Zero-Tolerance Compliance
Definition
For hard policy limits (e.g. never process a refund over a threshold), enforcement must live in the application layer that intercepts tool calls, not in prompt instructions — because model discretion is unreliable.
Key points
- The trap: relying on emphatic system prompts ("CRITICAL POLICY: NEVER process >$500") still yields a 3% failure rate.
- The architectural standard:
- Implement an application-layer hook to intercept tool calls.
- When the process amount exceeds the threshold, block it server-side and invoke escalation.
- Model discretion is removed.
- Diagram: AI Agent → Application-Layer Intercept →
process_refund($847)blocked → routed to Human Escalation. - This is enforcement at the application layer, not prompt instructions — the same principle as PreToolUse hook enforcement (the only reliable enforcement for financial/destructive ops).
- On the Architect's Reference Matrix this is the Compliance/Control × Customer Support cell ("App-Layer Intercepts").
Why it matters for the exam
- README study focus item. Compliance scenarios: the correct answer is a deterministic server-side intercept, not a stronger prompt.
Common gotchas
- "Make the system prompt more emphatic" is always wrong for hard limits — 3% still slips through.
- Enforcement is server-side/application-layer, invoking escalation on block.
See also
Sources
Referenced by
Practice questions optional · AI
Generate fresh practice questions about this concept with AI. These are not vault-verified.