> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dzap.io/llms.txt
> Use this file to discover all available pages before exploring further.

# ZapBot Safety

> Execution safety controls in the current DZap AI runtime.

ZapBot is designed so write paths are explicit, session-bound, and reviewable.

## Threats addressed

1. Hallucinated token, chain, or amount details
2. Prompt-level leakage of private keys
3. Unconfirmed write execution
4. Untracked runtime side effects

## Key defenses

### Metadata sanitization

`metadata.accountInfo` is required, but only safe fields are injected into prompt text:

* `blockchain`
* `chain`
* `user_account`

`private_key` is excluded from prompt context.

### Confirmation before interactive actions

| Class       | Examples                               | Confirmation |
| ----------- | -------------------------------------- | ------------ |
| Read        | `BalanceTool`, `PriceTool`, `PoolTool` | no           |
| Interactive | `PerformZapTool`, `ChangeChainTool`    | yes          |

### Session-bound execution data

`PerformZapTool` executes only previously generated session route data and clears cached zap state after completion.

### Full traceability

Session history includes metadata, conversation timeline, and structured tool logs.

## Embedding guidance

* Keep read-only and execution-capable interfaces separate
* Require explicit confirmation in user-facing execution flows
* Use dedicated low-risk wallets in test environments
* Log and review all execution-sensitive tool outputs

## Avoid

* Running write-capable flows without user confirmation
* Treating model text as final transaction truth without tool validation
* Storing long-lived hot keys in unattended runtime processes

## Incident response basics

1. Capture `sessionId` and session history snapshot
2. Inspect structured tool logs and execution response
3. Verify on-chain receipts from transaction summary links
