Skip to content

[ASI08] Blast-radius quotas + circuit breaker (planner/executor) — close ASI08 #7 #233

Description

@initializ-mk

Problem

A single agent can amplify a failure — looping tool calls, runaway fan-out, or unbounded progress — with no circuit breaker to halt escalation before it cascades.

Current state

Per-IP rate limiting (forge-cli/server/a2a_server.go:37-116, FWS-10) and cancellation (context.WithCancelCause forge-cli/runtime/runner.go:1466 -> invocation_cancelled) exist, and egress caps blast radius. But there are no blast-radius quotas, progress caps, or circuit breakers between planning and execution. See docs/security/owasp-asi-conformance.md (ASI08 #7).

Proposed control

  • Single-agent progress caps / blast-radius quotas (max tool calls, max egress attempts per task) that trip a circuit breaker, emitting an instrumented event and halting the invocation.

Acceptance criteria

  • Exceeding a configured progress/quota cap trips a circuit breaker and halts the invocation with an audit event.
  • Defaults are safe and configurable.

Conformance test

TestASI08_ProgressCapTriggersCircuitBreaker.

Out of scope

Multi-agent planner/executor separation and cross-agent policy engine (Platform, DEP-IAM).

Guideline reference

ASI08 mitigation #7 (OWASP Agentic Top 10 2026).

Metadata

Metadata

Assignees

No one assigned

    Labels

    asi08OWASP ASI08forge-coreAffects the forge-core library (runtime, security, types, llm, mcp, auth)owasp-asiOWASP Top 10 for Agentic Applications 2026 conformancesecuritySecurity vulnerability fixes

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions