RunplaneAI Overview

Execution Safety Philosophy

AI Safety Model

Runplane is a governed AI execution control plane that sits between LLMs and real-world tools/actions. This document describes the safety philosophy, enforcement model, and failure handling.

Key distinction: Runplane governs execution, not reasoning. It is not an LLM, not an agent framework, not a chatbot, and not a workflow automation tool.

Core Safety Principle

LLMs should never directly execute tools without governance.

Runplane operates on the principle that AI agents must pass through a deterministic safety gate before any real-world action. This gate evaluates every action against policy, computes risk, and enforces a decision before execution proceeds.

Scope of Governance

Runplane governs execution, not reasoning. The distinction is critical:

What Runplane Controls

  • • Tool execution (API calls, database queries)
  • • External side effects (payments, messages)
  • • State mutations (creates, updates, deletes)
  • • Resource access (files, services, infrastructure)

What Runplane Does Not Control

  • • LLM reasoning or planning
  • • Prompt content or generation
  • • Agent decision-making logic
  • • Model selection or configuration

Decision Types

Every action evaluated by Runplane results in one of three deterministic decisions:

ALLOW

Action meets policy requirements. Execution proceeds immediately.

Use case: Read operations, low-risk mutations within established limits.

REQUIRE_APPROVAL

Action requires human review. Execution pauses until approval or denial.

Use case: High-value transactions, sensitive data access, irreversible operations.

BLOCK

Action violates policy. Execution is prevented. Error returned to agent.

Use case: Prohibited operations, policy violations, unauthorized access attempts.

Risk Scoring

Runplane computes a risk score for every action based on multiple factors:

Action Type

Inherent risk of the operation (read vs. delete)

Target Resource

Sensitivity of the affected system or data

Context Parameters

Amount, scope, or scale of the operation

Historical Patterns

Deviation from normal agent behavior

Human-in-the-Loop

When an action receives REQUIRE_APPROVAL, the execution flow pauses:

  1. 1

    Queue Entry: Request added to approval queue with full context

  2. 2

    Notification: Configured reviewers notified via dashboard, email, or webhook

  3. 3

    Review: Human reviews action, context, and risk assessment

  4. 4

    Decision: Approver selects APPROVE (execute) or DENY (block)

  5. 5

    Resume: SDK receives decision and either executes or returns error

Failure Handling

Runplane is designed to fail safely. When errors occur:

Network Failure

SDK retries with exponential backoff. If Runplane is unreachable, execution is blocked by default (fail-closed). Configurable timeout behavior.

Policy Evaluation Error

If policy cannot be evaluated, action is blocked. Error details logged for debugging.

Approval Timeout

Configurable timeout for pending approvals. Default behavior: auto-deny after timeout.

Tool Execution Failure

If tool fails after ALLOW decision, error is logged with full context. Runplane does not retry tool execution automatically.

Audit Trail

Every decision is recorded with complete context:

  • Timestamp, agent identity, and request ID
  • Action type, target, and context parameters
  • Policy evaluated and decision rendered
  • Risk score and contributing factors
  • Approval history (if applicable)
  • Execution outcome (success, failure, error)

Related AI Documentation