Velocity-and-Magnitude Governor
Hard-code per-unit-time caps on the financial magnitude of agent actions, and on any deviation beyond a statistical threshold force a downgrade from human-on-the-loop to human-in-the-loop.
Problem
Generic throttles bound the wrong quantity. Capping requests, tokens, or loop iterations leaves dollars-per-second unbounded, so an agent that stays well within its call budget can still place orders far larger or faster than its established baseline before anyone intervenes. Conversely a flat per-action cost ceiling ignores velocity: many small actions in a tight window aggregate into a large exposure that no single action trips. The system needs a control that bounds committed financial magnitude per unit time, recognises when the agent's volume or value departs from its normal envelope, and reacts proportionally rather than only by a full stop.
Solution
Borrow the pre-trade control of high-frequency trading and place a governor in the action path that every money-moving step must clear. The governor maintains hard caps on financial magnitude per unit time across several horizons (notional per second, order or transaction size, cumulative position, transactions per window) and a rolling baseline of normal volume and value. Each pending action is checked against the caps; an action that would breach a cap is rejected before it executes. In parallel the governor scores how far the current volume or value departs from baseline, and when that deviation exceeds a statistical threshold (for example more than three sigma) it forces an autonomy downgrade: the agent moves from human-on-the-loop, where a human watches but rarely intervenes, to human-in-the-loop, where every further material action waits for affirmative human approval. The downgrade is graduated and automatic, distinct from a full halt, and the baseline plus threshold are calibrated from historical activity rather than assumed.
When to use
- Agent actions move money or take market positions, so the quantity worth bounding is committed financial magnitude per unit time rather than call or token count.
- A stable baseline of normal volume and value exists, so a deviation threshold (for example three sigma) can be calibrated rather than guessed.
- A graduated response is wanted: a large-but-plausible deviation should tighten human oversight rather than halt the system outright.
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.