View source: docs/05-security-model.md on GitHub
Bonsai Pods prioritize containment over paranoia. The goal is to prevent accidental damage while allowing rapid iteration.
Core Principles
- Never operate as root by default
- Limit blast radius
- Gate irreversible actions
- Prefer explicit approval over automation
Users & Permissions
Root
- Used only for initial system setup
- Never used for daily operation
bonsai (admin user)
- Primary human operator
- Has sudo access
- Owns all project files
clawdbot (operator user)
- Non-login or restricted-login user (future)
- Owns only operator processes
- No sudo access
Privileged Actions (Future-Gated)
The following actions must never be automatic:
- Database sync between environments
- Staging deployments
- Production deployments
- Service restarts affecting prod
Secrets Handling
- Secrets live in
configs/pod.env - Permissions: owner read/write only
- Never printed to logs
- Never sent to Discord
Secrets should be rotated after recording or demos.
Network Rules (v0)
- SSH only (port 22)
- UFW enabled
- Password auth disabled
- Root SSH login disabled
- No public web ports unless explicitly installed
Philosophy
The Pod is a development habitat. Security should:
- Prevent accidents
- Not block progress
- Remain understandable
If security becomes opaque, it will be bypassed. Clarity beats cleverness.