Define the Blast Radius

Before diving in, complete Build the Checkpoint and Replay so you can calculate the real recovery cost for each tier before you decide where to place approval gates.

You build a GitHub integration for your agent: it can create issues and post comments. You run a loop overnight to triage 50 backlog items. Monday morning: 50 GitHub notifications sent to your teammates, each tagged with an automated comment. The integration worked exactly as designed. You forgot to add a gate.

Blast radius is the maximum damage a single bad step can cause before you can intervene. There are three tiers. Tier 1: read-compute-write on your own codebase. Worst case: a bad file change that git reverts in 30 seconds. Run freely, no gates. Tier 2: external API calls. Sending emails, creating issues, pushing to a remote branch, calling a paid API. Worst case: an action visible to other people, a cost you did not intend, a state change you cannot easily undo. Needs an explicit approval gate before each external action. Tier 3: shared state or production. Database writes, production deploys, messages to real users. Worst case: data corruption or user-facing impact that may be irreversible. Requires a human in the loop, full stop.

Here is the before and after: a five-skill harness has refactor-code (Tier 1, no gate), run-tests (Tier 1, no gate), create-github-issue (Tier 2, approval gate before POST), send-slack-message (Tier 2, approval gate before send), and update-database (Tier 3, never run in a background agent). Each Tier 2 step prints the planned action and waits for an explicit confirm response before executing.

Most harnesses start entirely in Tier 1. Then one integration adds a Tier 2 step, and a loop that runs 50 iterations now calls an external API 50 times. The gate is what separates a useful tool from a Monday-morning incident.

Paste this into Claude:

I want to classify the blast radius of my current agent setup. Here are the tasks or skills I run with Claude: [list 3-5 tasks or skills you use regularly, e.g. 'refactor code', 'create GitHub issues', 'send Slack messages', 'update the database', 'run tests']. For each one, tell me: (1) Which tier (1, 2, or 3) does it fall into? (2) What is the worst-case outcome if this step runs with bad input? (3) What approval gate, if any, should be added? Then rewrite the riskiest skill to include an explicit approval gate that shows me the planned action before executing it.

What good looks like:

• You classified each task into Tier 1, 2, or 3 with a specific worst-case scenario
• At least one of your tasks moved from 'no gate' to 'approval gate' based on the classification
• The rewritten skill shows the planned action and waits for confirmation before any Tier 2 or Tier 3 step
• You can state the blast radius of your entire harness in one sentence
• You identified any task you assumed was Tier 1 that is actually Tier 2 or 3

What a good response looks like:

Blast radius classification for a 5-skill harness:

1. refactor-code: Tier 1. Worst case: bad file change. Git revert in 30 seconds. No gate needed.
2. create-github-issue: Tier 2. Worst case: 50 duplicate issues created by a loop. Gate required: show planned issue title+body and wait for confirmation before POST.
3. run-tests: Tier 1. Worst case: test run exits with errors. No external state modified. No gate needed.
4. send-slack-message: Tier 2. Worst case: message sent to wrong channel or 20 times in a loop. Gate required: show recipient + message text, wait for confirmation.
5. update-database: Tier 3. Worst case: wrong rows updated with no rollback. Human required. Do not run in background agent ever.

Rewritten create-github-issue with gate:
```
step 3 (create issue):
  BEFORE executing: display planned action:
    "About to create GitHub issue in [repo]:
    Title: [title]
    Body: [first 100 chars]...
    Labels: [labels]
  Type 'confirm' to proceed or 'cancel' to abort."
  WAIT for response before calling GitHub API.
```

Blast radius of entire harness: Tier 2 (GitHub + Slack integrations with gates).