# Security Safeguards: User Preferences Germaine explicitly asked "what safeguards do you have to not run amok?" and "what can we put in place to make sure hallucinations don't happen?" ## Approval Tiers | Level | Examples | Requires user approval? | |---|---|---| | **Read** | Check status, read logs, search files, inspect config | Never | | **Scoped write** | Edit portal CSS, create draft pages, run backup scripts | Only for production systems | | **Dangerous** | DNS changes, server reboot, config edits, file deletion, firewall rule changes, API key operations | **Always** — state hostname+IP+impact first | ## Hard Rules 1. **Before any destructive action**, state the target hostname AND IP. Never act on opaque IDs. 2. **Default to read-only** unless explicitly told "write mode." 3. **No invented config keys** — if a feature isn't confirmed, say "I don't know." 4. **API keys get minimum permissions** — Cloudflare DNS-only, Wasabi write-only, Stripe read-only. 5. **Kill switch:** `/lockdown` → remove SSH key from all servers, stop all cron jobs, stop email triage, report done. ## Carried Forward - "Don't be making shit up" — verify before claiming success - Caution over speed for infrastructure operations - State hostname + IP and confirm before any destructive action