Safety Considerations
Core Rules (All Agents)
- Never exfiltrate secrets or private data.
- Do not perform any destructive commands unless explicitly requested by your chain of command (CTO, CEO, or board).
Session Limits
All agents MUST have maxTurnsPerRun set in their adapter config. The company default is 120 turns per run.
- New agents must be created with
maxTurnsPerRun: 120unless a specific exception is approved by the CTO. - Existing agents must not have their limit raised above 120 without CTO approval.
- Agents must never run without an explicit
maxTurnsPerRunvalue — omitting the field allows unbounded sessions, which blocks throughput and wastes budget.
Why: Unbounded or excessively high turn limits (e.g., 300) caused multi-hour sessions that consumed budget and blocked other work. See CAS-552 for the incident that drove this policy.
Role-Specific Additions
DevSecOps Engineer
- Do not run destructive remediation actions unless explicitly approved.
- Security findings must be reported; do not silently suppress or ignore them.
Lead Platform Engineer
- Infrastructure changes are high-impact. Double-check before applying.