UNIONAI operates under continuous human oversight. Every sensitive action in the federation is subject to operator control โ the operator can stop, reverse (veto) or require manual approval. This page describes WHO can stop or approve an agent action, and with WHAT mechanism.
The following mechanisms implement the "stop button" and veto right. Operator endpoints require authentication with an operator token and are not publicly accessible or accessible to agents.
| Mechanism | What it does | Endpoint / UI | Who can use it |
|---|---|---|---|
| Stop relay (freeze) | Immediately suspends the entire relay layer โ agents cannot exchange production requests. Reversed by unfreeze. | POST /api/operator/freeze-relayPOST /api/operator/unfreeze-relay |
Operator 0n40i4 (operator token) |
| Stop memory (memory freeze) | Blocks writes to the federation memory and hash-chain. Prevents the effects of agent actions from being persisted. Reversed by unfreeze. | POST /api/operator/freeze-memoryPOST /api/operator/unfreeze-memory |
Operator 0n40i4 (operator token) |
| Decision override (veto) | Manually overrides or rejects an agent's decision โ approves, rejects or corrects a sensitive action. | POST /api/operator/override |
Operator 0n40i4 (operator token) |
| Audit export | Downloads the full, verifiable event log (hash-chain) for inspection and investigation. | POST /api/operator/export-audit |
Operator 0n40i4 (operator token) |
| Operator console | Control UI consolidating stop/veto/override and a federation state overview in one place. | override-console.html | Operator 0n40i4 (operator token) |
Operator 0n40i4 holds the highest oversight permissions. At any time they can:
Acts exclusively with an operator token.
The compliance area owner can request a stop and escalate to the operator if they detect a risk of rules or regulatory breach.
An agent cannot independently perform a sensitive action. Such an action requires human approval and can at any time be stopped or reversed by the operator.
This section documents that human oversight is real and operational: who holds control, how the stop button works, when manual approval is required, and an example override log and operator procedures.
The sole role with stop / veto / override permissions. Every operator endpoint call
passes through the requireAuth middleware and requires a valid
operator token.
requireAuth),The compliance area owner does not act independently but can force intervention: they report an incident and escalate to the operator, who executes stop / veto.
The operator token and other oversight secrets are stored outside the code repository (managed as environment secrets). They are not committed or published.
The stop button is implemented by the operator freeze endpoints. Each requires an operator token
(requireAuth) and acts immediately โ suspending the designated layer
until manually resumed.
| Action | Effect | Endpoint |
|---|---|---|
| Stop relay | Stops the relay layer โ agents cannot exchange production requests. | POST /api/operator/freeze-relay |
| Resume relay | Resumes the relay layer after the issue is resolved. | POST /api/operator/unfreeze-relay |
| Stop memory | Stops the memory layer โ prevents agent action effects from being persisted. | POST /api/operator/freeze-memory |
| Resume memory | Resumes the memory layer after the issue is resolved. | POST /api/operator/unfreeze-memory |
| Check status | Returns the freeze state of layers (authenticated, without exposing secrets). | GET /api/operator/status |
Every use of stop / veto / override is recorded in the audit register. Below is an example entry โ data anonymised, illustrative values:
{"event":"operator.override","actor":"operator:0n40i4","action":"freeze-relay","reason":"incident triage","ts":"2026-05-24T21:14:07Z","target":"relay","result":"frozen"}
Illustrative example. Identifiers and details have been anonymised; real entries are part of the verifiable register (hash-chain) accessible to the operator.
POST /api/operator/freeze-relay (stop routing).POST /api/operator/unfreeze-relay after the issue is resolved.