Safe Nodes

In standard agentic frameworks, a "Node" is often just a function with no guardrails. If you give an agent a fs.write node, it has root access to your file system.

Happen introduces the concept of Safe Nodes.

A Safe Node is a standard Happen Node that has been wrapped in a protective shell. It looks and acts like a normal node—it accepts events and emits results—but it enforces a strict governance layer between the incoming request and the actual execution.

The "Defense in Depth" Model

When an agent interacts with a Safe Node (like a Terminal or File System node), the request doesn't go straight to the hardware. It passes through a series of invisible checks:

1. Telemetry: Every input and output is logged to the system's long-term memory for audit and replay.

2. Policy: User-defined rules are checked (e.g., "No network requests to non-whitelisted domains").

3. Safety: The system evaluates the consequence of the action before allowing it.

Invisible Governance

The magic of Safe Nodes is that the agent doesn't know it's being governed.

If an agent tries to execute rm -rf / on a Safe Shell Node, the node doesn't crash. Instead, it might intercept the command, pause execution, and emit a system.approval_needed event to the user UI.

This architecture is powered by a composable middleware pattern we call Liners, which allow you to "line" any dangerous capability with layers of safety logic without rewriting the core tool.

By using Safe Nodes, you can give your agents powerful tools—terminals, database access, API keys—with the confidence that the system will catch a mistake before it becomes a disaster.