Design-Time Safety: How Fascia's Risk Engine Blocks Unsafe Patterns Before Deployment

Runtime error handling is an admission that your design phase failed. If you catch a "payment processed but order not created" error at runtime, the real bug is that your design tool allowed a payment call outside a transaction boundary. The error handler is treating a symptom. The disease is in the architecture. Risk Levels Fascia's Risk Engine classifies every Tool (API endpoint) into three levels based on its flow graph patterns: Green — Safe to Deploy All of the following must be true: Only Entity Actions (create, update, transition, soft-delete) — no raw writes Explicit transaction boundary around all write operations No unbounded queries (all reads have pagination or limits) No external calls, OR external calls are outside transaction boundaries Yellow — Warning, Requires Acknowledgment Any of the following triggers Yellow: External call (payment, email, HTTP) inside a state transition Missing retry configuration on external nodes High row impact (> 100 rows in a single write ope