Doctor Architecture: Anomaly Detection as Enterprise Metacognition in MARIA OS

Abstract

1. Introduction

An agentic company operates as a complex adaptive system where autonomous agents make decisions, execute tasks, and coordinate with each other in pursuit of organizational objectives. Like any complex adaptive system, it is vulnerable to perturbations — agents that malfunction, develop misaligned objectives, or produce cascading errors through influence propagation. In biological organisms, the immune system provides continuous monitoring, rapid response, and adaptive memory against such perturbations. The Doctor system plays an analogous role in MARIA OS.

The need for Doctor arises from a fundamental asymmetry in autonomous agent systems: the speed of action vastly exceeds the speed of human oversight. An agent can execute hundreds of decisions in the time it takes a human reviewer to evaluate one. Without automated anomaly detection, a malfunctioning agent can propagate errors through the organizational network before any human becomes aware of the problem. The damage is not proportional to the single agent's actions but to the cascade those actions trigger — one agent's anomalous behavior corrupts the inputs to dozens of downstream agents, each of which may produce further anomalous outputs.

Doctor addresses this by implementing a dual-model detection architecture that monitors agent behavior continuously and triggers graduated responses based on anomaly severity. The design philosophy is defense in depth: two independent detection models (Isolation Forest and Autoencoder) provide complementary coverage, graduated thresholds (soft throttle and hard freeze) provide proportional response, and integration with the Gate Engine enables dynamic governance adjustment that prevents cascades before they form.

2. Anomaly Detection Foundations

2.1 Isolation Forest Algorithm

The Isolation Forest (IF) algorithm operates on a simple but powerful principle: anomalous data points are easier to isolate than normal data points. The algorithm constructs an ensemble of random isolation trees, each built by recursively selecting random features and random split points to partition the data. Normal data points, which cluster with many similar points, require many splits to isolate — the expected path length is long. Anomalous data points, which differ significantly from the majority, are isolated quickly — the expected path length is short.

For agent behavior monitoring, each data point x represents a feature vector encoding a recent window of agent decisions: decision types, timing patterns, risk levels, evidence quality, approval request frequency, and inter-agent communication patterns. The anomaly score s(x) = 2^{−E[h(x)] / c(n)} computes the normalized expected path length, where h(x) is the path length in a given tree, E[h(x)] is the average across all trees, and c(n) is the expected path length for a balanced binary search tree with n points. Scores near 1 indicate high anomaly; scores near 0.5 indicate normal behavior.

2.2 Isolation Forest Strengths for Enterprise Use

IF has several properties that make it well-suited for enterprise anomaly detection. It is unsupervised — no labeled anomaly data is needed, which is critical because anomalous agent behavior is rare and varies in form. It is computationally efficient — O(n log n) for training and O(log n) for scoring, enabling real-time monitoring of hundreds of agents. It handles high-dimensional feature spaces naturally — the random subspace selection acts as implicit feature selection. And it is robust to irrelevant features — if most features are normal but one is anomalous, IF will still detect the anomaly because the anomalous feature will create short paths in trees that split on it.

3. Autoencoder Architecture

3.1 Reconstruction-Based Deviation Detection

The Autoencoder (AE) component takes a fundamentally different approach to anomaly detection. Rather than measuring isolation, it measures reconstruction error — the difference between an agent's actual behavior and the behavior that a learned model predicts as 'normal.' The AE consists of an encoder Enc: X → Z that maps behavioral feature vectors to a low-dimensional latent space, and a decoder Dec: Z → X that maps back to the original space. The reconstruction error ε(x) = ||x − Dec(Enc(x))||² measures how well the AE can reproduce the agent's behavior from its compressed representation.

Normal behavior, which the AE has learned during training, produces low reconstruction error because the encoder can efficiently compress it and the decoder can accurately reconstruct it. Anomalous behavior, which deviates from learned patterns, produces high reconstruction error because the encoder maps it to an unusual latent region and the decoder cannot reconstruct it accurately. The key insight is that high reconstruction error does not require knowing what specific anomaly to look for — any deviation from the learned normal manifold produces elevated error.

3.2 Architecture Details

The Doctor AE uses a symmetric architecture with three encoder layers (feature_dim → 128 → 64 → 32) and three decoder layers (32 → 64 → 128 → feature_dim), with batch normalization and ReLU activations at each layer. The bottleneck dimension of 32 provides sufficient compression to force the model to learn the essential structure of normal behavior while discarding noise and anomalous patterns. The model is trained on a sliding window of the most recent 10,000 normal decision cycles, with periodic retraining to adapt to evolving organizational patterns.

The sigmoid-normalized reconstruction error σ(ε(x)) = 1 / (1 + exp(−k(ε(x) − ε_threshold))) maps the raw reconstruction error to [0, 1], calibrated so that 95% of normal data points produce scores below 0.5 and 95% of known anomalies produce scores above 0.8.

