Security

Guardrails before autonomy.

Forgewarden is built around scoped credentials, small automations, visible logs and human approval for dangerous actions.

Credential posture

  • Scoped API tokens instead of global account keys
  • Wrangler/Cloudflare secrets instead of committed env files
  • GitHub secret scanning and gitleaks workflows
  • Redaction before logs, reports and model context

Operational posture

  • Read-only first when exploring unknown systems
  • Approval gates for production changes
  • Rollback notes before deploys
  • Separate local, staging and production assumptions
RiskDefault actionReason
DNS / nameserversAsk firstCan break domains, email and production services.
Billing resourcesAsk firstCan create unexpected cost.
SecretsNever print, never commitLeaked credentials remain dangerous in history.
Local tunnelsAsk firstCan expose private machines or services.
Routine reportsAutoSafe, useful and reversible.