Operations
Side-Effect Dry Run Gate
Make the agent show its hands before it touches reality.
Use when
An automation can send, post, delete, buy, invite, merge, schedule, unsubscribe, or change account, product, customer, or repo state.
Beginnerdifficulty
Operationscategory
Mia daily expansionsource
Cadence
Before giving an agent tools that can change external state
Verification
Every side-effecting action has an exact preview, risk level, required approval, and rollback or fallback; no live action runs until authorized.
Structured loop spec
| Field | Value |
|---|---|
| Name | Side-Effect Dry Run Gate |
| Category | Operations |
| Trigger | Before giving an agent tools that can change external state |
| Objective | Make the agent show its hands before it touches reality. |
| Allowed inputs | Relevant files, source notes, logs, tests, screenshots, metrics, or task state for this loop |
| Allowed actions | Inventory the workflow's available tools and classify actions as read-only, reversible internal change, public action, destructive change, financial or legal commitment, or account/security change.; Define which actions may run autonomously, which require preview-only mode, and which are forbidden without explicit human approval.; Run the workflow in dry-run mode against the real scope or a safe sample, producing exact payload previews, target IDs, recipients, files, and timing.; Review previews for privacy leaks, unintended commitments, permission scope, rate limits, target ambiguity, and rollback or fallback path.; Execute only actions already inside the approved low-risk boundary; queue sends, posts, deletes, purchases, merges, production changes, and account changes for approval.; Stop if the target is ambiguous, credentials are broader than expected, rollback is unclear, or the action would create an irreversible public, financial, legal, or security consequence. |
| Verification | Every side-effecting action has an exact preview, risk level, required approval, and rollback or fallback; no live action runs until authorized. |
| Stop condition | Stop when the verifier passes, the budget is exhausted, no progress is made, a blocker appears, or approval is required. |
| Budget | Set a time, turn, token, retry, file, or dollar cap before running the loop. |
| Approval boundary | Human approval required before publishing, sending, deleting, spending, changing accounts, touching production, or making reputational/legal/financial commitments. |
| Safe output | Draft, report, checklist, table, or approval-gated recommendation |
| Works with | Claude, ChatGPT, Gemini, any tool-using AI assistant |
Steps
- Inventory the workflow's available tools and classify actions as read-only, reversible internal change, public action, destructive change, financial or legal commitment, or account/security change.
- Define which actions may run autonomously, which require preview-only mode, and which are forbidden without explicit human approval.
- Run the workflow in dry-run mode against the real scope or a safe sample, producing exact payload previews, target IDs, recipients, files, and timing.
- Review previews for privacy leaks, unintended commitments, permission scope, rate limits, target ambiguity, and rollback or fallback path.
- Execute only actions already inside the approved low-risk boundary; queue sends, posts, deletes, purchases, merges, production changes, and account changes for approval.
- Stop if the target is ambiguous, credentials are broader than expected, rollback is unclear, or the action would create an irreversible public, financial, legal, or security consequence.
Prompt
Run the Side-Effect Dry Run Gate loop. Inventory every tool and action the automation can use, then classify each as read-only, reversible internal change, public action, destructive change, financial/legal commitment, or account/security change. Define autonomous, preview-only, and forbidden actions. Run a dry run against the real scope or a safe sample and output exact payload previews, target IDs, recipients, files, timing, risk level, approval requirement, and rollback or fallback path. Execute only pre-approved low-risk actions; queue sends, posts, deletes, purchases, merges, production changes, and account/security changes for explicit approval.Run in Claude Code
Paste this into Claude Code (or any tool-using agent) to run the loop bounded: one change per round, the same verification every round, durable state files, and explicit stop conditions.
Run the "Side-Effect Dry Run Gate" loop from AI Loop Library (https://ailooplibrary.com/loops/side-effect-dry-run-gate/) as a bounded loop.
Goal: Make the agent show its hands before it touches reality.
Rules: one change per round; run the same verification every round (Every side-effecting action has an exact preview, risk level, required approval, and rollback or fallback; no live action runs until authorized.); append each round to docs/loops/side-effect-dry-run-gate/progress.md and update docs/loops/side-effect-dry-run-gate/state.json; stop on verifier pass, 8 rounds, 3 consecutive failed verifications, no progress, a blocker, or anything needing human approval (money, production, outbound, deletion). Finish with a proof report: rounds used, changes made, verification output, remaining risk, and the next human decision.