> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dzap.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Safety & Execution

> How DZap AI gates write actions and keeps execution auditable.

DZap AI separates planning from execution so the model can reason freely without directly controlling chain writes.

## Core rule

The model can suggest actions; runtime controls whether those actions execute.

## Execution classes

| Class                   | Examples                                | Confirmation                    |
| ----------------------- | --------------------------------------- | ------------------------------- |
| **Read**                | prices, balances, pools, docs retrieval | none                            |
| **Plan/Build**          | route generation, calldata build        | none (but reviewed in response) |
| **Interactive execute** | `PerformZapTool`, `ChangeChainTool`     | explicit user confirmation      |

## Built-in controls

* Required wallet metadata per ask call
* Prompt-level metadata sanitization (no `private_key` in model prompt)
* Step cap (`25`) and model timeout/retry controls
* Session logging for all tool activity

## Interactive flow controls

### PerformZapTool

1. Route must already be generated and cached for the session.
2. Runtime requests explicit confirmation (SDK/CLI driven).
3. Approvals and transaction execution happen only after confirmation.

### ChangeChainTool

1. Tool waits for user confirmation.
2. Timeout is 120 seconds.
3. Resolution is completed through `POST /zap/chain/:sessionId`.

## Safe execution pipeline

```text theme={null}
intent -> tool planning -> route/build -> user confirmation -> execute -> session log
```

## Logging and traceability

Session history includes metadata, conversation timeline, tool logs, and summary counters.

See [ZapBot Safety](/ai/zapbot/safety) for runtime-level safety guidance.
