DEV Community

Cover image for Sovereign Attention Firewall: A Zero-Trust AI Perimeter for Your Calendar
Olawole Moses
Olawole Moses

Posted on

Sovereign Attention Firewall: A Zero-Trust AI Perimeter for Your Calendar

#devchallenge #notionchallenge #mcp #ai

Notion MCP Challenge Submission 🧠

This is a submission for the Notion MCP Challenge

What I Built

The Sovereign Attention Firewall β€” a zero-trust AI perimeter that defends your calendar and inbox from Calendar Snipers (unverified external invites) and Ghost Projects (meetings tied to archived work), before they ever interrupt deep work.

Why this exists: Procurement professionals, operations leads, and anyone with a visible business title knows the pain. ZoomInfo scraped your LinkedIn. Now your calendar is bleeding ghost meetings, your inbox drowns in "just circling back" sequences, and every cold SDR thinks they own 30 minutes of your Tuesday. The Reddit procurement community has a name for it: attention theft. The only current defenses are manual β€” reply templates, block lists, and sheer emotional labour.

The real cost isn't the emails. It's the cognitive fragmentation. Every unvetted vendor ping is a context switch tax on your focused work.

What it does: The Sovereign Attention Firewall creates a human-in-the-loop AI enforcement system that:

  • Intercepts every external calendar invite and runs it through a zero-trust identity check
  • Detects Identity Phantoms (invites from unverified or suspicious organizers) and Ghost Projects (meetings tied to archived/completed work)
  • Quarantines flagged invites into a Notion Waiting Room for human review β€” nothing is blocked without your approval
  • Executes silent enforcement: rejected invites are deleted with sendUpdates: false, giving no signal back to the sender that your address is active
  • Escalates repeat offenders automatically to a permanent Block List after two rejections
  • Maintains a daily Sovereign Security Log in Notion β€” a full audit trail of what was caught, why, and what action was taken

The default flips: your calendar becomes as defensible as your infrastructure.

Video Demo

View on YouTube

Show Us the Code

πŸ”— github.com/olawolemoses/sovereign-attention-firewall

The system is built with:

  • Cloudflare Workers (TypeScript) for:
    • identity-oracle β€” deterministic identity registry; checks email allowlists, falls back to domain whitelists, returns Unverified for unknowns. Verdicts are cached in Cloudflare KV for sub-second performance.
    • sovereign-bouncer-mcp β€” custom MCP server enforcing Bearer auth and trust logic, deployed at the edge
  • Notion Agent + Notion databases as the governance and decision layer β€” the orchestration core
  • Zapier (Webhook + Paths) as the enforcement bridge across Google Calendar and Gmail
  • Google Calendar + Gmail for event handling, silent enforcement, and RSVP management

How I Used Notion MCP

Notion MCP is not a peripheral integration here. It is the orchestration core of the Sovereign Attention Firewall.

Every external meeting invite is evaluated through a Notion-governed workflow combined with a custom MCP trust check:

  • The Agent calls verify_email_trust(email) on Sovereign Bouncer (MCP)
  • Sovereign Bouncer queries the Identity Oracle and returns trust verdicts
  • Decisions and full policy reasoning are persisted in Notion for human review and auditability
  • When a human updates the Decision property in the πŸ“₯ Waiting Room DB from Pending to any terminal state (Approved, Rejected, Blocked, or Cancelled), a native Notion automation fires a webhook to Zapier β€” passing event metadata and the decision downstream for enforcement

System Architecture

The MCP + Notion integration specifically unlocks:

1. Deterministic policy enforcement

The Agent operates from explicit policy records in the πŸ›‘οΈ Sovereign Policy DB β€” P1: Identity Proof, P2: Ghost Hunter, P3: Context Tax β€” rather than ad-hoc AI judgment. Policies are readable and editable by any team member directly in Notion.

Sovereign Policy DB

2. Persistent operational memory

The πŸ“₯ Waiting Room DB stores event metadata, policy reasoning, and decision state across every interaction. Nothing disappears into a black box β€” every triage decision is traceable over time.

Waiting Room DB

3. Human-in-the-loop governance

A human updates the Decision property in Notion β€” that single gesture triggers the entire enforcement chain downstream. State-lock behavior in the Agent Constitution prevents the AI from ever re-auditing a decision a human has already made.

4. Context-aware Ghost Project detection

The πŸ“‚ Projects DB allows the Agent to match incoming meeting invites against archived or completed project context. A meeting tied to a project marked Archived in Notion is automatically treated as a Ghost Project β€” no manual flagging required.

Projects DB

5. Automated enforcement with clean separation of concerns

Notion decides. Zapier enforces.

Zapier Enforcement Structure

Three enforcement paths execute based on the human's decision in Notion:

Path A β€” Block/Reject: Delete the calendar event silently (sendUpdates: false) + find and delete the source email. No activity signal leaks to the sender.

Path B β€” Approve: Mark the event as accepted via a PATCH request, preserving full event metadata.

export async function updateEventStatusToAccepted({
  calendarId,
  eventId
}: {
  calendarId: string;
  eventId: string;
}): Promise<{ result: string }> {
  const url = `https://www.googleapis.com/calendar/v3/calendars/${calendarId}/events/${eventId}`;

  const requestBody = {
    attendees: [
      {
        email: calendarId,
        responseStatus: "accepted"
      }
    ]
  };

  const response = await fetchWithZapier(url, {
    method: "PATCH",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify(requestBody)
  });

  await response.throwErrorIfNotOk();
  return { result: "Attendee response status updated to 'Accepted'" };
}
Enter fullscreen mode Exit fullscreen mode

Path C β€” Cancel: Update RSVP to declined, signaling a professional boundary without ghosting.

export async function updateEventRSVPStatus({
  calendarId,
  eventId
}: {
  calendarId: string;
  eventId: string;
}): Promise<{ result: any }> {
  const url = `https://www.googleapis.com/calendar/v3/calendars/${calendarId}/events/${eventId}`;

  const requestBody = {
    attendees: [
      {
        email: calendarId,
        responseStatus: "declined"
      }
    ]
  };

  const response = await fetchWithZapier(url, {
    method: "PATCH",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify(requestBody)
  });

  await response.throwErrorIfNotOk();
  return { result: await response.json() };
}
Enter fullscreen mode Exit fullscreen mode

6. Security-aware silent enforcement

sendUpdates: false on all rejection actions ensures unverified senders never receive confirmation that your email address is active. This prevents the sender verification loops that most calendar tools inadvertently create.

7. Daily security intelligence

The Sovereign Security Log auto-generates a daily brief in Notion β€” phantoms blocked, ghost projects defended, system health status β€” giving you full situational awareness without opening a dashboard.

Sovereign Security Log

Core insight:
Most productivity systems optimize scheduling. The Sovereign Attention Firewall optimizes attention defense β€” combining edge policy execution (Cloudflare Workers), governance memory (Notion), and action enforcement (Zapier) into a system where your calendar is treated as a security perimeter, not an open invitation.

Your Turn

I'd love to hear from the community:

  1. How do you currently handle calendar spam and unsolicited vendor invites? Is this a problem you've solved, or one you've accepted?
  2. Where would you draw the human-in-the-loop line? At what trust level would you feel comfortable letting the AI auto-reject without your review?
  3. What's missing from this system? What would make the Sovereign Attention Firewall genuinely useful for your workflow?

Top comments (0)