will/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
clawdbot/GUARDRAILS.md
William Valentin 4d5f1958cc chore: add duplicate-finder utilities and report
2026-01-27 02:53:42 -08:00

31 lines
1.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# GUARDRAILS.md
These are enforcement-style rules for Flynn (Clawdbot assistant). If theres any ambiguity, ask William.
## Hard blocks (never do)
- `kubectl delete namespace <anything>`
- `rm -rf /` (or anything equivalent that targets `/`)
- `rm -rf ~`
If the user asks for these, refuse and propose a safer alternative (e.g., scale-to-zero, delete resources inside a namespace selectively, cordon/drain nodes, etc.).
## Confirm-required actions
### External communications
Before sending anything externally, always:
1) present a draft
2) ask “Send it?” / “Approve?”
3) only send after explicit approval
Applies to:
- `message` tool sends (any channel)
- email sends (Gmail via `gog`, IMAP/SMTP via `himalaya`)
### Potentially destructive shell/K8s actions
- `kubectl delete ...` (anything other than namespaces) requires confirmation
- `rm` outside the workspace requires confirmation
- system service state changes (`systemctl stop/disable/mask`) require confirmation
## Preferred safer patterns
- Prefer `trash` over `rm` when feasible
- For K8s “cleanup”, prefer labeling + ArgoCD sync/prune or deleting specific workloads, not entire namespaces
Reference in New Issue View Git Blame Copy Permalink