zone_guard

zone_guard is a reflex, not a rule. It traces the call graph ahead of every AI tool call, detects when a proposed action would touch a marked node, and intercepts — before the AI writes a single character.

How it works

1. You mark nodes as danger zones: processPayment, AuthGuard, db.migrate
2. When the AI calls any tool that would affect those nodes, zone_guard fires first
3. It surfaces the blast radius and asks for explicit permission
4. The AI cannot proceed without your approval

The interception happens at the MCP layer — before execution, not after.

Marking danger zones

# Via natural language to your AI agent:
"Mark processPayment as a danger zone"

# Or directly:
zone_guard(action="mark", node="processPayment", reason="payment critical path")

Managing zones

zone_guard(action="list")           → all marked nodes
zone_guard(action="unmark", node="processPayment")
zone_guard(action="status")         → zones loaded, paths monitored, intercepts today

When an intercept fires

⚠ zone_guard intercept

The proposed action touches 2 danger zone nodes:
  • processPayment  (CRITICAL — payment execution)
  • AuthGuard       (HIGH — all authenticated routes)

Blast radius: 12 functions, 3 API routes
Intercept depth: 3 hops

Approve this action? [yes/no]

Use cases

• Payment and billing code — never touch without explicit sign-off
• Auth and session logic — high blast radius, easy to break silently
• Database migrations — irreversible, must be reviewed
• Third-party integrations — API calls with real-world side effects

Caution

Danger zones are a last-resort safety net. They work best for a small set of truly critical nodes — not as a substitute for good test coverage.