Diablo_Rain/Diablo_ClaudeMD_Ricing_example
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
50fa79407d
Diablo_ClaudeMD_Ricing_example/rules/security.md
diablo 50fa79407d
Some checks are pending
CI — CoM Config Validation / Validate JSON Configs (push) Waiting to run
Details
CI — CoM Config Validation / Validate YAML Configs (push) Waiting to run
Details
CI — CoM Config Validation / Lint Shell Scripts (push) Waiting to run
Details
CI — CoM Config Validation / Secret Detection (push) Waiting to run
Details
CI — CoM Config Validation / Lint Markdown (push) Waiting to run
Details
CI — CoM Config Validation / Validate CODEOWNERS (push) Waiting to run
Details
CoM Claude Command Center — sanitized public configuration 
Public, sanitized mirror of an AI orchestration command center: agents, skills,
MCP servers, slash-command workflows. All infrastructure identifiers, hostnames,
mesh IPs/subnets, repo paths, maintainer identity, and hardware fleet specifics
scrubbed to <placeholders>; session debug logs and host-specific memory removed.
No live credentials. Verified clean by automated leak sweep. See SANITIZATION.md.

churchofmalware.org . authorized research only
2026-06-10 02:02:03 -04:00

1.6 KiB
Raw Blame History

Security Rules — Always Active

Credential Protection

  • NEVER write API keys, tokens, passwords, or secrets to any file
  • NEVER commit .env, .credentials.json, config.json, *.key, *.pem files
  • If a secret is found in code, immediately flag it and suggest rotation
  • Use environment variables (${VAR}) for all credentials in configs

Destructive Operation Gates

  • NEVER execute rm -rf /, format, del /s /q C:\, or equivalents without explicit user confirmation
  • NEVER execute powershell -Command "Remove-Item -Recurse -Force" on system directories
  • NEVER force-push to main/master without explicit user instruction
  • NEVER run git reset --hard without confirming uncommitted work is safe to lose
  • NEVER delete .claude/, .git/, or node_modules/ without confirmation

Network Safety

  • NEVER pipe curl/wget output directly to shell (curl | sh pattern)
  • NEVER download and execute scripts from untrusted URLs
  • Prefer HTTPS over HTTP for all connections
  • Flag any connection to non-standard ports without explanation

Windows-Specific Guards

  • NEVER modify Windows Registry without explicit confirmation
  • NEVER disable Windows Defender or firewall without confirmation
  • NEVER run sfc /scannow or DISM without explaining the impact
  • NEVER modify boot configuration (bcdedit) without confirmation
  • Flag any PowerShell execution policy changes

Syn_OS Repo Protection

  • NEVER modify files in .git/ directory
  • NEVER delete crates/ or src/ directories
  • NEVER modify Cargo.lock without running cargo check after
  • ALWAYS run safety gate (secret scan) before any git commit