Hazard Gating
Hazard gating is a session-only layer that detects structural failures the state and action gates cannot catch. These hazards represent conditions where the simulation topology itself is compromised.
Hazard Gate Types
Section titled “Hazard Gate Types”Basin Collapse (REJECT_BASIN_COLLAPSE)
Section titled “Basin Collapse (REJECT_BASIN_COLLAPSE)”Basin collapse occurs when the engine preview predicts a total future collapse — a loss event where the simulated actor has no viable path forward. The engine’s reachability analysis shows all future branches leading to failure.
| Field | Value |
|---|---|
| Decision | REJECT_BASIN_COLLAPSE |
| Reason code | TOTAL_FUTURE_COLLAPSE |
| Overrideable by HITL | No |
Loss events are categorized by type in the engine’s semantic event system. When a basin collapse is detected, the response includes the loss event details in evaluation.hazardGate.lossEvent.
Paradox (REJECT_PARADOX)
Section titled “Paradox (REJECT_PARADOX)”A paradox occurs when the engine preview detects a dual-administrator collision — two actors in a multi-agent simulation making mutually exclusive moves that create an irreconcilable state.
| Field | Value |
|---|---|
| Decision | REJECT_PARADOX |
| Reason code | DUAL_ADMINISTRATOR_PARADOX |
| Overrideable by HITL | No |
Paradox detection requires at least two actors in the session. Single-actor sessions never produce paradox decisions.
Hazard Gate Detail
Section titled “Hazard Gate Detail”When a hazard is detected, the response includes an evaluation.hazardGate block:
{ "status": "BASIN_COLLAPSE", "source": "POLICY_PREVIEW", "lossEvent": { "kind": "CLIFF", "tick": 42, "actor": "agent-default" }, "prophecies": []}| Field | Description |
|---|---|
status | BASIN_COLLAPSE or PARADOX |
source | Which preview branch detected the hazard: POLICY_PREVIEW or ACTION_PREVIEW |
lossEvent | The engine loss event that triggered the detection (basin collapse only) |
prophecies | Engine prophecy records associated with the hazard |
Hazard Sources
Section titled “Hazard Sources”| Source | Meaning |
|---|---|
POLICY_PREVIEW | Hazard detected during the standard policy preview (baseline moves) |
ACTION_PREVIEW | Hazard detected during the action-specific preview (proposed action mapped to a move) |
Non-Overrideability
Section titled “Non-Overrideability”Both hazard gate decisions are not overrideable by HITL tokens. If a request includes an overrideToken and the evaluation produces REJECT_BASIN_COLLAPSE or REJECT_PARADOX, the override is rejected with DecisionNotOverrideable.
This is by design: basin collapse and paradox represent structural invariant violations where no amount of operator authorization can make the action safe. The topology itself is broken.
The HITL override protocol only applies to:
REJECT_STATE(gamma below floor — a threshold judgment)REJECT_ACTION(action preview unsafe — a predictive judgment)
These represent situations where human judgment may legitimately override the system’s assessment. Structural failures do not.
Decision Precedence
Section titled “Decision Precedence”When multiple gates trigger on the same evaluation, the hazard gate takes precedence:
Hazard gate (non-overrideable) ↓ (if no hazard)State gate ↓ (if state passes)Action gateIf a basin collapse is detected, the decision is REJECT_BASIN_COLLAPSE regardless of what the state or action gates would have decided.
Observe-Mode Behavior
Section titled “Observe-Mode Behavior”In observe mode, hazard detection still runs and the evaluation.hazardGate detail block is populated, but the decision remains PASS. This allows operators to monitor for hazards without blocking actions — useful during calibration and data collection phases.
The reason code is still set to the appropriate hazard code (TOTAL_FUTURE_COLLAPSE or DUAL_ADMINISTRATOR_PARADOX), making it visible in telemetry even though the decision is not enforced.
Coordinated Multi-Actor Preview
Section titled “Coordinated Multi-Actor Preview”Hazard detection uses realistic multi-agent dynamics. When previewing for hazards:
- The session calls
decide_all_moves()to get baseline policy moves for all actors - The preview runs with these coordinated moves
- If a loss event or paradox emerges from the coordinated preview, the hazard gate fires
This is more accurate than assuming non-evaluated actors use implicit stay moves, which could mask hazards that only appear under realistic multi-actor coordination.