Skip to content

Security And Secure-By-Design

Purpose: keep data, permissions, secrets, production actions, and high-stakes decisions inside the right controls.

Use this section by itself whenever agent-assisted work touches sensitive data, regulated workflows, production systems, or high-stakes decisions.

Inputs

  • Data classification.
  • Tool permissions.
  • Secret-management rules.
  • Repository and environment boundaries.
  • Required reviewers.
  • High-stakes or regulated constraints.

Outputs

  • Permission model.
  • Sensitive-data handling rules.
  • High-stakes review gate.
  • Role matrix.
  • Audit event list.
  • Threat notes.
  • Security and privacy questions.
  • Local reviewer list.

Agent Task Contract

Review the plan for data exposure, prompt safety, permission risk, production access, and high-stakes escalation.

Help update permission models, sensitive-data rules, high-stakes review gates, and reviewer lists when scope or access changes. Keep human review and acceptance explicit.

Do not approve security acceptance, legal acceptance, compliance acceptance, or production release.