[{"data":1,"prerenderedAt":792},["ShallowReactive",2],{"doc-\u002Fdocs\u002Fsafety":3,"surround-\u002Fdocs\u002Fsafety":751,"docs-nav":756},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"order":10,"group":11,"body":12,"_type":745,"_id":746,"_source":747,"_file":748,"_stem":749,"_extension":750},"\u002Fdocs\u002Fsafety","docs",false,"","Safety","standard-safe is on from the first command — approvals, secret protection, sandboxing, isolated branches and verifiable claims.",7,"Govern",{"type":13,"children":14,"toc":736},"root",[15,40,54,59,170,176,181,187,206,212,331,370,376,422,426,432,661,695,701,730],{"type":16,"tag":17,"props":18,"children":19},"element","p",{},[20,23,29,31,38],{"type":21,"value":22},"text","Excalibur is built so you can ",{"type":16,"tag":24,"props":25,"children":26},"strong",{},[27],{"type":21,"value":28},"delegate big work without fear",{"type":21,"value":30},". The ",{"type":16,"tag":32,"props":33,"children":35},"code",{"className":34},[],[36],{"type":21,"value":37},"standard-safe",{"type":21,"value":39}," preset is active from the very first command, nothing is modified, applied or pushed without your explicit approval, and every run is recorded as plain, inspectable files.",{"type":16,"tag":41,"props":42,"children":44},"h2",{"id":43},"the-standard-safe-preset",[45,47,52],{"type":21,"value":46},"The ",{"type":16,"tag":32,"props":48,"children":50},{"className":49},[],[51],{"type":21,"value":37},{"type":21,"value":53}," preset",{"type":16,"tag":17,"props":55,"children":56},{},[57],{"type":21,"value":58},"It's shown on every run, and by default it sets:",{"type":16,"tag":60,"props":61,"children":62},"table",{},[63,82],{"type":16,"tag":64,"props":65,"children":66},"thead",{},[67],{"type":16,"tag":68,"props":69,"children":70},"tr",{},[71,77],{"type":16,"tag":72,"props":73,"children":74},"th",{},[75],{"type":21,"value":76},"Control",{"type":16,"tag":72,"props":78,"children":79},{},[80],{"type":21,"value":81},"Default",{"type":16,"tag":83,"props":84,"children":85},"tbody",{},[86,105,121,136,154],{"type":16,"tag":68,"props":87,"children":88},{},[89,95],{"type":16,"tag":90,"props":91,"children":92},"td",{},[93],{"type":21,"value":94},"Write \u002F apply \u002F branch",{"type":16,"tag":90,"props":96,"children":97},{},[98,103],{"type":16,"tag":24,"props":99,"children":100},{},[101],{"type":21,"value":102},"ask",{"type":21,"value":104}," for approval",{"type":16,"tag":68,"props":106,"children":107},{},[108,113],{"type":16,"tag":90,"props":109,"children":110},{},[111],{"type":21,"value":112},"Push to remote",{"type":16,"tag":90,"props":114,"children":115},{},[116],{"type":16,"tag":24,"props":117,"children":118},{},[119],{"type":21,"value":120},"disabled",{"type":16,"tag":68,"props":122,"children":123},{},[124,129],{"type":16,"tag":90,"props":125,"children":126},{},[127],{"type":21,"value":128},"Network access (during runs)",{"type":16,"tag":90,"props":130,"children":131},{},[132],{"type":16,"tag":24,"props":133,"children":134},{},[135],{"type":21,"value":120},{"type":16,"tag":68,"props":137,"children":138},{},[139,144],{"type":16,"tag":90,"props":140,"children":141},{},[142],{"type":21,"value":143},"Sensitive paths",{"type":16,"tag":90,"props":145,"children":146},{},[147,152],{"type":16,"tag":24,"props":148,"children":149},{},[150],{"type":21,"value":151},"blocked",{"type":21,"value":153}," (never read or written)",{"type":16,"tag":68,"props":155,"children":156},{},[157,162],{"type":16,"tag":90,"props":158,"children":159},{},[160],{"type":21,"value":161},"Secrets in prompts\u002Flogs",{"type":16,"tag":90,"props":163,"children":164},{},[165],{"type":16,"tag":24,"props":166,"children":167},{},[168],{"type":21,"value":169},"redacted",{"type":16,"tag":41,"props":171,"children":173},{"id":172},"approval-gates",[174],{"type":21,"value":175},"Approval gates",{"type":16,"tag":17,"props":177,"children":178},{},[179],{"type":21,"value":180},"Risky actions pause for a one-keystroke decision:",{"type":16,"tag":182,"props":183,"children":186},"shell",{":lines":184,"title":185},"[{\"kind\":\"ok\",\"text\":\"edit  src\u002Fwebhooks\u002Fverify.ts\",\"note\":\"+24 −3\",\"tone\":\"accent\"},{\"kind\":\"warn\",\"text\":\"apply to a sensitive path?