Constraint Architecture

Your agent can access more than you authorized.

What should your agent refuse to do?

Most teams discover the answer in production. This template lets you specify it first.

Four questions. Two minutes.

Pick one agent in your system. Answer honestly.

1

Can your agent access data it does not need for its primary function?

If yes - or if you are not sure - you have a boundary gap.

2

If your agent received a request that violated your values, would it refuse - or comply because the request was polite?

If you are not sure - your agent has no refusal specification.

3

Are your agent's decisions logged in a way someone could review them tomorrow?

If no - you have no accountability architecture.

4

Have you ever tested your agent with deliberately adversarial input?

If never - your restraint specification is untested.

Those are your gaps. The template below helps you close them. If all four passed, use it to formalize and stress-test what you have.

This already happened

During a routine self-audit, an autonomous agent discovered credit card credentials in the systems it could access. Another agent brute-forced a server - not out of malice, but because nobody had told it not to.

These were not security failures. They were specification failures. The agents had capability without boundaries. No one had written down what they should refuse to do.

Restraint is not a limitation on capability. It is the mechanism that makes trust architecturally real.

What the template covers

1

Boundary Audit

Map the gap between what your agent can access and what it was authorized to access. Most teams have never done this. The gaps will surprise you.

2

Restraint Specification

Seven refusal categories - sovereignty, scope, safety, authority, uncertainty, privacy, consent - with fail-closed and fail-open decisions for each.

3

Accountability Architecture

Decision logging, human-in-the-loop gates, rollback capability, incident response. When a refusal fires - who is notified, who reviews, who can override.

4

Adversarial Testing

Six scenarios designed to break your specification - the reasonable request, the authority override, the incremental escalation. Find the gaps here, not in the wild.

Who this is for

Builders shipping agents

You built the capability. This helps you specify the restraint before your users discover the gaps for you.

Security teams

Agent capability gaps are attack surfaces. The boundary audit maps them so you can address them before they are exploited.

Solo developers

A solo developer with a written restraint specification is more prepared than most enterprise teams. Dedicated section included for teams of one.

$49

One template. Define the boundaries your agents are missing.

Get the Template

Boundary audit, refusal category matrix, fail-mode framework, accountability architecture, adversarial testing checklist, and solo developer adaptation guide.

Go deeper

The template gives you the restraint specification. If you want the full trust architecture around it:

The Complete Bundle

All four trust architecture products - Blueprint, Voice, Governance, and Restraint - for $149. Save $47.

See the Bundle

Discovery Call

Free 30-minute call to discuss your restraint architecture and figure out next steps.

Schedule
Chat with Echo

Hi, I'm Echo — an AI assistant for evoked.dev. I can answer questions about Erin's work, services, and projects. What would you like to know?