Overload returns useful
429or degraded fallback, not silent queue growth. - Beta features are gated by explicit version or feature flags.
- Rollout has canaries, kill switches, and regression checks.
Use Python to sanity-check rate math before drawing capacity boxes:
gateway-token-budget.py
1requests_per_minute = 4_000
2avg_input_tokens = 1_200
3avg_output_tokens = 450
4tokens_per_minute = requests_per_minute * (avg_input_tokens + avg_output_tokens)
5tokens_per_second = tokens_per_minute / 60
6
7print("tokens_per_minute:", tokens_per_minute)
8print("tokens_per_second:", round(tokens_per_second))Output
1tokens_per_minute: 6600000
2tokens_per_second: 110000Drill 2: inference scheduler
For LLM serving, the scheduler is where latency, cost, and fairness meet. Production serving systems use request scheduling and in-flight batching to balance throughput and latency under GPU memory constraints.[1] Mention these metrics:
- Time to first token.
- Tokens per second.
- Queue wait time.
- p95 and p99 end-to-end latency.
- GPU utilization.
- Error rate and overload rejections.
- Cost per successful request.
Drill 3: permission-aware retrieval
For enterprise retrieval, the critical rule is: do not retrieve private data and filter it after generation. Permission constraints must be part of candidate selection, ranking, and auditing.
Architecture pieces:
- Connector ingestion workers with backpressure.
- Per-document ACLs or delegated auth checks.
- Tenant-isolated indexes or strict metadata filters.
- Hybrid retrieval plus reranking.
- Citation output with source IDs.
- Deletion and retention jobs.
- Offline evals for recall and answer faithfulness.
- Support traces that show which documents were eligible.
Drill 4: long-running coding agents
Long-running agent infrastructure has to persist intent, tool calls, artifacts, checkpoints, logs, and permissions. The main design risk is not just failed execution. It is uncontrolled execution.
Cover:
- Task states: queued, running, blocked, failed, canceled, complete.
- Checkpoints for resumability.
- Tool permission scopes and audit logs.
- Secret redaction.
- Git branch and conflict handling.
- Streaming progress.
- Cancellation and deadlines.
- Evals for task success and regression.
Failure modes to avoid
- Starting with implementation technology before naming user value.
- Caching without invalidation, privacy, or freshness.
- Monitoring without exact metrics.
- Ignoring overload and support/debug needs.
- Treating safety as a slogan instead of evals, permissions, staged rollout, and rollback.
- Forgetting that agent systems need reversible actions and audit trails.
Mastery checklist
- Design an API gateway with request IDs, workspaces, rate limits, beta gates, and overload behavior.
- Design an inference scheduler with queue metrics, batching, fairness, and 429 behavior.
- Design a permission-aware retrieval system with ACLs, deletion, citations, and evals.
- Design long-running coding-agent infrastructure with durable state, permissions, logs, and cancellation.
- Design an evaluation monitor that turns incidents into regression tests and launch gates.