A controlled blacksite for discovering failure modes, unsafe behaviors, and policy boundaries before they reach the wider agentic ecosystem.

Chaos Lab is the deliberately adversarial counterpart to Integration Studio.

It is designed to explore:

• Incorrect usages
• Dangerous configurations
• Edge cases
• Misleading assumptions
• API inconsistencies
• Behavior under stress, absence, or failure
• Situations where agents might make unsafe or unintended decisions

Where Integration Studio documents the correct path, Chaos Lab documents the paths that should never be taken without explicit human intent.

Nothing in Chaos Lab is assumed safe. Nothing in Chaos Lab is assumed correct. Everything in Chaos Lab exists to reveal what can go wrong.

Chaos Lab is explicitly isolated from Operator and all downstream automations.

Chaos Lab exists to answer two questions:

1. What breaks?
2. How does it break, and what does that break imply for humans or agentic tools?

More formally, Chaos Lab aims to:

• Identify structural weaknesses in integrations or workflows
• Explore ambiguous or undocumented API behaviors
• Surface emergent risks (race conditions, silent failures, destructive defaults)
• Produce negative examples that help agents avoid catastrophic actions
• Derive policies that prevent harmful automation
• Create a record of why certain decisions must remain human-gated

Chaos Lab is your risk engine.

Chaos Lab produces the same structured artifact set as Integration Studio, but with inverted intent.

Each integration studied in Chaos Lab yields:

A human-readable explanation of:

• Failure modes and unsafe conditions
• Misconfigurations and their consequences
• “Looks-valid-but-is-not” patterns
• Ambiguous API behaviors
• Limits, rate caps, blocking conditions
• Silent failures (the most dangerous category)
• Anything that can lead to irreversible or expensive outcomes

This is not a “how to”—it’s a “how it breaks.”

A structured set of “red flag” prompts, constraints, and rules agents must obey when interacting with this integration.

Includes:

The top-level risk posture:

• What agents must never do
• What agents must ask humans before attempting
• What conditions invalidate an action
• What signals should be treated as untrustworthy
• What shadow behaviors have been observed

This is effectively policy-as-text.

• dangerous-ops.md
• do-not-autofix.md
• ambiguous-signals.md
• required-confirmations.md
• hazardous-defaults.md

These files explicitly encode “what not to do” patterns.

Chaos Lab prevents a fundamental failure mode of agentic systems:

Agents acting on unvetted negative signals can take irreversible actions without human awareness.

Examples:

• A misinterpreted error response becomes an automatic retry storm
• A malformed webhook is mistaken for a valid state transition
• An integration behaves differently under load, causing agents to misplan
• Ambiguous API fields cause destructive updates
• A policy gap allows an agent to execute a “safe-sounding” command that is not safe
• An agent reads an Optimization Studio artifact and “corrects” something catastrophically
• A Chaos Lab discovery accidentally leaks into production decision-making

Chaos Lab acts as the quarantine zone that prevents these patterns from escaping.

It is the negative mirror of Integration Studio.

Chaos Lab does not feed Operator automatically.

This boundary is absolute.

Chaos Lab only outputs artifacts that:

• Humans can review
• Humans can approve
• Humans can choose to promote into the broader system

Operator may consume Chaos Lab artifacts only after explicit manual promotion, never through automatic ingestion.

This ensures:

• No accidental policy contamination
• No unreviewed negative rules
• No agent misinterpretation of unstable findings

Chaos Lab is designed to keep bad signals bad, not elevate them.

A typical Chaos Lab cycle:

1. Select integration or workflow to stress-test.
2. Define incorrect, invalid, or unsafe scenarios.
3. Trigger misconfigurations, bad inputs, or contradictory states.
4. Observe and capture all failure behaviors.
5. Document them in CONTEXT.md (negative version).
6. Generate policies that agents must follow.
7. Identify which findings are severe enough for Operator.
8. Only export via explicit, human-controlled promotion.

There is no automated propagation into Operator. There is no default trust boundary.

Chaos Lab is grounded in high-discipline operational principles:

• Safety first No negative insight escapes by accident.

• Documentation of failure Capturing every caveat enables safer agentic behavior.

• Explicit human gating No agent should ever act on Chaos Lab findings without human approval.

• Isolation Chaos Lab is not production, not orchestration, not automation. It is a blacksite.

• Truth-seeking Failure modes are not hypothetical—they are empirical.

Planned improvements:

• Stress-testing frameworks
• Integration diffing (behavior over time)
• Chaos replay harness (reproduce failures deterministically)
• Policy synthesis engine
• Risk scoring for integrations
• Negative capability embeddings for agent alignment