1.3 KiB
1.3 KiB
Security Safeguards: User Preferences
Germaine explicitly asked "what safeguards do you have to not run amok?" and "what can we put in place to make sure hallucinations don't happen?"
Approval Tiers
| Level | Examples | Requires user approval? |
|---|---|---|
| Read | Check status, read logs, search files, inspect config | Never |
| Scoped write | Edit portal CSS, create draft pages, run backup scripts | Only for production systems |
| Dangerous | DNS changes, server reboot, config edits, file deletion, firewall rule changes, API key operations | Always — state hostname+IP+impact first |
Hard Rules
- Before any destructive action, state the target hostname AND IP. Never act on opaque IDs.
- Default to read-only unless explicitly told "write mode."
- No invented config keys — if a feature isn't confirmed, say "I don't know."
- API keys get minimum permissions — Cloudflare DNS-only, Wasabi write-only, Stripe read-only.
- Kill switch:
/lockdown→ remove SSH key from all servers, stop all cron jobs, stop email triage, report done.
Carried Forward
- "Don't be making shit up" — verify before claiming success
- Caution over speed for infrastructure operations
- State hostname + IP and confirm before any destructive action