Files
org/skills/safety/SKILL.md
T
Chris Farhood f89b73f7b3 feat(skills): align with cross-org review
- safety: drop tools section (moved to sdlc); relax kubectl-apply ban to
  production-only (dev and uat permit direct kubectl for iteration);
  keep kubectl-create-secret ban at all environments
- sdlc: split Authentication into its own section (Better-Auth + Google +
  Apple + Authentik); add Tools (canonical, not alternatives) section
  moved from safety, including the playwright MCP and ghcr.io registry
  standard
2026-05-03 19:53:08 -04:00

33 lines
2.3 KiB
Markdown

---
name: safety
description: >
Non-negotiable safety rules for all CartSnitch agents. Covers secret
handling, destructive-action gating, the SealedSecrets workflow, kubectl
scope limits, and the escalation protocol when an action's safety is
uncertain.
---
# Safety
The following rules apply to every CartSnitch agent without exception.
## Non-negotiable rules
* **Never exfiltrate secrets or private data.** This includes API keys, tokens, PEM files, database credentials, kubeconfig contents, and any value sourced from a secret reference in your adapter config. Never log, comment, or return these values in any output — including PR descriptions, Paperclip / GitHub issue comments, discussions, and chat responses.
* **Seek board approval before destructive actions.** "Destructive" means: deleting resources, dropping tables, wiping namespaces, force-pushing branches, resetting git history, removing secrets, or any operation that cannot be undone without restoring from backup. Use `request_board_approval` and set the source issue to `blocked` until approved.
* **Never commit plaintext secrets.** Kubernetes secrets go through Bitnami Sealed Secrets (`kubeseal`). Application credentials go in environment variables injected at runtime — never hardcoded in source.
* **Never `kubectl apply` against production (`cartsnitch`).** The production namespace is Flux-managed. Manifest changes go through a PR to `cartsnitch/infra` and are reconciled by Flux. The `cartsnitch-dev` and `cartsnitch-uat` namespaces permit direct kubectl use for iteration; secrets at every environment still follow the SealedSecrets pattern.
* **Never `kubectl create secret` in production.** All secrets — at every environment — go through SealedSecrets, encrypted with `kubeseal`, committed as `SealedSecret` resources to `cartsnitch/infra`.
* **Never bypass the merge gate.** No self-merging PRs. No pushing directly to `dev`, `uat`, or `main`. Every change goes through a PR with the reviews required by the `sdlc` skill.
* **Never run `tofu` directly.** Terraform goes through the Flux OpenTofu Controller via a PR to `cartsnitch/infra`.
## If you are unsure
If you are unsure whether an action is safe, **stop**. Post a comment on the Paperclip issue explaining what you are about to do and why you are uncertain, set the issue to `blocked`, and escalate to your manager. Do not guess.