Scoped Kill Switches + Policy Dry-Run: Granular Emergency Controls
2026-03-11
LOCKSTEP TRACEABILITY MATRIX --- api_endpoints:
- "POST /v1/killswitch/scope"
- "GET /v1/killswitch/scopes"
- "DELETE /v1/killswitch/scope/:type/:id"
- "POST /v1/governance/policy/dry-run"
- "POST /auth/killswitch/scope"
- "DELETE /auth/killswitch/scope/:type/:id"
- "GET /auth/killswitch/scopes"
sdk_methods_updated:
- "client.killswitch.activateScope()"
- "client.killswitch.listScopes()"
- "client.killswitch.deactivateScope()"
- "client.governance.dryRunPolicy()"
mcp_tools_updated:
- "br_killswitch_scope"
- "br_list_killswitch_scopes"
- "br_deactivate_killswitch_scope"
- "br_policy_dry_run"
---
What We Built
Scoped kill switches that can surgically disable individual agents, providers, or tools without taking down the entire tenant. Previously, the kill switch was binary: on or off for the whole tenant. Now operators can isolate a rogue agent, block a misbehaving provider during an outage, or disable a specific tool — all while the rest of the system continues operating.
Policy dry-run lets operators test policy rules against real request contexts before enabling enforcement. This eliminates the fear of deploying a policy that accidentally blocks legitimate traffic.
Why It Matters
During a security incident, operators need surgical precision, not a sledgehammer. If one agent is compromised, shutting down the entire tenant disrupts all agents. Scoped kill switches give operators the granularity to contain threats without collateral damage. Policy dry-run removes the deployment anxiety that prevents teams from adopting governance rules.
How It Works
Kill switch scopes are stored in ConfigStore with keys like killswitch-scope:agent:agent-007. The middleware checks scopes after the tenant-level kill switch, extracting agent ID from the X-BR-Agent-Id header, provider from the model prefix (e.g., claude-* → anthropic), and tool names from the request body's tool_choice and tools fields. A 500ms in-memory cache prevents repeated config-store reads on the hot path.
// Activate a scoped kill switch via SDK
await client.killswitch.activateScope("agent", "agent-007", "Rogue behavior detected");
// Test a policy rule before enabling it
const result = await client.governance.dryRunPolicy({
action: "POST:/v1/chat/completions",
agentId: "agent-007",
modelName: "gpt-4",
});
// → { decision: "deny", matchedRule: { id: "block-gpt4", ... }, ruleCount: 3, mode: "active" }Policy enrichment correctly distinguishes agent principals from API key principals — only principals with the agent role populate the agentId field, preventing false matches on agent-scoped policy rules.
The Numbers
- 3 kill switch scope types: agent, provider, tool
- 4 new MCP governance tools (total: 54)
- 500ms scope cache TTL for hot-path performance
- 8 new API endpoints (4 under /v1/_, 4 mirrored under /auth/_) with full JWT bridge parity
- Both SDKs (TypeScript + Python) updated with sync and async methods
Competitive Edge
No other AI gateway offers granular kill switches at the agent, tool, and provider level. Portkey and OpenRouter provide tenant-level disabling at best. BrainstormRouter's scoped kill switches combined with policy dry-run give operators the confidence to run autonomous agents in production — knowing they can surgically intervene without disrupting the entire fleet.
Lockstep Checklist
> _You MUST check these boxes [x] and verify the corresponding files are updated BEFORE committing this log._
- [x] API Routes:
src/api/routes/killswitch.ts,src/api/routes/governance.ts,src/api/routes/auth.tsupdated. - [x] TS SDK:
packages/sdk-ts/src/resources/killswitch.ts,packages/sdk-ts/src/resources/governance.tsupdated. - [x] Python SDK:
packages/sdk-py/src/brainstormrouter/resources/killswitch.py,packages/sdk-py/src/brainstormrouter/resources/governance.pyupdated. - [x] MCP Schemas:
src/mcp/tool-manifest.ts,src/mcp/server.ts,site/.well-known/agents.jsonupdated. - [x] Master Record: Coverage tracked in Phase 011 spec.