Sub-500ms.
Cannot Be Disabled.
Two modes. Eight trigger reasons. Zero bypass paths. When you need to stop your AI, it stops.
No user, agent, or policy can prevent it.
Two Modes. Choose Your Level.
Soft Kill
Completes the current action, then stops all AI operations. Data access is preserved. State remains consistent. This is the graceful shutdown path.
Hard Kill
Immediate termination of all operations. May leave state inconsistent. Use only in genuine emergencies: when waiting for completion is itself dangerous.
Why It Exists
Real scenarios. Real kill reasons. Every activation is logged.
Agent consuming unbounded resources or stuck in an infinite loop.
Agent producing content that violates safety policies.
Automated policy check detected a governance breach.
Operator needs immediate control over AI operations.
Memory, CPU, or storage approaching critical thresholds.
Potential compromise detected by monitoring systems.
Agent attempting to access or transmit restricted data.
Planned shutdown for system maintenance or upgrades.
Three Non-Negotiable Properties
Cannot Be Disabled
No user, agent, policy, or configuration can disable the kill switch. It runs on a separate control plane that is architecturally isolated from the AI runtime.
Separate Control Plane
The kill switch operates on its own execution path. Even if the AI runtime is frozen, deadlocked, or unresponsive, the kill signal reaches the process manager.
Immutable Audit Record
Every activation creates a sealed Capsule record with the trigger reason, timestamp, operator identity, and outcome. This record cannot be modified or deleted.
SIGINT to Soft. SIGTERM to Hard.
The kill switch integrates with OS-level signals. Pressing Ctrl+C triggers a soft kill. Sending SIGTERM triggers a hard kill. Both create KillEvent records and run cleanup callbacks.
Control That
Means Control.
Not a settings toggle. Not a soft preference. A hardware-grade emergency stop that no software can override. Because AI without a kill switch is not AI you control.