Back to Architecture
Protection Layer

Safety Architecture

Defense-in-depth protection with six layers ensuring agents operate safely within defined boundaries.

Six Protection Layers

Circuit Breaker Protocol

Last-line defense against irreversible mistakes. Blocks all IRREVERSIBLE actions until approved.

Reversibility Assessment

Evaluates actions as IRREVERSIBLE (blocked), PARTIALLY_REVERSIBLE (approval needed), or FULLY_REVERSIBLE (proceed).

Impact Assessment

Data loss risk, security impact, system availability, recovery plan validation.

Bounded Autonomy

Tier-based capability restrictions. Tier 1 (full RIGOR), Tier 2 (R+I+G), Tier 3 (Research+Inspect only).

Human Approval Workflows

ACMF mode-based and risk-level-based approval requirements with 24-hour timeouts.

Audit Trail & Compliance

Universal audit logging for EU AI Act compliance. Every action logged with decision reasoning.

Reversibility Assessment

IRREVERSIBLEAlways blocked
Examples: Data deletion, production secrets exposure
PARTIALLY_REVERSIBLERequires approval
Examples: Schema changes, config updates
FULLY_REVERSIBLEProceed (subject to other controls)
Examples: Log queries, read operations

Circuit Breaker Protocol

// Circuit Breaker States
type CircuitState string

const (
    CircuitClosed   CircuitState = "closed"    // Normal operation
    CircuitOpen     CircuitState = "open"      // Blocking all requests
    CircuitHalfOpen CircuitState = "half_open" // Testing recovery
)

// Circuit Breaker Configuration
type CircuitBreaker struct {
    Name             string
    State            CircuitState
    FailureCount     int
    SuccessCount     int
    FailureThreshold int           // 5 failures to open
    SuccessThreshold int           // 3 successes to close
    Timeout          time.Duration // Time before testing recovery
    LastFailure      time.Time
    OnStateChange    func(from, to CircuitState)
}

// Cascade Protection
// If service A fails → Circuit opens → Service B protected
// After timeout → Half-open → Test recovery
// Success → Close circuit → Normal operation

Bounded Autonomy Tiers

TierRIGOR PhasesCapabilities
Tier 1 (Full)R + I + G + O + RSelf-Healing, Self-Deploying, Self-Protecting
Tier 2 (Basic)R + I + GSelf-Scaling, Self-Optimizing, Self-Diagnosing + 9 more
Tier 3 (Safety)R + ISelf-Monitoring, Code Analysis, Compliance + 9 more
ACMF Maturity Model Architecture Overview