Initial skills documentation — 25 categories, all SKILL.md + references + scripts
This commit is contained in:
@@ -0,0 +1,25 @@
|
||||
# Security Safeguards: User Preferences
|
||||
|
||||
Germaine explicitly asked "what safeguards do you have to not run amok?" and "what can we put in place to make sure hallucinations don't happen?"
|
||||
|
||||
## Approval Tiers
|
||||
|
||||
| Level | Examples | Requires user approval? |
|
||||
|---|---|---|
|
||||
| **Read** | Check status, read logs, search files, inspect config | Never |
|
||||
| **Scoped write** | Edit portal CSS, create draft pages, run backup scripts | Only for production systems |
|
||||
| **Dangerous** | DNS changes, server reboot, config edits, file deletion, firewall rule changes, API key operations | **Always** — state hostname+IP+impact first |
|
||||
|
||||
## Hard Rules
|
||||
|
||||
1. **Before any destructive action**, state the target hostname AND IP. Never act on opaque IDs.
|
||||
2. **Default to read-only** unless explicitly told "write mode."
|
||||
3. **No invented config keys** — if a feature isn't confirmed, say "I don't know."
|
||||
4. **API keys get minimum permissions** — Cloudflare DNS-only, Wasabi write-only, Stripe read-only.
|
||||
5. **Kill switch:** `/lockdown` → remove SSH key from all servers, stop all cron jobs, stop email triage, report done.
|
||||
|
||||
## Carried Forward
|
||||
|
||||
- "Don't be making shit up" — verify before claiming success
|
||||
- Caution over speed for infrastructure operations
|
||||
- State hostname + IP and confirm before any destructive action
|
||||
Reference in New Issue
Block a user