Framework
Substrate Pattern
A safety architecture for LLM-powered AI agents. The layer below the model that decides what the agent is allowed to do, and what it is not.
The four substrates
Memory substrate
The persistent layer that defines what the agent can remember. Scoped per user, per session, per tenant. With explicit promotion rules: when does an episodic memory become a semantic memory?
Tool substrate
The layer that defines what tools the agent can call. Each tool has a scope, a rate limit, and an audit requirement. The agent can only call tools that are in its current scope.
Action substrate
The layer that defines what the agent is allowed to do. Each action has a pre-condition, a post-condition, and a rollback. The runtime enforces these before and after the action runs.
Identity substrate
The layer that defines who the agent is acting on behalf of. The user, the tenant, the session. Every action is attributed to a specific identity, with a chain of custody for audit.
Principles
Make the wrong thing impossible
Use types, schemas, and validators — not prompts — to keep the agent on-rails. The agent cannot call a tool that is not in its scope, regardless of what the prompt says.
Default deny
Every action, every tool, every memory is denied by default. The runtime grants access explicitly, based on the agent's current context. Deny-by-default is the only way to make safety auditable.
Layered safety
Each substrate is an independent safety layer. Each one can be tested against the others. The point of failure in any one layer is the safety net in another.
Observable by design
Every substrate emits structured events. The runtime can be observed in production. The agent's behavior is auditable after the fact.
FAQ
What is the Substrate Pattern?
The Substrate Pattern is a safety architecture for LLM-powered AI agents. It is the layer below the model that decides what the agent is allowed to do, and what it is not. The pattern decomposes agent safety into four substrates: memory, tool, action, and identity. Each substrate is independent and can be tested in isolation.
Why do AI agents need a safety architecture?
Most agent demos are impressive. Most agent production deployments are held together with hope. The Substrate Pattern is the answer to "how do I make this agent safe in production?". It gives you a layered, testable, auditable safety architecture that does not depend on the prompt being clever.
How is the Substrate Pattern different from Constitutional AI or RLHF?
Constitutional AI and RLHF are training-time techniques: they make the model less likely to do bad things. The Substrate Pattern is a runtime technique: it makes the agent unable to do bad things, regardless of what the model says. Both are necessary. The Substrate Pattern is the runtime safety net.
Who uses the Substrate Pattern?
The Substrate Pattern was developed at Neul Labs and is the foundational safety pattern for the Neul Labs agent runtime. It has been applied in production at regulated financial-services firms, with agent guardrails presented to the FCA sandbox and has been adopted by several AI teams building production agent systems.
Where can I read the Substrate Pattern paper?
The Substrate Pattern is published as a framework, not a paper. The full technical specification is on the Neul Labs docs at docs.neullabs.com. A short essay is in the writings section of this site.
Related
- Defence in Depth — kill switches and circuit breakers for AI agents
- Tiered Governance Model — AI governance for banks, insurers, and asset managers
- Vibes Inside Guardrails — AI-assisted development done right
- dipankar.co AI agent infrastructure consulting