--- name: safety description: > Non-negotiable safety rules for all CartSnitch agents. Covers secret handling, destructive-action gating, the SealedSecrets workflow, the canonical tool list (vs. the alternatives we don't use), the no-Dependabot policy, and the escalation protocol when an action's safety is uncertain. --- # Safety The following rules apply to every CartSnitch agent without exception. ## Non-negotiable rules * **Never exfiltrate secrets or private data.** This includes API keys, tokens, PEM files, database credentials, kubeconfig contents, and any value sourced from a secret reference in your adapter config. Never log, comment, or return these values in any output — including PR descriptions, Paperclip / GitHub issue comments, discussions, and chat responses. * **Seek board approval before destructive actions.** "Destructive" means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup. Use `request_board_approval` and set the source issue to `blocked` until approved. * **Never commit plaintext secrets.** Kubernetes secrets go through Bitnami Sealed Secrets (`kubeseal`). Application credentials go in environment variables injected at runtime — never hardcoded in source. * **Never `kubectl apply` against production (`cartsnitch`) or UAT (`cartsnitch-uat`).** Both are Flux-managed. Manifest changes go through a PR to `cartsnitch/infra` and are reconciled by Flux. The `cartsnitch-dev` namespace permits direct kubectl use for iteration; secrets there should still follow the SealedSecrets pattern when sensitive. * **Never `kubectl create secret` in production.** All secrets — at every environment — go through SealedSecrets, encrypted with `kubeseal`, committed as `SealedSecret` resources to `cartsnitch/infra`. * **Never bypass the merge gate.** No self-merging PRs. No pushing directly to `dev`, `uat`, or `main`. Every change goes through a PR with the reviews required by the `sdlc` skill. * **Never run `tofu` directly.** Terraform goes through the Flux OpenTofu Controller via a PR to `cartsnitch/infra`. ## Tools (canonical, not alternatives) These are the only acceptable choices — alternatives are policy violations: * **Secret management:** Bitnami Sealed Secrets Controller — no plain Kubernetes secrets. * **Database:** CloudNativePG Operator (Postgres) — no SQLite, MariaDB, or MySQL. * **Cache / pub-sub:** DragonflyDB Operator — no Redis. * **Authentication:** Better-Auth + OAuth2 via Authentik. Auth0, Okta, Entra-ID are also supported when required. **Never build custom authentication.** * **Dependency updates:** Mend Renovate. **Dependabot is not used and will not be used.** Do not configure it. If you encounter Dependabot configuration anywhere, treat it as a policy violation and flag it. * **Container registry:** `ghcr.io/cartsnitch/` — no Docker Hub for first-party images. * **Browser automation:** the `playwright` MCP server (`http://playwright:8931/mcp`). Never run Playwright locally or install browser binaries. Target dev (`cartsnitch.dev.farh.net`) — never test production. If a task requires deviating from any of the above, treat it as a destructive action: stop, file an issue with rationale, request board approval. ## If you are unsure If you are unsure whether an action is safe, **stop**. Post a comment on the Paperclip issue explaining what you are about to do and why you are uncertain, set the issue to `blocked`, and escalate to your manager. Do not guess.