This repo is a field guide to recurring failure patterns in modern autonomous systems.
It groups concrete mechanisms under the CWE-1000 pillars so they are easier to review, compare, and extend.
What
A set of failure modes that show up in agentic runtimes, tool-using systems, and automation workflows.
The point is to make the failure easy to inspect:
- what failed
- why it failed
- what invariant was missing
- what would restore it
Why
CWE is useful, but broad. Incidents are useful, but narrow. This atlas tries to sit between the two.
The entries are meant to be reusable across systems, not tied to one stack or one postmortem.
How To Use It
Use it during:
- design review
- threat modeling
- launch readiness review
- implementation review
- postmortem cleanup
Start from the taxonomy if you already know the weakness class. Start from the symptom if you do not.
Each entry shows:
- the failure
- the mechanism
- the violated invariant
- the remediation
- the restored invariant
- FM-002 Extension Authority Persistence: Ironclaw
- FM-007 Identity Map Bijection Break: Near MPC
- FM-009 Progress Stall Detection Gap: LangChain
See All
How To Contribute
Add an entry when you can name a reusable mechanism, not just an isolated incident.
Each entry should:
- classify the entry under one CWE-1000 pillar
- describe one failure pattern per file
- choose a descriptive slug that names the mechanism, not the incident
- make the broken boundary or hidden assumption explicit
- include a short pseudo-Python example
- name the invariant that was violated
- describe the remediation in terms of the invariant it restores
The template and authoring rules live here:
- AGENTS.md defines the repository-wide contract, template, taxonomy, and authoring rules
- atlas/AGENTS.md adds local guidance for files under
atlas/