\"},{\"kind\":\"dim\",\"text\":\"y approve   ·   N reject   ·   a always\"},{\"kind\":\"comment\",\"text\":\"nothing changes until you say yes\"}]","excalibur",[],{"type":16,"tag":17,"props":188,"children":189},{},[190,196,198,204],{"type":16,"tag":32,"props":191,"children":193},{"className":192},[],[194],{"type":21,"value":195},"a always",{"type":21,"value":197}," adds an allowlist entry to ",{"type":16,"tag":32,"props":199,"children":201},{"className":200},[],[202],{"type":21,"value":203},".excalibur\u002Fconfig.yaml",{"type":21,"value":205},", so a given action is confirmed once.",{"type":16,"tag":41,"props":207,"children":209},{"id":208},"the-guarantees",[210],{"type":21,"value":211},"The guarantees",{"type":16,"tag":213,"props":214,"children":215},"ul",{},[216,226,267,284,294,304,314],{"type":16,"tag":217,"props":218,"children":219},"li",{},[220,224],{"type":16,"tag":24,"props":221,"children":222},{},[223],{"type":21,"value":175},{"type":21,"value":225}," — every write, command and push pauses for an explicit yes.",{"type":16,"tag":217,"props":227,"children":228},{},[229,234,236,242,244,250,252,258,259,265],{"type":16,"tag":24,"props":230,"children":231},{},[232],{"type":21,"value":233},"Secret protection",{"type":21,"value":235}," — ",{"type":16,"tag":32,"props":237,"children":239},{"className":238},[],[240],{"type":21,"value":241},".env",{"type":21,"value":243},", private keys and sensitive paths (",{"type":16,"tag":32,"props":245,"children":247},{"className":246},[],[248],{"type":21,"value":249},"**\u002F*.pem",{"type":21,"value":251},", ",{"type":16,"tag":32,"props":253,"children":255},{"className":254},[],[256],{"type":21,"value":257},"**\u002F*.p12",{"type":21,"value":251},{"type":16,"tag":32,"props":260,"children":262},{"className":261},[],[263],{"type":21,"value":264},".git\u002F**",{"type":21,"value":266},", …) are blocked, never read or sent.",{"type":16,"tag":217,"props":268,"children":269},{},[270,275,277,282],{"type":16,"tag":24,"props":271,"children":272},{},[273],{"type":21,"value":274},"Sandboxed execution",{"type":21,"value":276}," — agents run in an isolated sandbox: separate filesystem view, CPU\u002Fmemory limits, a timeout, a command allowlist, and ",{"type":16,"tag":24,"props":278,"children":279},{},[280],{"type":21,"value":281},"no network by default",{"type":21,"value":283},".",{"type":16,"tag":217,"props":285,"children":286},{},[287,292],{"type":16,"tag":24,"props":288,"children":289},{},[290],{"type":21,"value":291},"Isolated branches",{"type":21,"value":293}," — work lands in dedicated branches and git worktrees, never your working tree.",{"type":16,"tag":217,"props":295,"children":296},{},[297,302],{"type":16,"tag":24,"props":298,"children":299},{},[300],{"type":21,"value":301},"Never pushes by default",{"type":21,"value":303}," — nothing is committed upstream or merged without you.",{"type":16,"tag":217,"props":305,"children":306},{},[307,312],{"type":16,"tag":24,"props":308,"children":309},{},[310],{"type":21,"value":311},"Redacted prompts",{"type":21,"value":313}," — inputs are scrubbed of secrets before anything is stored; raw inputs are hashed.",{"type":16,"tag":217,"props":315,"children":316},{},[317,322,324,330],{"type":16,"tag":24,"props":318,"children":319},{},[320],{"type":21,"value":321},"Local, inspectable artifacts",{"type":21,"value":323}," — every run is plain files under ",{"type":16,"tag":32,"props":325,"children":327},{"className":326},[],[328],{"type":21,"value":329},".excalibur\u002Fruns\u002F\u003Cid>\u002F",{"type":21,"value":283},{"type":16,"tag":332,"props":333,"children":334},"note",{},[335],{"type":16,"tag":17,"props":336,"children":337},{},[338,343,345,351,353,359,361,368],{"type":16,"tag":24,"props":339,"children":340},{},[341],{"type":21,"value":342},"Pushing is always opt-in.",{"type":21,"value":344}," The only thing that touches a remote is an action you explicitly ask for — ",{"type":16,"tag":32,"props":346,"children":348},{"className":347},[],[349],{"type":21,"value":350},"mission --pr",{"type":21,"value":352}," (or ",{"type":16,"tag":32,"props":354,"children":356},{"className":355},[],[357],{"type":21,"value":358},"excalibur pr-create",{"type":21,"value":360},"), which branches, pushes and opens a pull request via the GitHub CLI. Without it, even a full ",{"type":16,"tag":362,"props":363,"children":365},"a",{"href":364},"\u002Fdocs\u002Fmissions",[366],{"type":21,"value":367},"mission",{"type":21,"value":369}," only commits locally; nothing leaves your machine unless you say so.",{"type":16,"tag":41,"props":371,"children":373},{"id":372},"verifiable-by-construction",[374],{"type":21,"value":375},"Verifiable by construction",{"type":16,"tag":17,"props":377,"children":378},{},[379,381,386,387,393,394,400,401,407,409,420],{"type":21,"value":380},"Runs carry ",{"type":16,"tag":24,"props":382,"children":383},{},[384],{"type":21,"value":385},"typed claims",{"type":21,"value":235},{"type":16,"tag":32,"props":388,"children":390},{"className":389},[],[391],{"type":21,"value":392},"tests_passed",{"type":21,"value":251},{"type":16,"tag":32,"props":395,"children":397},{"className":396},[],[398],{"type":21,"value":399},"type_safe",{"type":21,"value":251},{"type":16,"tag":32,"props":402,"children":404},{"className":403},[],[405],{"type":21,"value":406},"no_secrets",{"type":21,"value":408}," — each tied to an independent verifier. A run ",{"type":16,"tag":24,"props":410,"children":411},{},[412,414],{"type":21,"value":413},"cannot reach ",{"type":16,"tag":32,"props":415,"children":417},{"className":416},[],[418],{"type":21,"value":419},"completed",{"type":21,"value":421}," while a blocking claim is unverified, and an adversarial reviewer tries to refute the work before you see it.",{"type":16,"tag":182,"props":423,"children":425},{":lines":424,"title":185},"[{\"kind\":\"ok\",\"text\":\"claim  tests_passed\",\"note\":\"verified\",\"tone\":\"success\"},{\"kind\":\"ok\",\"text\":\"claim  type_safe\",\"note\":\"verified\",\"tone\":\"success\"},{\"kind\":\"ok\",\"text\":\"claim  no_secrets\",\"note\":\"verified\",\"tone\":\"success\"},{\"kind\":\"arrow\",\"text\":\"adversarial review · 0 blocking issues\",\"tone\":\"accent\"}]",[],{"type":16,"tag":41,"props":427,"children":429},{"id":428},"configuring-safety",[430],{"type":21,"value":431},"Configuring safety",{"type":16,"tag":433,"props":434,"children":438},"pre",{"className":435,"code":436,"language":437,"meta":7,"style":7},"language-yaml shiki shiki-themes github-light","# .excalibur\u002Fconfig.yaml\nsafety:\n  preset: standard-safe\n  approvals: { write: ask, apply: ask, branch: ask, push: deny, network: deny }\n  blockedPaths:\n    - \"**\u002F.env*\"\n    - \"infra\u002Fprod\u002F**\"\n  allowlist:\n    - \"pnpm test*\"      # commands that never need confirmation\n","yaml",[439],{"type":16,"tag":32,"props":440,"children":441},{"__ignoreMap":7},[442,454,470,490,591,604,618,630,643],{"type":16,"tag":443,"props":444,"children":447},"span",{"class":445,"line":446},"line",1,[448],{"type":16,"tag":443,"props":449,"children":451},{"style":450},"--shiki-default:#6A737D",[452],{"type":21,"value":453},"# .excalibur\u002Fconfig.yaml\n",{"type":16,"tag":443,"props":455,"children":457},{"class":445,"line":456},2,[458,464],{"type":16,"tag":443,"props":459,"children":461},{"style":460},"--shiki-default:#22863A",[462],{"type":21,"value":463},"safety",{"type":16,"tag":443,"props":465,"children":467},{"style":466},"--shiki-default:#24292E",[468],{"type":21,"value":469},":\n",{"type":16,"tag":443,"props":471,"children":473},{"class":445,"line":472},3,[474,479,484],{"type":16,"tag":443,"props":475,"children":476},{"style":460},[477],{"type":21,"value":478},"  