Physical circuit breakers that halt all agent operations independent of software state. Jitter monitoring, heartbeat enforcement, and EU AI Act Article 14 compliance.
Software kill switches are configuration flags. A compromised agent, a buggy deployment, or a malicious operator can disable them. Hardware kill switches operate at a layer below the agent's reach — inside the Nitro Enclave, using lock-free atomic state that cannot be bypassed.
The kill switch uses AtomicU8 with SeqCst ordering for cross-thread visibility. Once in Red state, only manual_reset() can restore operation — there is no auto-recovery. This is mandated by EU AI Act Article 14.
The kill switch drives the system through three states:
1Green →(jitter > threshold)→ Red2Green →(missed heartbeat)→ Yellow3Yellow →(jitter > threshold)→ Red4Red →(manual_reset)→ Green
| State | Meaning | Signing Allowed | Recovery |
|-------|---------|-----------------|----------|
| Green | Normal operation — all systems nominal | Yes | N/A |
| Yellow | Warning — missed heartbeat detected | Yes (degraded) | Next successful heartbeat stays Yellow; manual_reset() clears |
| Red | Halted — jitter exceeded threshold | No | manual_reset() only (human operator) |
The jitter monitor checks signing latency against a configurable threshold. A single jitter sample exceeding the threshold immediately transitions to Red — there is no grace period, no consecutive-sample counter.
1// KillSwitch::check_jitter — a single overage trips Red2pub fn check_jitter(&self, current_jitter_us: u64) {3 if current_jitter_us > self.jitter_threshold_us {4 self.state.store(STATE_RED, Ordering::SeqCst);5 }6}
The default threshold is 50us (configurable at enclave boot). This value was chosen because:
The kill switch requires a heartbeat every 100ms. A missed heartbeat transitions Green to Yellow:
1// KillSwitch::heartbeat — must be called every ≤100ms2pub fn heartbeat(&self) {3 let now = Instant::now();4 if now > *deadline {5 // Missed heartbeat: Green → Yellow6 if current == STATE_GREEN {7 self.state.store(STATE_YELLOW, Ordering::SeqCst);8 }9 }10 // Advance deadline by another 100ms11 *deadline = now + Duration::from_millis(100);12}
Yellow is a warning state — signing continues but the system is degraded. Yellow does not auto-clear; it requires either a manual reset or stays Yellow until jitter triggers Red.
Missed heartbeats do not clear Red state — only manual_reset() can do that.
When a kill switch trips to Red:
manual_reset() via the Command Center1// Only authorized path from Red → Green2pub fn manual_reset(&self) {3 self.state.store(STATE_GREEN, Ordering::SeqCst);4 *deadline = Instant::now() + Duration::from_millis(100);5}
There is no auto-recovery. This is intentional — EU AI Act Article 14 requires human oversight for high-risk AI systems.
Beyond jitter, the alpha-engine layer enforces financial circuit breakers:
| Parameter | Default | Purpose | |-----------|---------|---------| | Max drawdown | 2.5% of equity | Halts if cumulative losses exceed threshold | | Max order size | $10,000 | Prevents outsized transactions | | Drawdown window | 60 seconds (rolling) | Time window for loss calculation |
These operate at the trading strategy level (alpha-engine crate), complementing the enclave-level jitter kill switch.
The EU AI Act (effective August 2026) requires high-risk AI systems to implement:
ZeroCopy satisfies all three:
| Requirement | Implementation |
|-------------|----------------|
| Human oversight | Command Center dashboard with real-time state monitoring |
| Stop mechanism | Kill switch: single jitter overage → immediate Red. manual_reset() is the only recovery path. |
| Interpretability | Attestation trail with policy evaluation logs (see Attestation Trail) |
Software-only solutions require auditors to trust that the kill switch was running and wasn't bypassed. With hardware attestation, auditors can verify the PCR0 hash — cryptographic proof that the kill switch code was loaded and running at the time of every transaction.
This shifts compliance from "trust the operator" to "verify the math."