core/safety

Safety primitives

The seven primitives every agent inherits — kill switch, rate limits, evidence gates, and more — plus the flags you can tune.

Every agent inherits the same seven safety primitives. They aren't opt-in features; they're the floor the executor runs on. You can tune four flags, but you can't run without the primitives.

The seven primitives

Kill switch — default-on, operator-owned. Trips executors to a clean stop in <90s.
Per-action rate limits — cap writes per hour, per action type, per store.
Tier-of-evidence gates — an action can't clear the judge without sufficient evidence rows.
Trademark filter — blocks infringing copy/creative before it's emitted.
Uniqueness check — prevents duplicate listings and near-duplicate creative.
LLM budget caps — hard ceiling on model spend per cycle, logged.
Advisory locks — serialize writes to the same subject so two cycles never collide.

The tunable flags

workspace safety configjson

{
  "rate_limit_writes_per_hour": 120,
  "judge_threshold_price_moves": 0.88,
  "llm_budget_usd_per_cycle": 4.0,
  "require_operator_confirm_tier": "C"
}

Defaults are conservative. Loosen them as your decision_log accrues clean rows — never the other way around. The kill switch and advisory locks are not tunable; they always run.

// more concepts

decision_log ALLOWED_TRANSITIONS planner-judge-executor Cost Confidence Tiers Action enum

// developer docs

Magistry runs your store. We run Magistry.

The SDK is the same one our worker uses in production. Same auth, same rate limits, same audit plane — no shadow surface.

Open the quickstart

API reference

Stable for a year · Versioned changelogs · No silent breaking changes