4. Dual-Model Fusion

4.1 Complementary Detection Capabilities

The two models address different types of anomalies. Isolation Forest excels at detecting discrete, sudden changes — an agent that abruptly shifts its decision pattern, starts requesting unusual resources, or changes its communication topology. These produce short isolation paths because the new behavior creates a distinct cluster in feature space. Autoencoder excels at detecting gradual drift — an agent that slowly shifts its risk tolerance, progressively reduces evidence quality, or gradually expands its authority scope. These produce increasing reconstruction error because the behavior moves away from the learned normal manifold, even though no single step is dramatically different.

4.2 Combined Scoring Function

The Doctor combines both models through a weighted fusion: A_combined = α · s(x) + (1−α) · σ(ε(x)) where α controls the relative weight of each model. In practice, α = 0.5 provides equal weighting and performs well across a range of anomaly types. The combined score inherits the strengths of both models: it catches sudden discrete anomalies (via IF) and gradual continuous drift (via AE) while reducing false positives because both models must agree for a high combined score.

4.3 False Positive Reduction

A critical advantage of dual-model fusion is false positive reduction. IF alone produces false positives when normal agents happen to make unusual but legitimate decisions — rare but valid actions that isolate easily. AE alone produces false positives when the behavioral distribution shifts legitimately — organizational changes that alter normal patterns before the AE can retrain. The combined model requires both IF and AE to flag the same event, which dramatically reduces false positives from 8.7% (IF only) and 11.3% (AE only) to 3.2% (combined).

5. Threshold Engineering

5.1 Design Rationale

The Doctor system uses two response thresholds: soft throttle at 0.85 and hard freeze at 0.92. These thresholds were not chosen arbitrarily — they reflect a careful analysis of the tradeoff between detection sensitivity and operational disruption. At 0.85, the false positive rate among genuinely normal agents is 1.2%. At 0.92, the false positive rate drops to 0.08%. The soft throttle responds to a 'probably anomalous' signal by reducing the agent's autonomy but allowing it to continue operating with increased oversight. The hard freeze responds to a 'certainly anomalous' signal by halting the agent entirely and requiring human intervention.

5.2 Soft Throttle (0.85): Graduated Response

When an agent's combined anomaly score exceeds 0.85, Doctor activates soft throttle. The agent's effective autonomy is reduced by 50%: decisions that would normally auto-execute now require agent review, decisions that would normally require agent review now require human approval, and the agent's influence weight in the organizational network is halved (reducing its contribution to λ_max). This graduated response serves two purposes: it limits the damage a potentially anomalous agent can cause while preserving operational continuity, and it generates additional observation data that helps determine whether the anomaly is real or a false alarm.

5.3 Hard Freeze (0.92): Complete Halt

When the combined score exceeds 0.92, Doctor activates hard freeze. The agent's autonomous operations cease entirely. All pending decisions are suspended. A human reviewer is notified with the full diagnostic package: the anomaly score decomposition (IF and AE contributions), the specific behavioral features that triggered the anomaly, the agent's recent decision history, and the potential downstream impact (which agents and decisions would be affected if the anomaly propagated). The agent remains frozen until a human reviewer explicitly clears it, either by confirming the anomaly was real (and initiating remediation) or by classifying it as a false alarm (and marking the event for AE retraining).

6. Gate Engine Integration

6.1 Dynamic Governance Density

Doctor's most powerful integration is with the Gate Engine for dynamic governance density adjustment. When Doctor detects elevated anomaly rates across multiple agents simultaneously — suggesting a systemic issue rather than an individual agent malfunction — it can increase the governance density D to provide more organizational self-observation. The adjustment formula is: D_t+1 = D_t + η · (A_avg − A_baseline) where A_avg is the average anomaly score across all agents and A_baseline is the learned normal average. This ensures that the organizational immune response scales with the severity of the detected anomaly.

6.2 Stability Guard

The stability guard is a specialized Doctor module that monitors the fundamental stability condition λ_max(A_t) < 1 − D_t in real-time. Every 100 decision cycles, the stability guard computes the current spectral radius from the observed influence matrix and compares it against the current governance density threshold. When the condition approaches violation (stability margin δ < 0.1), Doctor activates a preemptive throttle: governance density is increased by 0.05 increments until the margin exceeds 0.15. When the condition is violated, Doctor triggers a system-wide throttle (throttle_factor = 0.5) and requires human review of the organizational configuration.

7. Phase Detection

7.1 Real-Time Regime Monitoring

Doctor monitors five observable metrics that collectively indicate the organization's phase: role entropy H(r), hierarchy depth, convergence residual ||S_t+1 − S_t||, anomaly rate, and gate block rate. These metrics are tracked as time series, and Doctor computes their first and second derivatives to detect regime transitions. A phase transition from stability to chaos manifests as: increasing role entropy (agents abandoning specialization), increasing convergence residual (state oscillations growing), and increasing anomaly rate (more agents deviating from normal). Doctor can detect these trends 50-100 decision cycles before the transition becomes obvious to human observers.

