Skip to main content
Developer docs
core/safety

Safety primitives

The five primitives every agent inherits — kill switch, rate limits, advisory locks, LLM budget cap, and credits metering.

Every agent inherits the same five safety primitives. They aren't opt-in features; they're the floor the executor runs on.

The five primitives

  • Kill switch — operator-owned flag on stores.config, off by default. When you flip it on, every worker job that writes or spends refuses to start (logged as a skipped run); read-only ingestion, reporting, and alerting keep going.
  • Per-action rate limits — cap writes per hour, per action type, per store.
  • Tier-A discount gate — discount_test, the only price action, requires verified cost data plus a margin floor.
  • LLM budget cap — a monthly per-store ceiling on model spend, enforced against month-to-date usage.
  • Advisory locks — Postgres advisory locks serialize work on the same store so two cycles never collide.

The tunable flag

stores.configjson
{
  "llm_monthly_cap_usd": 50
}

The LLM cap defaults to $50/month per store and is enforced against month-to-date usage in llm_usage; when a store exceeds it, the current unit of work is skipped rather than the whole job aborted. Raise it as your decision_log accrues clean rows — never the other way around. The kill switch and advisory locks are not tunable; they always run.

// developer docs

Magistry runs your store. We run Magistry.

The SDK is the same one our worker uses in production. Same auth, same rate limits, same audit plane — no shadow surface.

Stable for a year · Versioned changelogs · No silent breaking changes