preset",{"type":16,"tag":443,"props":480,"children":481},{"style":466},[482],{"type":21,"value":483},": ",{"type":16,"tag":443,"props":485,"children":487},{"style":486},"--shiki-default:#032F62",[488],{"type":21,"value":489},"standard-safe\n",{"type":16,"tag":443,"props":491,"children":493},{"class":445,"line":492},4,[494,499,504,509,513,517,521,526,530,534,538,543,547,551,555,560,564,569,573,578,582,586],{"type":16,"tag":443,"props":495,"children":496},{"style":460},[497],{"type":21,"value":498},"  approvals",{"type":16,"tag":443,"props":500,"children":501},{"style":466},[502],{"type":21,"value":503},": { ",{"type":16,"tag":443,"props":505,"children":506},{"style":460},[507],{"type":21,"value":508},"write",{"type":16,"tag":443,"props":510,"children":511},{"style":466},[512],{"type":21,"value":483},{"type":16,"tag":443,"props":514,"children":515},{"style":486},[516],{"type":21,"value":102},{"type":16,"tag":443,"props":518,"children":519},{"style":466},[520],{"type":21,"value":251},{"type":16,"tag":443,"props":522,"children":523},{"style":460},[524],{"type":21,"value":525},"apply",{"type":16,"tag":443,"props":527,"children":528},{"style":466},[529],{"type":21,"value":483},{"type":16,"tag":443,"props":531,"children":532},{"style":486},[533],{"type":21,"value":102},{"type":16,"tag":443,"props":535,"children":536},{"style":466},[537],{"type":21,"value":251},{"type":16,"tag":443,"props":539,"children":540},{"style":460},[541],{"type":21,"value":542},"branch",{"type":16,"tag":443,"props":544,"children":545},{"style":466},[546],{"type":21,"value":483},{"type":16,"tag":443,"props":548,"children":549},{"style":486},[550],{"type":21,"value":102},{"type":16,"tag":443,"props":552,"children":553},{"style":466},[554],{"type":21,"value":251},{"type":16,"tag":443,"props":556,"children":557},{"style":460},[558],{"type":21,"value":559},"push",{"type":16,"tag":443,"props":561,"children":562},{"style":466},[563],{"type":21,"value":483},{"type":16,"tag":443,"props":565,"children":566},{"style":486},[567],{"type":21,"value":568},"deny",{"type":16,"tag":443,"props":570,"children":571},{"style":466},[572],{"type":21,"value":251},{"type":16,"tag":443,"props":574,"children":575},{"style":460},[576],{"type":21,"value":577},"network",{"type":16,"tag":443,"props":579,"children":580},{"style":466},[581],{"type":21,"value":483},{"type":16,"tag":443,"props":583,"children":584},{"style":486},[585],{"type":21,"value":568},{"type":16,"tag":443,"props":587,"children":588},{"style":466},[589],{"type":21,"value":590}," }\n",{"type":16,"tag":443,"props":592,"children":594},{"class":445,"line":593},5,[595,600],{"type":16,"tag":443,"props":596,"children":597},{"style":460},[598],{"type":21,"value":599},"  blockedPaths",{"type":16,"tag":443,"props":601,"children":602},{"style":466},[603],{"type":21,"value":469},{"type":16,"tag":443,"props":605,"children":607},{"class":445,"line":606},6,[608,613],{"type":16,"tag":443,"props":609,"children":610},{"style":466},[611],{"type":21,"value":612},"    - ",{"type":16,"tag":443,"props":614,"children":615},{"style":486},[616],{"type":21,"value":617},"\"**\u002F.env*\"\n",{"type":16,"tag":443,"props":619,"children":620},{"class":445,"line":10},[621,625],{"type":16,"tag":443,"props":622,"children":623},{"style":466},[624],{"type":21,"value":612},{"type":16,"tag":443,"props":626,"children":627},{"style":486},[628],{"type":21,"value":629},"\"infra\u002Fprod\u002F**\"\n",{"type":16,"tag":443,"props":631,"children":633},{"class":445,"line":632},8,[634,639],{"type":16,"tag":443,"props":635,"children":636},{"style":460},[637],{"type":21,"value":638},"  