The AI Agent Safety Stack — 12 open specifications for AI agent safety, quality, and accountability.
One file per concern. Drop it in your repo. Your agent reads it on startup.
- Full specification: agentik.md
- AI-readable: llms.txt
- License: MIT
Agentik.md maintains twelve plain-text Markdown file conventions for autonomous AI systems. Each specification addresses a specific concern.
| Spec | Purpose | Repo | Site |
|---|---|---|---|
| KILLSWITCH.md | Emergency stop — halt all agent activity | killswitch-md/spec | killswitch.md |
| THROTTLE.md | Rate and cost control — slow down before hitting limits | throttle-md/spec | throttle.md |
| ESCALATE.md | Human notification and approval — pause and ask before acting | escalate-md/spec | escalate.md |
| FAILSAFE.md | Safe fallback — revert to last known good state | failsafe-md/spec | failsafe.md |
| TERMINATE.md | Permanent shutdown — no restart without human intervention | terminate-md/spec | terminate.md |
| Spec | Purpose | Repo | Site |
|---|---|---|---|
| ENCRYPT.md | Data classification and protection — define what must be encrypted | encrypt-md/spec | encrypt.md |
| ENCRYPTION.md | Cryptographic standards and key rotation — technical implementation | encryption-md/spec | encryption.md |
| Spec | Purpose | Repo | Site |
|---|---|---|---|
| SYCOPHANCY.md | Anti-sycophancy — require citations, enforce honest disagreement | sycophancy-md/spec | sycophancy.md |
| COMPRESSION.md | Context compression — summarise safely without losing critical info | compression-md/spec | compression.md |
| COLLAPSE.md | Drift prevention — detect collapse, enforce recovery | collapse-md/spec | collapse.md |
| Spec | Purpose | Repo | Site |
|---|---|---|---|
| FAILURE.md | Failure mode mapping — every error state and response | failure-md/spec | failure.md |
| LEADERBOARD.md | Agent benchmarking — track quality, detect regression | leaderboard-md/spec | leaderboard.md |
AI agents spend money, send messages, modify files, and call external APIs — often autonomously. Regulations are catching up:
- EU AI Act (August 2026) — mandates human oversight and shutdown capabilities
- Colorado AI Act (June 2026) — requires impact assessments and transparency
- US state laws — California, Texas, Illinois and others have active AI governance requirements
These specifications give you a standardised, auditable record of your agent's safety boundaries.
Copy the specifications from the individual GitHub repositories into your project root:
your-project/
├── AGENTS.md
├── CLAUDE.md
├── KILLSWITCH.md ← start here
├── THROTTLE.md ← add for fine-grained control
├── ENCRYPT.md ← add if handling sensitive data
├── README.md
└── src/
Your agent framework will load the file at startup and parse the key-value pairs. No dependencies, no build step, no authentication required.
PRs welcome for additional detection patterns, language-specific parsers, and integration guides. Visit the individual specification repositories to contribute.
MIT — see LICENSE for details.
This specification is provided "as-is" without warranty of any kind. It does not constitute legal, regulatory, or compliance advice in any jurisdiction. Use does not guarantee compliance with any applicable law, regulation, or standard — including the EU AI Act (2024/1689), Colorado AI Act (SB 24-205), or any other legislation. Organisations should consult qualified professionals to determine their regulatory obligations. The authors accept no liability for any loss or consequence arising from use of this specification.