A bit more on the architecture:
Each layer is a middleware that wraps the agent's execution loop. When an agent calls a tool or spawns a subagent, the request passes through the stack:
Agent Request → SUTRA (rate limit) → DHARMA (permissions) → SANGHA (skill check) → KARMA (cost) → Execute
↓
Agent Response ← SILA (audit log) ← METTA (sign) ← BODHI (isolate) ← NIRVANA (kill if needed) ←
Policies are YAML:
yamlpermissions:
file_system:
read: ["/data/*"]
write: []
network:
allowed_domains: ["api.anthropic.com"]
cost:
max_per_request: 0.10
max_per_session: 5.00
kill_conditions:
- token_count > 100000
- execution_time > 300s
- error_rate > 0.5
The key insight from running agents in production: most failures aren't the model being malicious — they're the model being helpful in ways you didn't anticipate. DHARMA and SANGHA catch those before they execute.
Happy to go deeper on any layer.
A bit more on the architecture: Each layer is a middleware that wraps the agent's execution loop. When an agent calls a tool or spawns a subagent, the request passes through the stack: Agent Request → SUTRA (rate limit) → DHARMA (permissions) → SANGHA (skill check) → KARMA (cost) → Execute ↓ Agent Response ← SILA (audit log) ← METTA (sign) ← BODHI (isolate) ← NIRVANA (kill if needed) ← Policies are YAML: yamlpermissions: file_system: read: ["/data/*"] write: [] network: allowed_domains: ["api.anthropic.com"] cost: max_per_request: 0.10 max_per_session: 5.00
kill_conditions: - token_count > 100000 - execution_time > 300s - error_rate > 0.5 The key insight from running agents in production: most failures aren't the model being malicious — they're the model being helpful in ways you didn't anticipate. DHARMA and SANGHA catch those before they execute. Happy to go deeper on any layer.