Safety Gates
Overview
ATA includes three mandatory safety gates that cannot be bypassed. If any gate fails, the action is vetoed regardless of its score.
Critical: Safety gates are the last line of defense. Your application MUST handle override responses appropriately.
Gate Types
| Gate | Parameter | Override Code | Priority |
|---|---|---|---|
| Safety | safety_ok | 2 | Highest |
| Mission | mission_ok | 3 | Medium |
| Ethics | ethics_ok | 4 | Lower |
How They Work
Gates are evaluated in priority order. The first failing gate determines the override reason:
if not safety_ok:
return override(reason_code=2, "Safety veto")
elif not mission_ok:
return override(reason_code=3, "Mission veto")
elif not ethics_ok:
return override(reason_code=4, "Ethics veto")Handling Overrides
result = ata.decide(actions=[0, 1, 2], safety_ok=check_safety())
if result.is_success:
execute_action(result.action_id)
elif result.is_safety_override:
# Safety critical - immediate stop
trigger_emergency_stop()
elif result.is_mission_override:
# Mission constraint - may continue safely
log_mission_violation()
elif result.is_ethics_override:
# Ethics constraint
request_human_review()Best Practices
- Always set
safety_okbased on real sensor data - Never hardcode safety flags to
Truein production - Log all override events for audit
- Test override handling thoroughly