The Router Smuggling Boundary
The reports treat the router as a policy engine. A router decides which adapter, model, memory, tool profile, or evaluator sees a request. That makes router behavior part of the safety boundary.
Router-created risk
A high-risk request routed to a hardened path may be refused, verified, or logged. The same request routed to a utility-focused path may receive a different policy surface. The risk is not only the model. It is the route-selection rule and the metadata that rule sees.
Manifest requirement
Composition manifests should record router version, route labels, routing features, fallback paths, confidence thresholds, and any human-overridden route. A model certificate without router identity is incomplete for routed systems.
Defensive posture
Treat semantic routing as policy enforcement, not simple traffic optimization. Router changes need review, canary release, disagreement monitoring, and rollback alongside model artifacts.