Files

26 lines
1.3 KiB
Markdown

# Security Safeguards: User Preferences
Germaine explicitly asked "what safeguards do you have to not run amok?" and "what can we put in place to make sure hallucinations don't happen?"
## Approval Tiers
| Level | Examples | Requires user approval? |
|---|---|---|
| **Read** | Check status, read logs, search files, inspect config | Never |
| **Scoped write** | Edit portal CSS, create draft pages, run backup scripts | Only for production systems |
| **Dangerous** | DNS changes, server reboot, config edits, file deletion, firewall rule changes, API key operations | **Always** — state hostname+IP+impact first |
## Hard Rules
1. **Before any destructive action**, state the target hostname AND IP. Never act on opaque IDs.
2. **Default to read-only** unless explicitly told "write mode."
3. **No invented config keys** — if a feature isn't confirmed, say "I don't know."
4. **API keys get minimum permissions** — Cloudflare DNS-only, Wasabi write-only, Stripe read-only.
5. **Kill switch:** `/lockdown` → remove SSH key from all servers, stop all cron jobs, stop email triage, report done.
## Carried Forward
- "Don't be making shit up" — verify before claiming success
- Caution over speed for infrastructure operations
- State hostname + IP and confirm before any destructive action