Security templates are pre-configured security profiles for common use cases. Instead of manually configuring allowlists, blocklists, and risk thresholds, choose a template that matches your needs.
Maximum security - blocks almost everything.
Use when: Production systems, untrusted agents, high-security environments
Behavior:
- Evaluates even GREEN commands
- Denies most YELLOW/RED commands
- Requires extremely strong reasoning
- Minimal allowlist
const shell = new SecureShell({ template: 'paranoid' });Balanced security for production environments.
Use when: Production agents, automated systems, customer-facing tools
Behavior:
- Allows safe read operations
- Evaluates modifications carefully
- Blocks dangerous operations
- Moderate allowlist
const shell = new SecureShell({ template: 'production' });Permissive for development workflows.
Use when: Local development, testing, prototyping
Behavior:
- GREEN commands execute immediately
- YELLOW commands usually allowed
- RED commands require good reasoning
- Generous allowlist
const shell = new SecureShell({ template: 'development' });Optimized for automated pipelines.
Use when: Build servers, deployment automation, CI/CD
Behavior:
- Fast gatekeeper responses
- Allows build/deploy commands
- Blocks user-interactive commands
- Build-focused allowlist
const shell = new SecureShell({ template: 'ci_cd' });| Feature | Paranoid | Production | Development | CI/CD |
|---|---|---|---|---|
| GREEN auto-allow | ❌ | ✅ | ✅ | ✅ |
| YELLOW permissive | ❌ | ✅ | ✅ | |
| RED blocking | ✅ | ✅ | ✅ | |
| Speed | Slower | Medium | Fast | Fastest |
| Use case | High security | Production | Development | Automation |
You can override template settings:
const shell = new SecureShell({
template: 'production',
config: {
// Override specific settings
allowlist: ['npm', 'git', 'docker'],
blocklist: ['rm -rf /', 'dd'],
riskThreshold: 'RED' // More permissive
}
});Paranoid:
- Public-facing AI assistants
- Financial/healthcare systems
- Untrusted or experimental agents
- High-stakes environments
Production:
- Internal automation tools
- Deployed AI agents
- Customer support bots
- Monitoring systems
Development:
- Local development
- Testing new features
- Prototyping agents
- Learning/experimentation
CI/CD:
- GitHub Actions
- GitLab CI
- Jenkins pipelines
- Deployment scripts
- Start strict - Begin with
paranoid, relax as needed - Match environment - Use appropriate template for deployment
- Override selectively - Customize only what you need
- Test thoroughly - Verify behavior before production
- Monitor logs - Review audit logs to refine settings
- Risk Classification - Understanding risk tiers
- Zero-Trust Gatekeeper - How evaluation works
- Configuration - Advanced customization