Emergency Action Protocol
Goal
Give the agent a specific elevated capability — network isolation, process killing, memory dump taking — for several minutes without giving the agent permanent root privileges.
Levels
| Level | TTL | Auto? | Actions |
|---|---|---|---|
| 1 | 2 min | Auto if confidence > 0.95 | IsolateNetwork · KillProcess · MemoryDump |
| 2 | 5 min | Auto after 3 minutes if no ack | StopService · QuarantineFile |
| 3 | 15 min | Always human approval required | InstallPackage · Reboot · RunPlaybook |
Verification Chain (agent side)
- TTL —
now ≤ expires_atand(expires_at - issued_at) ≤ 900. - Addressing —
agent_id= own ID. - Anti-replay —
noncemust not be in theused_noncestable. - Signature — Ed25519, verified against the baked-in public key in the binary.
- Marking — add
noncetoused_noncesbefore execution.
Key Management
- One-time generation:
bash scripts/gen-emergency-keypair.sh. - Private key is only stored in
HUB_EMERGENCY_PRIVATE_KEYon the hub. - Public key is baked into the agent via
build.rsat compile time. - Rotate annually with 24-hour overlap.