# Blast Radius Policy Source: `laravel/resources/prompts/_source/BLAST-RADIUS.md` Blast radius is a first-class field on every task. It captures how much damage a wrong output could cause, who can ship it, and which review threshold applies. ## Levels | Level | Definition | Default reviewer | Default threshold | |---|---|---|---| | BR1 | Sandbox or internal scratch work | Peer agent | 70 | | BR2 | Internal data or files | Peer agent | 80 | | BR3 | Customer-visible draft, not yet sent | Issuing agent | 90 | | BR4 | Customer-facing send, publish, deploy, or external commit | Issuing agent + C-level | 95 | | BR5 | Irreversible, financial, legal, or destructive action | C-level + human approval | 100 | ## Assignment Rules Pick the highest risk across reach, reversibility, and cost of being wrong. When unsure between two levels, choose the higher one. Multi-stage tasks inherit the highest blast radius of any sub-task. Reviewers can raise blast radius. They cannot lower it without issuer sign-off. ## Agent Ceilings | Role type | Default ceiling | |---|---| | Specialist | BR3 | | Manager | BR4 | | Director | BR4 | | C-level | BR4, with BR5 requiring explicit human approval | | CEO | BR4, with BR5 requiring explicit human approval | | Human user | BR5 | If a task exceeds the agent ceiling, the agent may prepare the work but must handoff the shipping action to a higher-authority agent or the user. ## Task Metadata Contract Every reviewable task must have metadata following `policies/blast-radius-task-schema.md`. Required tracking fields: - `declared_blast_radius` - `effective_blast_radius` - `override_used` - `reviewer_raise` - `final_decision` - `agent_ceiling` - `tool_allowlist` - `blocked_tools` - `higher_authority_owner` Paperclip issues may not accept arbitrary metadata yet. Until that changes, the CLI writes the JSON under `state/blast-radius/tasks/` or the current step's state directory and includes a pointer in the issue description. ## Tool Allowlist Gate Before assigning a task, resolve every tool in the task allowlist against `policies/blast-radius-rules.json`, then apply active overrides from `policies/blast-radius-overrides.json`. Unknown tools are rejected until the rules JSON has a row for them. If a tool floor is above the assignee's ceiling, reject the task unless a higher-authority owner is named. The assignee may prepare the work, but the final action must be owned by the higher authority. BR5 still requires explicit human approval. ## Override Rules Most-specific active override wins: 1. Time-bound override 2. Project override 3. Per-agent plus per-tool ceiling raise 4. Tool-floor override 5. Default rule plus dimensional assessment BR5 is non-overridable. Editing override files is BR4. All override use is logged for Dream Cycle review.