The Dependency Firewall: Isolate AI Changes So One Bad Prompt Can't Break Your Build

One bad AI-generated change shouldn't cascade through your entire codebase. But without guardrails, that's exactly what happens. I call this the Dependency Firewall — a pattern borrowed from SRE blast-radius thinking, applied to AI-assisted coding. The Problem You ask your AI assistant to refactor a utility function. It "helpfully" updates the function signature, changes the return type, and touches three callers. Your tests pass locally — but a downstream service that imports that module breaks in production. The root cause: no blast-radius boundary between AI-generated changes and the rest of your system. The Pattern Before any AI-assisted code change, define a change boundary: ## Change Boundary - Files allowed to change: src/utils/parser.ts - Files NOT allowed to change: anything importing parser.ts - Interface contract: parseInput(raw: string) => ParsedResult (unchanged) - Test gate: all existing tests must pass without modification Then include this in your prompt: You may ONL