Borrowed from avionics command-and-monitor architecture: the part that watches is never the part that acts. That separation is what lets BLOCK fire in milliseconds, independent of anything downstream.
Gray-failure detection over live telemetry. Computes the deviation integral and fires ALERT / LIMIT against the Safety Envelope, with zero coupling to execution.
Controlled fault injection and the deterministic kill-switch. On a LIMIT signal, BLOCK aborts within milliseconds and drives the agent to a Safe State.
| Layer | Subsystem | Core purpose |
|---|