HomeKill Switch Flow

Agentic AI Safety

Kill Switch Flow

For high-impact agent actions, verification must be external, decision-time, and rapidly revocable.

No Stamp → No Execute

This page defines machine-checkable, fail-closed enforcement semantics suitable for technical implementation and MSA/SOW reference.

Not a certification. Scope-limited verification.

Enforceable Gate Path

The 4-Step Enforcement

Action attempts

Agent triggers a gated action.

The Gate MUST intercept before execution.

Gate verifies

Status Link is checked against the Official Verifier.

Verification MUST occur at moment of action.

VALID → proceed

Proceed only when all reliance conditions pass.

Execution MUST remain within scope boundaries.

NOT VALID → block or escalate

Stop reliance immediately.

Log decision and reason_code.

MUST, MUST NOT, SHOULD, MAY = mandatory guidance for implementation and audit testing.

The Reliance Rule

Rely on a Stamp if and only if ALL conditions are true:

status == VALID

scope + scope_hash match

expires_at > now

host == official_verifier

authenticated + integrity-checked

verified_at within freshness policy

All other cases: BLOCK or ESCALATE. Default when uncertain: BLOCK.

Status Definitions

Machine-readable state semantics

VALID

Current, in scope, not revoked, not expired.

Proceed within scope only.

NEEDS_REFRESH

Attestation requires re-verification.

Block or escalate until VALID.

WITHDRAWN

Revoked at source.

Immediate stop-rely and block.

EXPIRED

expires_at has passed.

Block and trigger refresh flow.

NOT_VERIFIED

Verification failed or could not be performed.

Block or escalate; treat as invalid.

Enforcement note: NEEDS_REFRESH is non-reliance state for gating.

Gate Decision Object

Contract-grade verification response

gate-decision.json

{
  "stamp_id": "GP-2026-0142-XK9",
  "status": "VALID",
  "scope": "tool_execution:high_impact",
  "scope_hash": "sha256:9f86d08...",
  "expires_at": "2026-06-15T00:00:00Z",
  "verified_at": "2026-01-19T14:32:07Z",
  "signer": "policy_signer_v3",
  "version": "1.2",
  "verify_url": "https://verify.goodproof.mindchill.ai/GP-2026-0142-XK9",
  "official_verifier": "verify.goodproof.mindchill.ai",
  "request_id": "req-abc123..."
}

Official verifier: verify.goodproof.mindchill.ai

Anti-Spoof Requirements

Systems MUST enforce all of the following

Domain allowlist

verify_url host MUST exactly match official_verifier.

HTTPS only

TLS certificate validation mandatory; no insecure overrides.

No redirects

No redirect following, no HTTP fallback.

Mismatch handling

Domain/TLS/redirect/correlation issues => NOT_VERIFIED.

Fail-Closed Semantics

Verification fails → NOT_VERIFIED → block or escalate

Network unreachable

Request timeout (default: 5s)

Invalid/malformed response

Authentication or integrity failure

TLS/certificate failure

Domain mismatch

HTTP 4xx/5xx

Redirect received

Missing request correlation

ESCALATE means deny execution pending approved human or secondary control. If escalation path is unavailable: BLOCK. No silent failures. Every Gate Decision is logged.

TOCTOU & Caching Rules

Time-of-check, time-of-use semantics

MUST verify at moment of action

MUST NOT rely on cached VALID beyond TTL

Highest assurance: verify-per-action

TTL is buyer-configurable

Freshness, Replay & Clock Skew

•max_clock_skew applies to verified_at
•Response MUST correlate to request via request_id
•Missing/reused correlation → NOT_VERIFIED

Webhooks

Status change events for your orchestration layer

NEEDS REFRESH

NEEDS_REFRESH event

Trigger re-verification. Do not rely until status returns to VALID.

WITHDRAWN

WITHDRAWN event

Trigger immediate stop-rely across all integrated systems.

Webhooks accelerate enforcement. The source of truth remains the live verification check.

Evidence & Audit Trail

Every gate decision MUST produce auditable evidence

stamp_id

action_class

decision

status

verified_at

expires_at

verifier_domain

latency_ms

request_id

reason_code

failure_mode

•Retention is buyer-configurable
•Logs MUST be tamper-protected (append-only, access controls, integrity monitoring)
•Evidence SHOULD be exportable for underwriting and incident review

Implementation Checklist

Buyers MUST implement all to comply with the Reliance Rule

Verify status == VALID before every gated action

Validate scope and scope_hash match expected action class

Confirm expires_at > now at time of check

Enforce verify_url host matches official_verifier exactly

Require HTTPS with valid TLS; forbid redirects and HTTP

Authenticate and integrity-check verifier responses

Treat all error cases as NOT_VERIFIED (fail-closed)

Log all required audit fields per decision

Subscribe to WITHDRAWN and NEEDS_REFRESH webhooks

Configure TTL policy (or verify-per-action)

Test fail-closed under network/TLS/auth/domain failures

Out of Scope

This control does not by itself:

Prevent prompt injection as a category

Guarantee model correctness or output quality

Eliminate insider threat or privileged abuse

Replace network, IAM, or endpoint security controls

See It in Action

View redacted specimens for multiple high-impact action classes.

View Specimens Book a Stamp Sprint

View Verify API View Stamp Spec

Scope-limited verification. Not a certification.

Kill Switch Flow

For high-impact agent actions, verification must be external, decision-time, and rapidly revocable.

No Stamp → No Execute

This page defines machine-checkable, fail-closed enforcement semantics suitable for technical implementation and MSA/SOW reference.

Not a certification. Scope-limited verification.

{ "stamp_id": "GP-2026-0142-XK9", "status": "VALID", "scope": "tool_execution:high_impact", "scope_hash": "sha256:9f86d08...", "expires_at": "2026-06-15T00:00:00Z", "verified_at": "2026-01-19T14:32:07Z", "signer": "policy_signer_v3", "version": "1.2", "verify_url": "https://verify.goodproof.mindchill.ai/GP-2026-0142-XK9", "official_verifier": "verify.goodproof.mindchill.ai", "request_id": "req-abc123..." }