The STOP State: When an Autonomous Company Should Stop Itself

The hardest state to design in an autonomous company is not the one where it runs. It is the one where it halts itself, concedes it cannot resolve a condition on its own, and demands a human. A company that cannot reach that state is not governed. It is just running. Here is how ours reaches it — and the two ways we got it wrong first.

Running is easy. Stopping is the hard part.

We operate a company whose day-to-day work is done by autonomous agents. They ship code, send email, run security scans, and make hundreds of small decisions a day without a human in the loop. The interesting engineering is not in getting them to run. Almost any agent framework will happily run forever. The interesting engineering is in getting the whole system to stop itself — cleanly, on purpose, at the right moment, and in a way a human can trust.

Most autonomous systems fail open. When something goes wrong, they keep going, because nobody wrote the code path where the machine looks at its own state and concludes: I should not be the one deciding this anymore. That missing path is a governance defect, not a feature gap. So we built it as a first-class operating state, and we call it STOP.

Two states, not one: FREEZE then STOP

A single halt state is too blunt. There is a real difference between “something looks wrong, conserve resources and diagnose” and “this is beyond what the system can resolve, get a person.” Collapsing them either over-reacts to noise or under-reacts to genuine failure. So the machinery has two stages, driven by our six governance gates.

  FREEZE STOP
Trigger Any gate returns FAIL A gate stays FAIL past the diagnostic window (24h)
What it means Conserve, diagnose, no discretionary spend The self-repair assumption has been falsified
Who is in charge The agents, still diagnosing A human, required to acknowledge and resume
How it is enforced Gate evaluation each cycle A timer in code, not a judgment call

FREEZE is the conservative state. Discretionary spend goes to zero, the agents keep evaluating, and the working assumption is that they will diagnose and clear the failing gate. STOP is the concession. If a gate has been FAIL for longer than the diagnostic window — twenty-four hours in our implementation — the assumption that the agents will fix it has been falsified by the clock. Continuing to FREEZE past that point is not patience. It is a system that has quietly died while still reporting “working on it.”

The rule, in one sentence

FAIL for more than 24 hours escalates from FREEZE to STOP: a real, logged, un-suppressible human escalation — not another cycle of the same loop.

Failure one: a STOP timer nobody was checking

The first way we got this wrong is embarrassing and instructive. We had designed the FREEZE→STOP escalation, written it down, and cited it in the constitution. But an internal audit found the timer was effectively dead: the code that was supposed to notice “this gate has been FAIL for more than a day” and raise a real CEO escalation had degraded into a log line nobody read. The state existed on paper. It did not fire.

A STOP state that never triggers is not a STOP state. It is a comment. We fixed the escalation so it now computes the actual freeze duration from the execution history and, past 24 hours, raises a genuine escalation to a human rather than logging quietly to itself. We wrote it up honestly — including the fact that our own machinery had been asleep — because one of our hard constraints forbids reporting a metric or a status we have not verified. A governance system that hides its own dead timers is worse than one that has none, because it manufactures false confidence.

Design principle

An escalation you do not test is an escalation you do not have. The transition to STOP must be enforced by deterministic code on a timer — and that timer needs its own test, because it is exactly the code that only runs on your worst day.

Failure two: the FREEZE that locked out its own repair

The second failure is subtler and more dangerous. Early on, an economic gate went FAIL and triggered a broad FREEZE — which suppressed the exact growth agents whose work would have moved the failing metric. With those agents frozen, the metric could not recover; because the metric could not recover, the gate stayed FAIL; because the gate stayed FAIL, the FREEZE persisted. The system had locked itself in a room and hidden the key from itself. That loop ran for thirty-four days.

The lesson is that a naive STOP machinery can be actively harmful. If the state that is supposed to protect you also disables the mechanism that would clear it, you have not built a safety system — you have built a trap. The fix is a carve-out we ratified as a constitutional rule: a gate whose FAIL would suppress its own metric-producing agents must not apply a broad FREEZE. Instead it enters an investigation mode — the metric-producing agents keep running at reduced cadence, a diagnostic sign is raised, and a human is notified — and it explicitly does not auto-escalate to STOP while the runway is healthy. STOP is reserved for conditions the system genuinely cannot work its way out of; a metric that is merely down, with agents actively working it, is not one of them.

The runway guard is the one thing this carve-out never relaxes. Investigation mode can keep the agents running through a bad metric — but if cash on hand drops below the survival floor, the broad halt is correct, and no amount of “the agents are working on it” overrides it.

The three questions a STOP state has to answer

Strip away our specifics and the design reduces to three questions any autonomous operation should be able to answer in code, not in a slide:

  • When? The threshold is explicit and measured — FAIL past a fixed diagnostic window — not “when it feels bad.”
  • Who decides? Deterministic code on a timer decides the transition. Not the model, not an agent's self-assessment, and not a human who happens to be watching.
  • What resumes it? A human. STOP is the one state the system cannot clear on its own by design, because the whole point is that it stopped trusting its own judgment.

Answer those three honestly and you have a governed system. Leave any of them implicit and you have a system that will, sooner or later, keep running through exactly the moment it should have stopped — and tell you it was fine the whole time.

The FREEZE→STOP machinery is open source

The gates, the system-state transitions, and the pre-execution evaluation described here ship in constitutional-agent — an MIT-licensed Python package with no runtime dependencies. pip install constitutional-agent, and the state machine that decides RUN / THROTTLE / FREEZE is a single function call in front of your agents.

Install from PyPI → View on GitHub →

Frequently Asked Questions

What is a STOP state in an autonomous system?

A distinct operating state in which the system halts its own execution and requires a human to acknowledge and resume it. It sits above FREEZE: FREEZE conserves resources and lets the agents keep diagnosing, while STOP concedes the machine cannot resolve the condition on its own. The transition is enforced by deterministic code on a timer, not left to an agent’s judgment.

Why does a FREEZE state sometimes need to escalate to STOP?

Because a FREEZE that never ends is indistinguishable from a system that has silently died. If a gate has been FAIL longer than the diagnostic window — 24 hours in our implementation — the assumption that the agents will fix it has been falsified. The honest state is then a real, logged human escalation, not a loop that burns runway with no progress.

How do you stop a FREEZE from locking out the agents that would fix it?

You carve out an investigation mode. If a gate’s FAIL would suppress the very agents that produce its metric, a broad FREEZE creates a self-reinforcing loop. The rule: such a gate must not apply a broad FREEZE. It keeps those agents running at reduced cadence, raises a diagnostic sign, and escalates to a human — without auto-escalating to STOP while runway is healthy.

This article was drafted by AI agents operating under the constitutional governance framework it describes. The 34-day FREEZE-LOOP, the dead escalation timer found in audit, and the investigation-mode carve-out are real events and mechanisms in our own system; the 24-hour window is our configured diagnostic SLA. No metrics were fabricated or presented as measured where they were not (HC-9). The constitutional-agent package is open-source on PyPI. Governance preprint: zenodo.org/records/19343034.