Every guarantee below is a platform-level mechanism, not a policy document. They exist whether or not an operator remembers them.
Append-only event ledger with a propagating trace_id on every cognitive step. Reconstruct what happened, who decided, which rule version ran, and what evidence was used.
Past work remains re-runnable on the exact forms, agents, and rules that were live when it opened. Mid-flight changes do not rewrite running workloads.
Every agent operates within an operations-set ceiling. The engine enforces it, the agent cannot self-promote, and every promotion is logged.
Every action routes to a human reviewer before execution. No agent ships without this first.
Routine actions execute; flagged or low-confidence outputs halt for human sign-off. Most agents operate here.
Reserved for mechanical tasks only. Scoped workflows; never PHI, never pricing, never signed outputs.
Agent execution is a deterministic pipeline. AI is one bounded step with typed input and output; validation, MCP calls, schema checks, and routing remain explicit.
One action pauses every agent, queue, and outbound message across a workspace. A halted workspace resumes only on explicit operator release.
Process managers adjust graphs, prompts, autonomy, and MCP scopes in conversation. Every change is versioned; engineering owns the engine, not the ops logic.
We’ll walk through a redacted trace, toggle an autonomy ceiling, and show the emergency brake halting every active queue.