Built for trust

Security-First Design

BonsaiPods prioritize containment over paranoia. We prevent accidents while enabling rapid iteration—because security that blocks progress will be bypassed. Clarity beats cleverness.

Core Security Principles

Every BonsaiPod is built on these foundational security practices.

Non-Root Operation

The bonsai user handles all daily operations. Root is reserved for initial setup only.

SSH Key-Only Auth

Password authentication is disabled. Access requires your SSH key—no exceptions, no workarounds.

UFW Firewall

Uncomplicated Firewall enabled by default. Only SSH (port 22) is open. All other ports are blocked.

Human Approval

AI actions require explicit approval. Nothing irreversible happens without your confirmation.

AI Operator Security

Sensei is powerful—but power without control is dangerous. Every AI action is gated, logged, and reversible.

Git-Based Audit Trail

Every change is committed to git with full history. Nothing happens in the dark. You can review, revert, or audit any action.

Discord Approval Workflow

All proposed changes surface in Discord for your review. Approve, reject, or request modifications before any action is taken.

No Destructive Actions

Database syncs, production deployments, and service restarts require explicit confirmation. Sensei prefers trash over rm.

Read-Only Mode Available

Start in observer mode. Sensei can monitor, report, and propose—without executing anything—until you're comfortable.

$ git log --oneline -5

a7f3c2d Update pricing copy (approved by @mason)

b8e4d1a Fix mobile nav alignment

c9f5e2b Add schema markup to homepage

d0g6f3c Generate daily briefing 2024-01-15

e1h7g4d Optimize image assets

Every action logged. Every change reversible.

Infrastructure Security

Your Pod is your own dedicated environment—isolated, encrypted, and maintained.

VPS Isolation

Your BonsaiPod runs on a dedicated VPS—never shared with other tenants. Your data, your server, your control.

Isolated filesystem
No shared databases
Full root access available

Encrypted Connections

All traffic is encrypted in transit. SSH for server access, HTTPS for web traffic. No plaintext, no exceptions.

SSH key authentication
TLS 1.3 for HTTPS
Let's Encrypt certificates

Regular Updates

Ubuntu LTS with automatic security updates. Your Pod stays patched without requiring manual intervention.

Ubuntu 22.04 LTS base
Unattended security patches
5-year support window

$ ls -la configs/

drwx------ 2 bonsai bonsai 4096 Jan 15 configs/

-rw------- 1 bonsai bonsai 1024 Jan 15 pod.env

$ cat configs/pod.env

# Secrets are owner-readable only

Permission denied

Secrets never printed to logs. Never sent to Discord.

Secrets Handling

API keys, database credentials, and sensitive configuration live in protected environment files with strict permissions.

Secrets stored in configs/pod.env
Owner read/write only (600 permissions)
Never printed to logs or Discord
Rotate after demos or recordings

Transparency

If security becomes opaque, it will be bypassed. We believe in clarity over cleverness.

Open Source

Built on proven open-source foundations. Roots.io, WordPress, Ubuntu LTS. No black boxes.

Full Audit Trail

Every action logged. Every commit tracked. Request a full audit of your Pod's history at any time.

No Hidden Behavior

Sensei tells you what it's doing. Proposals surface in Discord. No silent changes, no surprises.