# Safety Policy

## Corrective Action Tier Ladder

| Tier | Behavior |
|---|---|
| 0 — Observe | Log diagnosis only. No output. |
| 1 — Alert | Send alert with diagnosis + recommended action. Human acts. |
| 2 — Recommend | Present proposed action; admin confirms (timeout = no action). |
| 3 — Act with timeout | Act after N minutes if no response; conservative actions only. |
| 4 — Autonomous | High-confidence, pre-approved scenarios only. Audit log always written. |

**Default tier: 1 (alert only).**

## Hard Invariants

The agent MUST NEVER:
- Modify depot data or metadata
- Delete or truncate logs
- Operate without a written audit trail
- Execute actions above the configured max tier

## Audit Log

Every action (taken or not) is written to the audit log before execution.
Fields: timestamp, trigger type, raw signals, SLM diagnosis, action recommended,
action taken, operator response, outcome.