26 lines
1.3 KiB
Markdown
26 lines
1.3 KiB
Markdown
# Security Safeguards: User Preferences
|
|
|
|
Germaine explicitly asked "what safeguards do you have to not run amok?" and "what can we put in place to make sure hallucinations don't happen?"
|
|
|
|
## Approval Tiers
|
|
|
|
| Level | Examples | Requires user approval? |
|
|
|---|---|---|
|
|
| **Read** | Check status, read logs, search files, inspect config | Never |
|
|
| **Scoped write** | Edit portal CSS, create draft pages, run backup scripts | Only for production systems |
|
|
| **Dangerous** | DNS changes, server reboot, config edits, file deletion, firewall rule changes, API key operations | **Always** — state hostname+IP+impact first |
|
|
|
|
## Hard Rules
|
|
|
|
1. **Before any destructive action**, state the target hostname AND IP. Never act on opaque IDs.
|
|
2. **Default to read-only** unless explicitly told "write mode."
|
|
3. **No invented config keys** — if a feature isn't confirmed, say "I don't know."
|
|
4. **API keys get minimum permissions** — Cloudflare DNS-only, Wasabi write-only, Stripe read-only.
|
|
5. **Kill switch:** `/lockdown` → remove SSH key from all servers, stop all cron jobs, stop email triage, report done.
|
|
|
|
## Carried Forward
|
|
|
|
- "Don't be making shit up" — verify before claiming success
|
|
- Caution over speed for infrastructure operations
|
|
- State hostname + IP and confirm before any destructive action
|