A global kill switch is a blunt instrument. TameFlare's scoped kill switch lets you shut down traffic per connector, per gateway, or globally - without stopping agents that are working fine.

The problem with global kill switches

Most agent governance tools offer a single kill switch: on or off. When something goes wrong, you shut down everything. Every agent stops. Every workflow halts. Every integration goes dark.

This is the equivalent of pulling the building's main breaker because one light is flickering.

In production, you need surgical shutdown - the ability to stop the specific traffic that's causing problems while everything else keeps running.

How TameFlare's scoped kill switch works

TameFlare's kill switch operates at three levels:

Level 1: Per-connector

Stop all traffic to a specific API without affecting other integrations.

Activate via the dashboard: Settings → Kill Switch → Activate, scope: github.

Stripe, Slack, OpenAI traffic continues normally.

When to use: A connector is misbehaving, an API is returning errors, or you've detected suspicious activity targeting a specific service.

Level 2: Per-gateway

Stop all traffic from a specific agent/process without affecting other gateways.

Activate via the dashboard: Settings → Kill Switch → Activate, scope: deploy-bot.

Other gateways ("research", "support-bot") continue normally.

When to use: A specific agent is behaving erratically, but your other agents are fine. Common during development when one agent is being tested.

Level 3: Global

Stop all traffic across all gateways and connectors. The nuclear option.

Activate via the dashboard: Settings → Kill Switch → Activate, scope: all.

Resume when safe: Settings → Kill Switch → Deactivate.

When to use: A security incident affecting your entire agent fleet. You've detected credential compromise. You need to freeze all activity for investigation.

Why scope matters

Consider a real scenario: your company runs three agents.

Gateway	Purpose	Traffic
research-bot	Reads GitHub issues, searches docs	Low risk
deploy-bot	Merges PRs, triggers CI, deploys	High risk
support-bot	Posts Slack messages, creates tickets	Medium risk

At 2:47 AM, your monitoring alerts: deploy-bot just merged 14 PRs in 3 minutes. Something is wrong. With a global kill switch: You shut down everything. research-bot stops answering questions. support-bot stops responding to tickets. Your on-call engineer gets paged about three outages instead of one. With a scoped kill switch: You shut down deploy-bot. research-bot and support-bot continue normally. You investigate the deploy-bot issue in isolation, check the audit trail, and fix the policy gap.

The audit trail connection

Every kill switch activation is logged as an audit event:

{
  "event": "kill_switch.activated",
  "scope": "gateway",
  "target": "deploy-bot",
  "activated_by": "admin@company.com",
  "timestamp": "2026-02-10T02:47:33Z",
  "reason": "Automated: 14 merges in 3 minutes"
}

When you deactivate the kill switch, that's logged too. The audit trail shows exactly when traffic was stopped, who stopped it, and when it resumed. This is critical for incident reports and compliance reviews.

Kill switch + policies: defense in depth

The kill switch is your emergency brake. Policies are your seatbelt. They work together:

Policies prevent known-bad actions before they happen (deny branch deletion, require approval for merges)
Kill switch stops unknown-bad behavior when policies aren't enough (agent found a new way to cause damage)

A well-governed agent fleet has both:

Policies (always active)
  ├── deny: github.branch.delete
  ├── require_approval: github.pr.merge (to main)
  ├── allow: github.issue.create
  └── allow: github.pr.create

Kill switch (emergency only)
  ├── per-connector: stop GitHub traffic
  ├── per-gateway: stop deploy-bot
  └── global: stop everything

Dashboard integration

The TameFlare dashboard shows kill switch status in real time:

Header indicator - red dot when any kill switch is active

Gateway list - per-gateway kill switch toggle

Connector list - per-connector kill switch toggle

Audit log - all kill switch events with timestamps

You can activate and deactivate kill switches from the dashboard UI or the CLI. Both paths are logged.

Recovery workflow

After activating a kill switch:

Check the audit trail - what actions triggered the alert?
Review the policy gap - why didn't existing policies catch this?
Add or tighten policies - close the gap before resuming
Deactivate the kill switch - traffic resumes with the new policies in place
Monitor - watch the traffic log for the next hour

# 1. Check what happened
tf logs --gateway "deploy-bot" --last 30m

# 2. Add a missing policy (e.g., rate limit merges)
# (configure in dashboard)

# 3. Resume traffic via dashboard: Settings → Kill Switch → Deactivate

# 4. Watch
tf logs --gateway "deploy-bot" --follow

Comparison: TameFlare vs alternatives

Feature	TameFlare	Typical agent framework
Global kill switch	Yes	Sometimes (manual process kill)
Per-gateway kill switch	Yes	No
Per-connector kill switch	Yes	No
Kill switch audit trail	Yes	No
Dashboard toggle	Yes	No
CLI toggle	Yes	No
Automatic resume	Configurable	N/A

Getting started with scoped kill switches

Kill switches are available on all TameFlare plans, including the free Starter tier. See how TameFlare compares to other governance tools.

Create an account or read the docs
Set up gateways and connectors
The kill switch is always available - no configuration needed
Test it: open the dashboard, go to Settings → Kill Switch, and activate with scope "test"

The best time to test your kill switch is before you need it.

---

*TameFlare is a source-available transparent proxy gateway for AI agents. Read the docs for the full kill switch reference.*

Scoped Kill Switches: Surgical Shutdown for AI Agent Traffic