In my last post, I wrote about why "Always-Online" AI agents fail in the real world and how to build an offline-first architecture.
But solving the connectivity problem introduces a much scarier problem: Autonomous Risk. When an AI agent is operating offline or at the edge, it is making decisions without immediate human oversight. LLMs are notoriously "confident idiots", they will happily generate code that grants isAdmin=true to a guest user, or confidently drop a database table because it misunderstood a prompt.
If you are building Agentic workflows, you cannot just hook an LLM directly to your execution environment. You need a middleman.
In my Contextual Engineering framework, we call this the Constitutional Sentinel.
What is a Constitutional Sentinel?
A Sentinel is a deterministic safety layer (hardcoded logic) that wraps around your probabilistic AI agent. Before the agent is allowed to execute any tool_call or API request, the Sentinel intercepts the payload, evaluates it against a set of hard constraints (the "Constitution"), and decides whether to:
Allow the execution.
Block the execution and return an error to the agent to try again.
Escalate to a Human-in-the-Loop (HITL).
The Implementation (Python)
Here is a simplified look at how to implement a Sentinel pattern to catch dangerous agent actions before they execute.
class ConstitutionalSentinel:
def __init__(self):
# Hardcoded constraints the AI is NEVER allowed to break
self.banned_actions = ["drop_table", "delete_user", "grant_admin"]
self.max_spending_limit = 50.00
def evaluate_action(self, agent_proposed_action, payload):
"""
Intercepts the agent's decision BEFORE execution.
"""
print(f"π Sentinel Intercept: Evaluating '{agent_proposed_action}'...")
# 1. Check for universally banned actions
if agent_proposed_action in self.banned_actions:
return self._block(f"Action '{agent_proposed_action}' violates core safety constitution.")
# 2. Check context-specific constraints (e.g., financial limits)
if agent_proposed_action == "issue_refund":
amount = payload.get("amount", 0)
if amount > self.max_spending_limit:
return self._escalate_to_human(agent_proposed_action, amount)
# 3. If it passes all checks, allow execution
return self._allow()
def _block(self, reason):
print(f"β BLOCKED: {reason}")
# Return context back to the LLM so it can correct its mistake
return {"status": "blocked", "feedback": reason}
def _escalate_to_human(self, action, context):
print(f"β οΈ ESCALATED: Human approval required for {action} ({context})")
return {"status": "pending_human_review"}
def _allow(self):
print("β
ALLOWED: Action passed constitutional checks.")
return {"status": "approved"}
# --- Example Usage in your Agent Loop ---
sentinel = ConstitutionalSentinel()
# The AI Agent decides it wants to grant admin access based on a user prompt
proposed_action = "grant_admin"
payload = {"user_id": "9942"}
# The Sentinel intercepts it
decision = sentinel.evaluate_action(proposed_action, payload)
if decision["status"] == "approved":
execute_tool(proposed_action, payload)
else:
print("Execution halted. Agent must rethink or wait for human.")
Why "Green Checkmarks" Are Dangerous
Without a Sentinel, your tests might pass because the AI successfully generated the correct JSON structure for the API call. But structurally correct doesn't mean logically safe.
The Sentinel shifts your architecture from "Assuming the AI is right" to "Assuming the AI is a liability." It forces the system to prove its safety deterministically.
The Full Blueprint
The Constitutional Sentinel is just one piece of the Contextual Engineering architecture.
If you want to see how this Sentinel integrates with the Sync-Later Queue and the Hybrid Router to build resilient, offline-first AI for low-resource environments, Iβve open-sourced the complete reference manuscript.
You can download the full PDF on Zenodo for free (recently crossed 200+ downloads by other builders!):
π https://zenodo.org/records/18005435
Letβs stop building agents that just "work," and start building agents we can actually trust.
Top comments (0)