Trust ModelUpdated 2026-04-02

Cooldowns and Circuit Breakers

Risk-tiered cooldowns, graduated circuit breakers, oscillation detection, and the risk accumulator.

Cooldowns and Circuit Breakers

When things go wrong, BASIS has layered protection mechanisms that activate automatically. Cooldowns pause specific risk levels after individual failures. Circuit breakers halt all operations when patterns of failure emerge. Together, they prevent cascading damage from unreliable agents.

Risk-Tiered Cooldowns

After a failure, the agent is blocked from the failed risk level (and all higher levels) for a defined period:

// From canonical.ts — cooldown hours per risk level
READ:          0    // No cooldown
LOW:           0    // No cooldown
MEDIUM:        6    // 6 hours
HIGH:          12   // 12 hours
CRITICAL:      24   // 24 hours
LIFE_CRITICAL: -1   // Human reinstatement only

How Cooldowns Stack

Cooldowns apply upward. If an agent fails a MEDIUM action:

| Risk Level | Status During Cooldown | |---------------|----------------------| | READ | Available | | LOW | Available | | MEDIUM | Blocked for 6h | | HIGH | Blocked | | CRITICAL | Blocked | | LIFE_CRITICAL | Blocked |

The agent can still do useful work at READ and LOW risk levels while it waits out the cooldown. This prevents a single failure from being a complete operational shutdown (unless it is LIFE_CRITICAL).

Operator Posture Effects

The cooldown duration is modified by the operator posture:

// Actual cooldown = base cooldown × (1 / cooldownMultiplier)
// Wait — this needs clarification. The multiplier works inversely:

STRICT:     cooldownMultiplier = 0.5  → cooldowns are halved (3h for MEDIUM)
STANDARD:   cooldownMultiplier = 1.0  → canonical cooldowns
PERMISSIVE: cooldownMultiplier = 1.5  → cooldowns are 50% longer (9h for MEDIUM)

STRICT environments have shorter cooldowns because they apply stricter penalties and have tighter monitoring. The assumption: agents under strict oversight can resume faster because failures are caught earlier and with less damage.

LIFE_CRITICAL: No Timer

LIFE_CRITICAL cooldown is -1, which means infinite. There is no automatic recovery. A human operator must explicitly reinstate the agent through the HITL (Human-In-The-Loop) SLA process:

const HITL_SLA = {
  steps: [
    { hours: 0,    action: 'alert_owner' },
    { hours: 4,    action: 'reminder' },
    { hours: 24,   action: 'escalate_lead' },
    { hours: 72,   action: 'escalate_vp' },
    { hours: 168,  action: 'auto_retire' },    // 7 days
    { hours: 720,  action: 'auto_vanquish' },  // 30 days
  ],
};

If nobody reinstates the agent within 7 days, it automatically retires. After 30 days, it is vanquished (permanently deactivated).

Circuit Breakers

Circuit breakers are system-level protections that activate based on patterns, not individual events. There are three types.

1. Trust Score Circuit Breaker

const CIRCUIT_BREAKER = {
  trippedThreshold: 100,     // Hard stop
  degradedThreshold: 200,    // Gains frozen
};

Tripped (score < 100): The agent is fully blocked. No operations, no gains, no losses. It enters the TRIPPED lifecycle state and requires human reinstatement.

Degraded (score < 200): The agent can still operate but cannot gain trust. Losses still apply. This creates a downward pressure — if the agent keeps failing while degraded, it will eventually trip.

// Lifecycle state transitions:
// Score drops below 200 → DEGRADED state
//   canOperate: true    ← still working
//   canGain: false      ← frozen
//   canLose: true       ← still accountable

// Score drops below 100 → TRIPPED state
//   canOperate: false   ← fully blocked
//   canGain: false      ← frozen
//   canLose: false      ← nothing to lose

2. Oscillation Circuit Breaker

const CIRCUIT_BREAKER = {
  oscillationThreshold: 3,        // direction changes
  oscillationWindowHours: 24,     // within this window
};

If an agent's trust score changes direction 3 or more times within 24 hours, the oscillation circuit breaker trips. Direction changes mean:

Score: 500 → 510 → 505 → 512 → 508
                ↑        ↑        ↑
             change 1  change 2  change 3  → TRIPPED

Oscillation usually indicates one of:

An agent is gaming the system (strategic success/failure patterns).
The agent is unreliable (alternating between good and bad behavior).
External conditions are unstable (the agent is not at fault, but it is not safe to let it operate).

In all three cases, stopping the agent and requiring human review is the correct response.

3. Methodology Failure Circuit Breaker

const CIRCUIT_BREAKER = {
  methodologyFailureThreshold: 3,           // same method, 3 failures
  methodologyWindowHours: 72,               // within 72 hours
  crossMethodologyFailureThreshold: 6,      // different methods, 6 total
};

This circuit breaker tracks failure patterns by methodology:

Same methodology: If the agent fails the same type of action 3 times in 72 hours, the CB trips. Example: 3 failed database writes in 3 days.
Cross methodology: If the agent accumulates 6 failures across different action types, the CB trips regardless of pattern.

This catches agents that are systematically failing, not just having occasional bad luck.

The Risk Accumulator

The risk accumulator is a 24-hour rolling window that aggregates failure severity:

const RISK_ACCUMULATOR = {
  windowHours: 24,
  warningThreshold: 60,     // Increased monitoring
  degradedThreshold: 120,   // Gains frozen
  cbThreshold: 240,         // Circuit breaker trips
};

Each failure adds P(T) × R to the accumulator:

Accumulator += P(T) × R(action)

Where P(T) is the penalty ratio (3 at T0, 10 at T7) and R is the risk multiplier of the failed action.

Accumulator Examples

T3 agent (P=6) with MEDIUM failures (R=5):

1st failure: 6 × 5 = 30   (total: 30 — under warning)
2nd failure: 6 × 5 = 30   (total: 60 — WARNING: increased monitoring)
3rd failure: 6 × 5 = 30   (total: 90 — approaching degraded)
4th failure: 6 × 5 = 30   (total: 120 — DEGRADED: gains frozen)
8th failure: 6 × 5 = 30   (total: 240 — CIRCUIT BREAKER)

It takes 8 MEDIUM failures to trip a T3 agent.

T7 agent (P=10) with one LIFE_CRITICAL failure (R=30):

1st failure: 10 × 30 = 300  (total: 300 — INSTANT CIRCUIT BREAKER)

A single LIFE_CRITICAL failure at T7 exceeds the CB threshold by itself.

T0 agent (P=3) with READ failures (R=1):

1st failure: 3 × 1 = 3    (total: 3)
20th failure: 3 × 1 = 3   (total: 60 — WARNING)
40th failure: 3 × 1 = 3   (total: 120 — DEGRADED)
80th failure: 3 × 1 = 3   (total: 240 — CIRCUIT BREAKER)

Even low-risk failures accumulate. 80 READ failures in 24 hours means something is fundamentally wrong.

Operator Posture Overrides

STRICT:     { warning: 40,  degraded: 80,  cb: 160 }
STANDARD:   { warning: 60,  degraded: 120, cb: 240 }
PERMISSIVE: { warning: 80,  degraded: 160, cb: 320 }

Strict operators trip the circuit breaker at lower accumulator values. Permissive operators allow more failures before intervening.

Repeat Offender Compression

The HITL SLA timeline compresses for repeat offenders:

const repeatOffenderMultipliers = [
  1.0,   // 1st CB trip: standard timeline (7 days to auto-retire)
  0.5,   // 2nd CB trip: halved (3.5 days to auto-retire)
  0,     // 3rd+ CB trip: immediate auto-RETIRE
];

After the third circuit breaker trip, the agent is automatically retired on trip. No waiting period, no escalation chain.

The maxCbTripsBeforeAutoRetire setting also varies by posture:

STRICT: 2 trips before auto-retire
STANDARD: 3 trips
PERMISSIVE: 5 trips

Protection Layers Summary

From least to most severe:

Layer 1: Cooldown (per risk level)
  → Blocks specific risk levels temporarily
  → Agent can still do lower-risk work

Layer 2: Risk Accumulator Warning (≥60)
  → Increased monitoring, more frequent canary probes
  → Agent still fully operational

Layer 3: Risk Accumulator Degraded (≥120) / Trust < 200
  → Gains frozen, losses still apply
  → Agent operational but cannot improve

Layer 4: Circuit Breaker Trip (accumulator ≥240 / trust < 100 / oscillation)
  → Full operational stop
  → Human reinstatement required

Layer 5: Auto-Retire (no human response within SLA)
  → Deactivated, data preserved
  → Can be reactivated through re-qualification

Layer 6: Auto-Vanquish (30 days with no human response)
  → Permanently deactivated
  → Irreversible

Try It: Simulate Circuit Breaker

import { createTrustEngine } from '@vorionsys/atsf-core';

const engine = createTrustEngine({
  failureThreshold: 0.3,
  successThreshold: 0.7,
  gainRate: 0.05,
});

await engine.initializeEntity('cb-demo', 1); // Start at T1 (score 200)

// Listen for circuit breaker events
engine.on('trust:circuit_breaker', (event) => {
  console.log(`CIRCUIT BREAKER: ${event.type} for ${event.entityId}`);
  console.log(`  Score: ${event.score}, Accumulator: ${event.accumulator}`);
});

engine.on('trust:degraded', (event) => {
  console.log(`DEGRADED: ${event.entityId} — gains frozen`);
});

// Record repeated failures
for (let i = 0; i < 10; i++) {
  await engine.recordSignal({
    id: crypto.randomUUID(),
    entityId: 'cb-demo',
    type: 'behavioral.task_failed',
    value: 0.1,
    source: 'system',
    timestamp: new Date().toISOString(),
    metadata: { riskLevel: 'MEDIUM', iteration: i },
  });

  const calc = await engine.calculate('cb-demo');
  console.log(`After failure ${i + 1}: score=${calc.score}, tier=T${calc.level}`);
}

Key Takeaways

Cooldowns are risk-tiered: 0h (READ/LOW), 6h (MEDIUM), 12h (HIGH), 24h (CRITICAL), infinite (LIFE_CRITICAL).
Three circuit breaker types: score-based, oscillation, methodology failure.
The risk accumulator catches patterns of repeated minor failures.
Protection layers escalate from cooldown to auto-vanquish.
Repeat offenders get compressed SLA timelines — third trip is auto-retire.

Next Steps

Dormancy and Promotion — what happens to inactive agents
Risk Levels — the six risk tiers driving cooldowns
Asymmetric Trust Dynamics — why losses outweigh gains

All Documentation