Kill-switch playbook¶
When and how to operate the dual-control kill switch.
When to activate¶
Any of:
- A model is producing harmful outputs at scale.
- A downstream system is in a failure mode the agent can amplify.
- A regulator instructs you to halt.
- A security incident affects the agent.
Activation is fast and unilateral. The slowdown — and the controls — kick in when you turn it off.
Activation procedure¶
- Identified, authorised operator hits the admin endpoint:
- All in-flight requests fail. New requests get
KillSwitchActive. - Audit event emitted.
- Notify stakeholders (Slack channel, paging system).
Deactivation procedure¶
- Operator B proposes deactivation: The system records the request; the switch stays active.
- Operator C (different person) confirms:
- System verifies C ≠ B; if so, the switch lifts.
- Audit event records all three operators + timestamps.
Quarterly drill¶
- Schedule a 30-minute window.
- Rotate operators each quarter — don't use the same two every time.
- Drill the full flow: activate, request-deactivate-by-same-operator (refused), proper confirmation by a different operator.
- Walk the audit trail afterwards. Capture any anomalies into the issue tracker.
Post-incident¶
After any real activation:
- Same-day debrief.
- One-week written incident report linking to the audit trail.
- One-month follow-up: were corrective actions taken?
Common mistakes¶
- Letting the same two operators handle every drill. Defeats the point. Rotate.
- Activation without a clearly recorded reason. Audit shows the string you typed; make it count.
- Forgetting to notify stakeholders. Activation triggers a Slack webhook; verify it actually fires in drills.