Skip to content

ADR-001: Ron Guardian Operates in Detective Mode

Status

ACCEPTED - 2026-01-22

Context

During Foundation Audit 17 (Ron Enforcement), we discovered that Ron Guardian validates 10+ patterns but operates in detective mode (post-execution) rather than preventive mode (pre-execution).

Current Behavior: - Ron monitors agent sessions AFTER they complete - Validates: HALT integrity, file hashes, boundaries, dangerous patterns, team violations - Creates notifications and alerts when violations detected - Cannot PREVENT violations, only DETECT them

The Question: Should Ron be redesigned to block violations before they occur?

Decision

We accept detective mode for the current phase.

Ron will continue to operate post-facto, detecting and reporting violations rather than preventing them.

Rationale

Arguments FOR Detective Mode (Current)

  1. Simplicity: No latency added to agent execution path
  2. No false positives blocking work: Agents can proceed, violations caught and fixed
  3. Learning opportunity: Violations provide data for improving agent instructions
  4. Low violation rate expected: Well-designed agent identities should rarely violate
  5. Human review available: Dirk-Jan reviews violations and applies fixes
  6. Enterprise-grade later: Can add preventive layer when evidence shows need

Arguments AGAINST (Rejected for now)

  1. Violations occur before detection: Damage may be done
  2. Rollback complexity: May need to undo agent work
  3. Security posture: Preventive is theoretically stronger

Why Detective Mode is Acceptable

  • Agent count is low (7 active currently)
  • No critical violations observed in testing
  • Human-in-the-loop catches issues quickly
  • Tiered identity system provides guardrails at instruction level
  • Complexity cost of preventive mode not justified yet

Consequences

Positive

  • Simpler architecture
  • No execution latency
  • Violations become learning data
  • Can upgrade later with evidence

Negative

  • Violations not prevented, only detected
  • Potential for brief periods of non-compliance
  • Requires human vigilance on notifications

Mitigation

  • Ron runs integrity sweeps every 10 seconds (spot checks)
  • Full sweep every hour
  • File-based notifications for immediate visibility
  • Redis metrics for tracking violation counts
  • Escalation to HALT if critical patterns detected

Review Trigger

Re-evaluate this decision when: - Violation count exceeds 5 per week - Critical violation occurs that causes data loss or security breach - Agent count exceeds 20 active concurrent - Client work begins (higher stakes)

  • Audit 17: Ron Enforcement (17-ron-enforcement-20260121-2354.md)
  • Foundation Report (22-foundation-report-20260122-1132.md)

Decision Made By: Dirk-Jan Huizingh (CEO) Documented By: Foundation Audit Process Date: 2026-01-22