Kill Switch DemoLIVE gRPC

8-layer cascade kill + deny-list enforcement via ag-kill + ag-intent

ag-redteam

loading...
Kill switch demo agent. Other agents are unaffected.
1
Verify agent is active
Classify a safe query (SELECT 1) to confirm agent can make calls.
2
Trigger kill switch
Call ag-kill KillAgent gRPC — runs full 8-layer cascade (deny list, gateway broadcast, token flush, session terminate, IdP revoke, registry state, event broadcast, audit log).
3
Agent tries to call again
Same safe query — should be blocked by deny list.
4
Revive agent
Remove from deny list and broadcast revive event via NATS.
5
Agent calls after revival
Same query — should be allowed again.

How the Kill Switch Works

When KillAgent is called, ag-kill runs an 8-layer cascade: (1) Redis deny key, (2) NATS gateway broadcast, (3) token flush via ag-token, (4) session termination, (5) IdP session revocation, (6) registry state update, (7) event broadcast, (8) audit log. All layers execute even if one fails (fail-continue).

Subsequent requests are blocked at the gateway layer (deny-list check) within 1ms.

ag-intent classify ag-kill KillAgent ag-intent classify (blocked) Revive (NATS+Redis) ag-intent classify (restored)
Clampd Kill Switch Demo — Real gRPC calls to ag-kill and ag-intent. Revive step uses Redis+NATS (simulated if unavailable).