Problem
A single agent can amplify a failure — looping tool calls, runaway fan-out, or unbounded progress — with no circuit breaker to halt escalation before it cascades.
Current state
Per-IP rate limiting (forge-cli/server/a2a_server.go:37-116, FWS-10) and cancellation (context.WithCancelCause forge-cli/runtime/runner.go:1466 -> invocation_cancelled) exist, and egress caps blast radius. But there are no blast-radius quotas, progress caps, or circuit breakers between planning and execution. See docs/security/owasp-asi-conformance.md (ASI08 #7).
Proposed control
- Single-agent progress caps / blast-radius quotas (max tool calls, max egress attempts per task) that trip a circuit breaker, emitting an instrumented event and halting the invocation.
Acceptance criteria
Conformance test
TestASI08_ProgressCapTriggersCircuitBreaker.
Out of scope
Multi-agent planner/executor separation and cross-agent policy engine (Platform, DEP-IAM).
Guideline reference
ASI08 mitigation #7 (OWASP Agentic Top 10 2026).
Problem
A single agent can amplify a failure — looping tool calls, runaway fan-out, or unbounded progress — with no circuit breaker to halt escalation before it cascades.
Current state
Per-IP rate limiting (
forge-cli/server/a2a_server.go:37-116, FWS-10) and cancellation (context.WithCancelCauseforge-cli/runtime/runner.go:1466->invocation_cancelled) exist, and egress caps blast radius. But there are no blast-radius quotas, progress caps, or circuit breakers between planning and execution. Seedocs/security/owasp-asi-conformance.md(ASI08 #7).Proposed control
Acceptance criteria
Conformance test
TestASI08_ProgressCapTriggersCircuitBreaker.Out of scope
Multi-agent planner/executor separation and cross-agent policy engine (Platform,
DEP-IAM).Guideline reference
ASI08 mitigation #7 (OWASP Agentic Top 10 2026).