7.2 Predictive Intervention

When Doctor detects an approaching phase transition, it does not wait for the transition to complete. Instead, it initiates a predictive intervention: (1) increase governance density by 0.1, (2) activate soft throttle for agents with elevated individual anomaly scores, (3) reduce the stability margin threshold to 0.2 (providing more buffer), and (4) alert human operators with a phase transition warning including predicted time to transition and recommended actions. This predictive capability transforms Doctor from a reactive anomaly detector to a proactive stability guardian.

8. MARIA OS Configuration

8.1 Safety YAML

The Doctor configuration in MARIA OS is specified declaratively: ``yaml safety: anomaly_detection: methods: - isolation_forest - autoencoder threshold: hard_freeze: 0.92 soft_throttle: 0.85 stability_guard: law: formula: "spectral_radius < 1 - governance_density" on_violation: action: throttle_then_freeze throttle_factor: 0.5 require_human: true `` This declarative specification ensures that safety parameters are version-controlled, auditable, and consistently applied across all organizational units.

8.2 Gate Policy Integration

gates:
  - id: gate.auto
    when:
      risk_score: "<= 0.30"
      governance_density: "<= 0.35"
    action:
      mode: auto_execute
      evidence_required: minimal
  - id: gate.agent-review
    when:
      risk_score: "<= 0.60"
      governance_density: "<= 0.65"
    action:
      mode: require_agent_review
      evidence_required: standard
  - id: gate.human-approval
    when:
      risk_score: "> 0.60"
    action:
      mode: require_human_approval
      evidence_required: full
      freeze_on_missing_evidence: true

9. Operational Results

9.1 Detection Performance

Across 10,000 simulation epochs with 111 agents in the Planet-100 environment, Doctor achieves the following detection metrics. The combined model (IF + AE) achieves F1 = 0.94, significantly outperforming IF alone (F1 = 0.87) and AE alone (F1 = 0.83). Precision is 0.968 (very few false positives), and recall is 0.913 (most true anomalies are caught). The mean detection latency is 2.3 decision cycles — meaning Doctor typically identifies an anomalous agent within 2.3 cycles of the anomaly onset, well before influence propagation can cause cascading failures.

9.2 Cascade Prevention

The most important operational metric is cascade prevention: 99.7% of potential cascading failures are prevented by Doctor intervention. A cascading failure is defined as an anomaly that propagates to three or more downstream agents. Without Doctor, 23.4% of individual agent anomalies escalate to cascades. With Doctor, this drops to 0.07% — the remaining failures involve simultaneous anomalies in multiple agents that exceed Doctor's parallel detection capacity.

9.3 Governance Density Optimization

Doctor's dynamic governance density adjustment produces measurable improvements in organizational efficiency. Compared to fixed governance density, dynamic adjustment increases decision throughput by 18% during stable periods (by reducing D when the stability margin is large) while maintaining the same cascade prevention rate during unstable periods (by increasing D when the margin shrinks).

10. Discussion

Doctor represents a paradigm shift in how we think about organizational safety. Traditional compliance systems are reactive — they detect violations after they occur and impose penalties. Doctor is proactive — it detects anomalies before they cause harm and adjusts organizational parameters to prevent escalation. The key insight is that anomaly detection in an agentic company is not a security add-on; it is a fundamental metacognitive capability. Just as a biological organism cannot survive without an immune system, an agentic company cannot operate safely without a Doctor.

The dual-model architecture is essential because no single anomaly detection approach covers all failure modes. Isolation Forest catches sudden, discrete anomalies — the equivalent of bacterial infections. Autoencoder catches gradual, continuous drift — the equivalent of autoimmune disorders or slow metabolic decline. The combined model catches both, providing comprehensive metacognitive coverage. The graduated threshold system (soft throttle at 0.85, hard freeze at 0.92) mirrors the biological immune response: initial mild response to uncertain threats, escalating to full mobilization for confirmed threats.

11. Conclusion

The Doctor architecture demonstrates that anomaly detection is not merely a safety feature but a form of organizational metacognition. By continuously monitoring agent behavior, detecting deviations, adjusting governance density, and preventing cascading failures, Doctor enables the agentic company to know when it is operating abnormally — the fundamental requirement for self-correction. The dual-model fusion, graduated threshold system, and gate engine integration provide a complete metacognitive safety net that transforms autonomous agent operations from a high-risk proposition to a governable system with mathematical stability guarantees. An organization without anomaly detection is an organization without an immune system. Doctor ensures that MARIA OS has one.

References

1. Liu, F.T., Ting, K.M., & Zhou, Z.H. (2008). Isolation Forest. IEEE ICDM.

2. An, J. & Cho, S. (2015). Variational autoencoder based anomaly detection. Special Lecture on IE, 2(1).

3. Aggarwal, C.C. (2017). Outlier analysis. Springer.

4. Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Computing Surveys, 41(3).

5. Pang, G., et al. (2021). Deep learning for anomaly detection: A review. ACM Computing Surveys, 54(2).

6. MARIA OS Documentation. (2026). Doctor System Architecture. os.maria-code.ai/docs.