allowlist",{"type":16,"tag":443,"props":640,"children":641},{"style":466},[642],{"type":21,"value":469},{"type":16,"tag":443,"props":644,"children":646},{"class":445,"line":645},9,[647,651,656],{"type":16,"tag":443,"props":648,"children":649},{"style":466},[650],{"type":21,"value":612},{"type":16,"tag":443,"props":652,"children":653},{"style":486},[654],{"type":21,"value":655},"\"pnpm test*\"",{"type":16,"tag":443,"props":657,"children":658},{"style":450},[659],{"type":21,"value":660},"      # commands that never need confirmation\n",{"type":16,"tag":332,"props":662,"children":663},{},[664],{"type":16,"tag":17,"props":665,"children":666},{},[667,672,674,679,681,687,689,694],{"type":16,"tag":24,"props":668,"children":669},{},[670],{"type":21,"value":671},"Enterprise",{"type":21,"value":673}," turns these repo-level controls into a server-side ",{"type":16,"tag":24,"props":675,"children":676},{},[677],{"type":21,"value":678},"policy engine",{"type":21,"value":680}," that can't be bypassed by skipping ",{"type":16,"tag":32,"props":682,"children":684},{"className":683},[],[685],{"type":21,"value":686},"init",{"type":21,"value":688},": model permissions by repo\u002Fsensitivity, server-side command allowlists, secret DLP, budgets enforced mid-run, and require-tests-before-PR. See ",{"type":16,"tag":362,"props":690,"children":692},{"href":691},"\u002Fdocs\u002Fenterprise",[693],{"type":21,"value":671},{"type":21,"value":283},{"type":16,"tag":41,"props":696,"children":698},{"id":697},"next",[699],{"type":21,"value":700},"Next",{"type":16,"tag":213,"props":702,"children":703},{},[704,718],{"type":16,"tag":217,"props":705,"children":706},{},[707,716],{"type":16,"tag":24,"props":708,"children":709},{},[710],{"type":16,"tag":362,"props":711,"children":713},{"href":712},"\u002Fdocs\u002Fautonomy-levels",[714],{"type":21,"value":715},"Autonomy levels",{"type":21,"value":717}," — the dial these guardrails wrap.",{"type":16,"tag":217,"props":719,"children":720},{},[721,728],{"type":16,"tag":24,"props":722,"children":723},{},[724],{"type":16,"tag":362,"props":725,"children":726},{"href":691},[727],{"type":21,"value":671},{"type":21,"value":729}," — org-wide governance and audit.",{"type":16,"tag":731,"props":732,"children":733},"style",{},[734],{"type":21,"value":735},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":7,"searchDepth":456,"depth":456,"links":737},[738,740,741,742,743,744],{"id":43,"depth":456,"text":739},"The standard-safe preset",{"id":172,"depth":456,"text":175},{"id":208,"depth":456,"text":211},{"id":372,"depth":456,"text":375},{"id":428,"depth":456,"text":431},{"id":697,"depth":456,"text":700},"markdown","content:docs:safety.md","content","docs\u002Fsafety.md","docs\u002Fsafety","md",[752,755],{"_path":753,"title":754,"order":10},"\u002Fdocs\u002Fdiscovery","Discovery",{"_path":691,"title":671,"order":632},[757,761,766,769,773,775,778,779,780,781,782,785,789],{"_path":758,"title":759,"order":446,"group":760},"\u002Fdocs\u002Fgetting-started","Getting started","Get started",{"_path":762,"title":763,"order":764,"group":765},"\u002Fdocs\u002Fcommands","Command reference",10,"Reference",{"_path":767,"title":768,"order":456,"group":760},"\u002Fdocs\u002Fthe-m-shell","The m-shell",{"_path":770,"title":771,"order":472,"group":772},"\u002Fdocs\u002Fworkflows","Workflows","Build",{"_path":364,"title":774,"order":492,"group":772},"Missions",{"_path":776,"title":777,"order":593,"group":772},"\u002Fdocs\u002Fdashboard","Dashboard",{"_path":712,"title":715,"order":606,"group":772},{"_path":753,"title":754,"order":10,"group":772},{"_path":4,"title":8,"order":10,"group":11},{"_path":691,"title":671,"order":632,"group":11},{"_path":783,"title":784,"order":632,"group":772},"\u002Fdocs\u002Fproviders","Models & providers",{"_path":786,"title":787,"order":645,"group":788},"\u002Fdocs\u002Fextensions","Extensions","Extend",{"_path":790,"title":791,"order":645,"group":772},"\u002Fdocs\u002Fweb-research","Web & research",1782492858468]