Before any change is executed against the live estate, the agent rehearses it against a sandboxed copy of the twin and answers three questions: what will this touch, what will it break, and who is on the consent path. Until those three answers are within policy, the change does not run.
Every operational change has a blast radius: the set of components, services, identities, and downstream dependencies that are affected if the change behaves as intended and the larger set affected if it does not. The traditional way to estimate this is by operator memory and a dependency diagram that is six months out of date. Neither scales, and neither is accountable when the change misbehaves.
The twin does not need either. It already knows the dependency graph as it exists today, and it already knows which nodes are in maintenance, which identities are about to rotate, which workloads are mid-failover. The agent runs the change in a forked copy of that graph and observes the propagation.
Most automation systems offer a dry-run mode. Dry-runs are useful, but they answer a narrower question: did the script's preconditions hold? They do not answer what will happen to everything else. Two changes can have identical preconditions and dramatically different downstream effects depending on what else is in flight at the moment.
Rehearsal against the live twin observes the propagation through the dependency graph, the timing interactions with concurrent operations, the policy interactions with active exceptions, and the rollback path under each branch. That is the difference between checking syntax and checking semantics.
The rehearsal sandbox is a forked copy of the twin's materialized state at the moment the rehearsal begins. It inherits the full dependency graph, identity model, policy set, and current health posture. It isolates the side-effects: any "writes" the rehearsal performs are persisted in the sandbox only and discarded when the rehearsal completes.
One subtlety. The sandbox also forks the event stream that would otherwise mutate the twin. This means the rehearsal sees the change land in a still environment, but the agent also runs the rehearsal in a "noisy" mode where realistic concurrent events are replayed against the sandbox to test for race conditions before the real change is queued.
A rehearsal that only succeeds in still water is a rehearsal that has not been done.
Before the rehearsal even begins, the agent runs a fixed set of pre-flight checks against the proposed change.
State assertions. Are all the preconditions the change relies on currently true in the twin? If not, fail closed.
Dependency walk. What is the full set of nodes the change touches, directly or transitively, within N hops? Is any of that set currently in a guarded state (maintenance, incident, freeze)?
Rollback path. Is there a deterministic, executable rollback for this change? If not, the consent threshold is raised and the change is queued behind explicit operator approval.
Policy interaction. Does the change conflict with any active exception, policy override, or change-freeze in scope?
Consent is graduated. Routine changes inside known-safe blast radius envelopes execute autonomously and are logged. Novel changes, changes that exceed a configurable blast-radius threshold, or changes that touch high-severity domains pause for human consent. The consent UI surfaces the full rehearsal output (what was touched, what was simulated, what the rollback path looks like) so the human is reviewing a result, not a request.
Circuit-breakers exist as a hard backstop. If the post-state of any executed change diverges from the rehearsed post-state by more than a tolerance, the agent halts execution of any related changes in flight, opens an incident, and surfaces both the rehearsed and observed states for diff review.
After the change is executed, the twin is reconciled against ground truth and the observed post-state is compared against the rehearsed post-state. A clean match closes the change-record and increments the agent's confidence in this class of change for this region of the estate. A mismatch, even a small one, is logged with full provenance and feeds back into the rehearsal model so the next rehearsal in this domain is more accurate.
The loop is not plan → execute. It is plan → rehearse → execute → reconcile → learn. Every cycle improves the next.
