Diablo_Rain/Diablo_ClaudeMD_Ricing_example
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
master
Diablo_ClaudeMD_Ricing_example/rules/security.md
diablo 50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
Details
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
Details
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
Details
CI — CoM Config Validation / Secret Detection (push) Waiting to run
Details
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
Details
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Details
CoM Claude Command Center — sanitized public configuration 
Public, sanitized mirror of an AI orchestration command center: agents, skills,
MCP servers, slash-command workflows. All infrastructure identifiers, hostnames,
mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics
scrubbed to <placeholders>; session debug logs and host-specific memory removed.
No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md.

churchofmalware.org . authorized research only
2026-06-10 02:02:03 -04:00

34 lines
1.6 KiB
Markdown
Raw Permalink Blame History

# Security Rules — Always Active
## Credential Protection
- NEVER write API keys, tokens, passwords, or secrets to any file
- NEVER commit .env, .credentials.json, config.json, *.key, *.pem files
- If a secret is found in code, immediately flag it and suggest rotation
- Use environment variables (${VAR}) for all credentials in configs
## Destructive Operation Gates
- NEVER execute `rm -rf /`, `format`, `del /s /q C:\`, or equivalents without explicit user confirmation
- NEVER execute `powershell -Command "Remove-Item -Recurse -Force"` on system directories
- NEVER force-push to main/master without explicit user instruction
- NEVER run `git reset --hard` without confirming uncommitted work is safe to lose
- NEVER delete .claude/, .git/, or node_modules/ without confirmation
## Network Safety
- NEVER pipe curl/wget output directly to shell (`curl | sh` pattern)
- NEVER download and execute scripts from untrusted URLs
- Prefer HTTPS over HTTP for all connections
- Flag any connection to non-standard ports without explanation
## Windows-Specific Guards
- NEVER modify Windows Registry without explicit confirmation
- NEVER disable Windows Defender or firewall without confirmation
- NEVER run `sfc /scannow` or `DISM` without explaining the impact
- NEVER modify boot configuration (bcdedit) without confirmation
- Flag any PowerShell execution policy changes
## Syn_OS Repo Protection
- NEVER modify files in `.git/` directory
- NEVER delete crates/ or src/ directories
- NEVER modify Cargo.lock without running `cargo check` after
- ALWAYS run safety gate (secret scan) before any git commit
Reference in New Issue View Git Blame Copy Permalink