Operations

Side-Effect Dry Run Gate

Make the agent show its hands before it touches reality.

Use when

An automation can send, post, delete, buy, invite, merge, schedule, unsubscribe, or change account, product, customer, or repo state.

Beginnerdifficulty
Operationscategory
Mia daily expansionsource

Cadence

Before giving an agent tools that can change external state

Verification

Every side-effecting action has an exact preview, risk level, required approval, and rollback or fallback; no live action runs until authorized.

Structured loop spec

FieldValue
NameSide-Effect Dry Run Gate
CategoryOperations
TriggerBefore giving an agent tools that can change external state
ObjectiveMake the agent show its hands before it touches reality.
Allowed inputsRelevant files, source notes, logs, tests, screenshots, metrics, or task state for this loop
Allowed actionsInventory the workflow's available tools and classify actions as read-only, reversible internal change, public action, destructive change, financial or legal commitment, or account/security change.; Define which actions may run autonomously, which require preview-only mode, and which are forbidden without explicit human approval.; Run the workflow in dry-run mode against the real scope or a safe sample, producing exact payload previews, target IDs, recipients, files, and timing.; Review previews for privacy leaks, unintended commitments, permission scope, rate limits, target ambiguity, and rollback or fallback path.; Execute only actions already inside the approved low-risk boundary; queue sends, posts, deletes, purchases, merges, production changes, and account changes for approval.; Stop if the target is ambiguous, credentials are broader than expected, rollback is unclear, or the action would create an irreversible public, financial, legal, or security consequence.
VerificationEvery side-effecting action has an exact preview, risk level, required approval, and rollback or fallback; no live action runs until authorized.
Stop conditionStop when the verifier passes, the budget is exhausted, no progress is made, a blocker appears, or approval is required.
BudgetSet a time, turn, token, retry, file, or dollar cap before running the loop.
Approval boundaryHuman approval required before publishing, sending, deleting, spending, changing accounts, touching production, or making reputational/legal/financial commitments.
Safe outputDraft, report, checklist, table, or approval-gated recommendation
Works withClaude, ChatGPT, Gemini, any tool-using AI assistant

Steps

  1. Inventory the workflow's available tools and classify actions as read-only, reversible internal change, public action, destructive change, financial or legal commitment, or account/security change.
  2. Define which actions may run autonomously, which require preview-only mode, and which are forbidden without explicit human approval.
  3. Run the workflow in dry-run mode against the real scope or a safe sample, producing exact payload previews, target IDs, recipients, files, and timing.
  4. Review previews for privacy leaks, unintended commitments, permission scope, rate limits, target ambiguity, and rollback or fallback path.
  5. Execute only actions already inside the approved low-risk boundary; queue sends, posts, deletes, purchases, merges, production changes, and account changes for approval.
  6. Stop if the target is ambiguous, credentials are broader than expected, rollback is unclear, or the action would create an irreversible public, financial, legal, or security consequence.

Prompt

Run the Side-Effect Dry Run Gate loop. Inventory every tool and action the automation can use, then classify each as read-only, reversible internal change, public action, destructive change, financial/legal commitment, or account/security change. Define autonomous, preview-only, and forbidden actions. Run a dry run against the real scope or a safe sample and output exact payload previews, target IDs, recipients, files, timing, risk level, approval requirement, and rollback or fallback path. Execute only pre-approved low-risk actions; queue sends, posts, deletes, purchases, merges, production changes, and account/security changes for explicit approval.

Run in Claude Code

Paste this into Claude Code (or any tool-using agent) to run the loop bounded: one change per round, the same verification every round, durable state files, and explicit stop conditions.

Run the "Side-Effect Dry Run Gate" loop from AI Loop Library (https://ailooplibrary.com/loops/side-effect-dry-run-gate/) as a bounded loop.
Goal: Make the agent show its hands before it touches reality.
Rules: one change per round; run the same verification every round (Every side-effecting action has an exact preview, risk level, required approval, and rollback or fallback; no live action runs until authorized.); append each round to docs/loops/side-effect-dry-run-gate/progress.md and update docs/loops/side-effect-dry-run-gate/state.json; stop on verifier pass, 8 rounds, 3 consecutive failed verifications, no progress, a blocker, or anything needing human approval (money, production, outbound, deletion). Finish with a proof report: rounds used, changes made, verification output, remaining risk, and the next human decision.

Get the MCP server + agent pack

Tags

agentsdry runapproval gatedautomation safety

Related

Back to all examples