Every agent inherits the same five safety primitives. They aren't opt-in features; they're the floor the executor runs on.
The five primitives
- Kill switch — operator-owned flag on stores.config, off by default. When you flip it on, every worker job that writes or spends refuses to start (logged as a skipped run); read-only ingestion, reporting, and alerting keep going.
- Per-action rate limits — cap writes per hour, per action type, per store.
- Tier-A discount gate — discount_test, the only price action, requires verified cost data plus a margin floor.
- LLM budget cap — a monthly per-store ceiling on model spend, enforced against month-to-date usage.
- Advisory locks — Postgres advisory locks serialize work on the same store so two cycles never collide.
The tunable flag
{
"llm_monthly_cap_usd": 50
}The LLM cap defaults to $50/month per store and is enforced against month-to-date usage in llm_usage; when a store exceeds it, the current unit of work is skipped rather than the whole job aborted. Raise it as your decision_log accrues clean rows — never the other way around. The kill switch and advisory locks are not tunable; they always run.
