Written by

DeepMerge Team

Published on

# How DeepMerge keeps your operations safe

When you hand an AI agent the keys to your Shopify store, Stripe account, and customer email — it needs guardrails. ### Two layers of protection **Layer 1: Action classification.** Every action your agent takes on an external system is evaluated before it executes. Reading data (order lookups, payment checks, customer searches) flows through instantly. Writing data (refunds, cancellations, emails, record updates) gets reviewed by a separate AI classifier that checks: is this action something the procedure was set up to do? **Layer 2: Input scanning.** Data from external systems (order notes, customer emails, support tickets) is scanned for manipulation attempts before the agent sees it. If suspicious content is detected, the agent receives a warning to anchor on its original instructions. ### The permission spectrum | Action type | What happens | Example | |-------------|-------------|---------| | Read operations | Instant, no review | Look up order in Shopify | | Low-risk writes | Agent acts, reports what changed | Add a customer tag | | High-risk writes | Agent pauses for your approval | Issue a refund, send a customer email | Your procedure instructions define where the boundaries are. ### When something is blocked The agent doesn't stop. It adapts — tries a different approach or asks you to decide. If it hits the same wall three times, it pauses and escalates with full context: what it tried, why it was blocked, and what it recommends. ### What this means for your business - Safety is on by default for every account — nothing to configure - Every action is logged for full auditability - Financial operations and customer communications get the strictest review - Your procedure instructions are the boundary — the safety system enforces them ### The honest limits The safety classifier catches agents that exceed their instructions. It does not second-guess your procedure design. If your instructions say "refund everything," the agent will refund everything. That's why high-stakes procedures should include approval steps where a human reviews and decides. The safety classifier is the backstop that catches what the approval steps don't cover.