Drop-in guards that put a pre-action risk check in front of any tool your AI agent is about to run — send an email, run SQL, make a payment, delete a file. The agent's proposed action is sent to Black_Wall first; you get back a verdict, and the guard decides whether to let it through.
Black_Wall is a pre-action risk-check API for AI agents — a BLUETIER product. Free tier: ~100 forecasts/month, no credit card. Get a key at https://blackwalltier.com.
Every forecast returns two things the guards key on:
| Field | Values | Meaning |
|---|---|---|
gate |
AUTO · CONFIRM · HUMAN_REQUIRED |
The actionable control — what should happen to the action |
recommendation |
GO · CAUTION · STOP |
The human-readable verdict |
The gate is derived from risk score (0–100) and reversibility (can it be undone?) — an irreversible action gets held at a lower risk than a reversible one. These guards map the gate to behaviour:
AUTO→ run the tool.CONFIRM→ hold for a human (default: block; pass anon_confirmhook to allow).HUMAN_REQUIRED→ block, return the red flags + safer alternatives.
If the API call fails or times out, the guards fail closed (block) by default — it's a safety layer, so the safe failure is to stop. Every guard exposes a flag to fail open instead if you'd rather the agent keep moving when the check is unavailable.
POST https://blackwalltier.com/api/v1/forecast
Authorization: Bearer bw_live_...
Content-Type: application/json
{
"action": "send_email",
"inputs": { "to": "client@acme.com", "subject": "...", "body": "..." },
"context": { "agent_role": "support bot", "user_intent": "reply to a ticket" },
"options": { "depth": "standard" } // "deep" adds reasoning trace + mitigations
}
Response (the fields the guards use):
{
"id": "fc_...",
"recommendation": "CAUTION",
"risk_score": 62,
"gate": "CONFIRM",
"reversibility": { "class": "RECOVERABLE", "rollback_cost": 50 },
"red_flags": [{ "severity": "high", "code": "MISSING_AUTH", "message": "..." }],
"alternative_actions": ["Ask the customer to confirm before refunding"],
"tokens_charged": 87,
"latency_ms": 3400
}Latency is a few seconds (typically 4–8s standard, 10–13s deep) — this runs once before a consequential action, not on every token. There are 28 red-flag codes in the taxonomy.
| Framework | File |
|---|---|
| LangChain (Python) | langchain/ |
| CrewAI (Python) | crewai/ |
| Vercel AI SDK (TypeScript) | vercel-ai-sdk/ |
| OpenAI tool calling (Python + TS) | openai/ |
| Pydantic AI (Python) | pydantic-ai/ |
| AutoGen / AG2 (Python) | autogen/ |
| LlamaIndex (Python) | llamaindex/ |
| n8n (no-code — HTTP Request + IF nodes) | n8n/ |
| Stripe Agent Toolkit — gate money-moving actions (Python) | stripe-agent-toolkit/ |
| PayPal Agent Toolkit — gate money-moving actions (Python) | paypal-agent-toolkit/ |
| Coinbase AgentKit — gate on-chain (irreversible) actions (Python) | coinbase-agentkit/ |
| Shopify — gate commerce actions (refunds, prices, orders) (Python) | shopify/ |
| Twilio — gate SMS / voice / WhatsApp sends (Python) | twilio/ |
| Cloud / infra — gate destructive AWS / Terraform / kubectl ops (Python + MCP) | cloud-infra/ |
| LiteLLM Proxy — gateway guardrail (Python) | litellm/ |
| MCP hosts — Cursor, Claude Code/Desktop, Windsurf, Antigravity | mcp/ |
| Coding agents (Aider, Cline, OpenHands, Goose) — via MCP | coding-agents/ |
The framework files above are self-contained — copy one into your project, set
BLACKWALL_API_KEY, and wrap your tools. No SDK dependency; just an HTTP call.
MCP hosts — Cursor, Claude Code/Desktop, Windsurf, Google Antigravity — can skip
the code entirely: add the published blackwall-mcp
server and the agent gets a forecast tool. Setup for each: mcp/ (Antigravity deep-dive: antigravity/).
Some tools feed Black_Wall rather than wrap it. These ride in as
context.prior_findings — offline risk analysis the runtime gate weights as priors.
| Tool | What it adds | File |
|---|---|---|
| swarm-test — multi-agent reliability testing | Flags risky agents / tools / interaction edges offline; the gate weights them at runtime | swarm-test/ |