Seven Independent Safety Layers
- Entity ID:
ent-20260423-p2a003000004 - Type:
pattern - Scope:
private - Status:
active
Description
Defense-in-depth pattern comprising tool pre-filtering, deny-first rule evaluation, permission mode constraints, auto-mode ML classifier, shell sandboxing, non-restoration on resume, and hook-based interception. A request must pass through all applicable layers; any one can block it.
Key claims
- Defense-in-depth is seven independent safety layers
- Defense-in-depth layers can share failure modes under performance pressure
- Shell sandbox operates on an axis independent of authorization
Relations
- Tool Pre-filtering Safety Layer --[part_of]--> Seven Independent Safety Layers
- Permission Mode Constraints Layer --[part_of]--> Seven Independent Safety Layers
- Non-restoration on Resume Layer --[part_of]--> Seven Independent Safety Layers
- Seven Independent Safety Layers --[implements]--> 12 Boring Primitives Framework
- Shared Failure Modes in Defense-in-Depth --[informs]--> Seven Independent Safety Layers
- Pre-trust Execution Window --[depends_on]--> Seven Independent Safety Layers