FuseGuard loop fuse

Stop agent loop spirals and budget overruns locally, then correlate trips with hosted drift in production.

Prerequisites: Python 3.10+, the open-source driftguard repo, and (for cloud correlation) a DriftGuard API key with fuseguard_prod enabled on a paid plan.

What you will build

1. Wrap an agent runner with wrap_agent or route MCP calls through FuseProxy.
2. Emit a trip log JSON on fuse and POST it to /v1/fuseguard/trips.
3. Enable FuseGuard Production in the console for drift-correlated alerts.
4. Optionally confirm an on-demand snapshot bound to the trip.

Step 1 — Install FuseGuard (OSS)

FuseGuard shares loop detection with MockDrift. Install from the monorepo:

cd driftguard/packages/fuseguard
python3 -m venv .venv && source .venv/bin/activate
pip install -e "../mockdrift" -e ".[dev]"
pytest tests/ -v

Disable the fuse locally with DRIFTGUARD_FUSE=0.

Step 2 — Wrap your agent

Lowest-friction integration: wrap your runner at init with a budget cap and loop detector:

from fuseguard import FuseConfig, wrap_agent

class Agent:
    def invoke_tool(self, tool, args):
        ...

wrapped = wrap_agent(Agent(), FuseConfig(budget_cap_usd=1.0))
wrapped.invoke_tool("stripe_refund", {"amount": 100}, estimated_cost_usd=0.02)

For MCP or HTTP tool proxies, use FuseProxy(handler) — swap the upstream URL once instead of editing every call site.

Step 3 — Trip log on fuse

When the fuse trips, write optional JSON to FUSEGUARD_TRIP_LOG (schema: fuseguard/trip_log.schema.json in OSS):

export FUSEGUARD_TRIP_LOG=.fuseguard/trip.json
# on trip:
fuseguard validate-trip-log .fuseguard/trip.json

Include tripId (UUID), reason (loop_detected or budget_exceeded), optional watchId, and toolName when known.

Step 4 — API key and FuseGuard Production

1. Copy your API key from /activate or Console → Account → API keys.
2. Open Console → sidebar Products.
3. Enable FuseGuard (fuseguard_prod SKU) — requires a paid plan.

export DRIFTGUARD_API_KEY=dg_live_…
export DRIFTGUARD_API_URL=https://driftguard.org

Trips are stored even when the overlay is disabled (soft entitlement). Full diff blocks and on-demand snapshots require fuseguard_prod.

Step 5 — Ingest a trip

POST the trip to correlate with the latest breaking drift on a watch you own:

curl --request POST \
  --url https://driftguard.org/v1/fuseguard/trips \
  --header "Authorization: Bearer $DRIFTGUARD_API_KEY" \
  --header "Content-Type: application/json" \
  --data '{
    "tripId": "550e8400-e29b-41d4-a716-446655440000",
    "reason": "loop_detected",
    "watchId": "YOUR_WATCH_UUID",
    "toolName": "stripe_refund"
  }'

API reference: POST /v1/fuseguard/trips.

When fuseguard_prod is enabled and the watch has recent breaking drift, the response alert.diff block includes a summary and console link. Free Core-only accounts receive a teaser without the full diff block.

Step 6 — On-demand snapshot (optional)

After ingesting a trip with a bound watchId, capture a fresh schema snapshot for audit — no free-form URL field:

curl --request POST \
  --url https://driftguard.org/v1/fuseguard/snapshots \
  --header "Authorization: Bearer $DRIFTGUARD_API_KEY" \
  --header "Content-Type: application/json" \
  --data '{"tripId": "550e8400-e29b-41d4-a716-446655440000"}'

API reference: POST /v1/fuseguard/snapshots. Rate limits: 10 snapshots per account per day, burst 3 per hour. Private IPs and SSRF targets are blocked.

Security checklist: On-demand snapshot security.

FuseGuard without Core watches

FuseGuard is a valid standalone SKU. Trips without a watchId are stored and return a CTA to confirm a snapshot. No Core watch is required for local fuse behavior.

Troubleshooting

Next steps

• MockDrift drift replay — intent-binding tests before FuseGuard trips
• MCP monitoring concepts
• OSS FuseGuard README