← ClaudeAtlas

runaway-guardlisted

Use when writing or reviewing code that calls a paid AI / inference API in a loop, queue, retry path, agent step, webhook handler, or background job — Fal.ai, Anthropic, OpenAI, Replicate, ElevenLabs, Together, Groq, Cohere, Mistral, fal-client, @anthropic-ai/sdk, openai, replicate. Treats dollar cost as a third complexity dimension alongside time and space. Forces writing a per-run $-cap, a per-day $-cap, a max-iterations bound, and a concurrency limit BEFORE the call site is written — and forces a matching hard cap at the provider dashboard so a code bug cannot bypass it. The canonical failure is a $200 overnight bill from a retry loop that "obviously terminates" but did not. Pairs with invariant-guard (termination is now a wallet invariant) and complexity-cuts (when the runaway already shipped).
morsechimwai/lemmaly · ★ 1 · AI & Automation · score 75
Install: claude install-skill morsechimwai/lemmaly
# runaway-guard — $-Cost is the Third Complexity Dimension Every loop has time complexity and space complexity. A loop that calls a paid API has a third: **dollars per execution**. The model tracks the first two automatically. It does not track the third, so it ships code where a single bug — a retry without bound, a stream reconnect storm, an agent that re-queues itself, a webhook that fires the same job twice — silently spends real money. The canonical incident: developer writes a Fal.ai image-generation loop. Loop "obviously terminates" because it iterates over a fixed list. The list comes from a callback that fires on every Inngest retry. Each retry doubles the list. By morning, the bill is **$200**. Tests pass. Code review passed. The bug is not in the loop body. The bug is that **no one stated the wallet invariant**. runaway-guard fixes this. State the max calls. State the max dollars per run. State the max dollars per day. Set the same caps in the provider dashboard so a code bug cannot bypass them. Then write the code. **Violating the letter of these rules is violating the spirit of the skill.** "I'm only testing locally" is the exact rationalization that ships the $200 bill — local code hits the same paid API as production. ## The Iron Law ```text NO CALL TO A PAID API WITHOUT A WRITTEN $-CAP AT BOTH THE CODE AND PROVIDER LEVEL ``` A cap only in code can be bypassed by a bug in that code. A cap only at the provider can be hit during normal usage and degrade th