CLI Safeguard Policy

The safeguard policy controls what the CLI is allowed to do. It provides a client-side safety layer on top of the server-side RBAC.

Policy file

~/.chtbio/policy.toml

This file lives in the user's home directory — outside the project directory — so AI agents working within a project cannot modify it.

Create the default policy:

chtbio config init

Default policy

~/.chtbio/policy.toml
[safeguards]
# Require confirmation before deleting
confirm_delete = true
# Require confirmation before updating
confirm_update = false
# Default to dry-run mode (no writes)
dry_run = false

[permissions]
# Client-side permission overrides
allow_create = true
allow_update = true
allow_delete = true
# Whether the CLI can manage API keys
allow_key_management = true

[output]
# Default output format: "table" or "json"
format = "table"
# Enable colored output
color = true

Safeguards

`confirm_delete`

When true (default), destructive operations prompt for confirmation:

$ chtbio links remove abc123
Delete link abc123? This cannot be undone. [y/N]:

Skip with -y: chtbio -y links remove abc123

`confirm_update`

When true, updates also prompt for confirmation. Default: false.

`dry_run`

When true, write operations print what they would do without actually doing it:

$ chtbio links add --title "Blog" --url "https://blog.test"
[dry-run] Would create link: {"title": "Blog", "url": "https://blog.test"}

Permissions

Client-side permission toggles that layer on top of server-side RBAC.

Even if the API key has admin role, the policy can restrict the CLI:

Permission	Default	Effect when `false`
`allow_create`	`true`	Blocks `add` commands
`allow_update`	`true`	Blocks `update` and `set` commands
`allow_delete`	`true`	Blocks `remove` and `revoke` commands
`allow_key_management`	`true`	Blocks `keys list/create/revoke`

Agent-safe configuration

To give an AI agent CLI access while limiting risk, create a restricted policy:

~/.chtbio/policy.toml
[safeguards]
confirm_delete = true
confirm_update = false
dry_run = false

[permissions]
allow_create = true
allow_update = true
allow_delete = false          # Agent cannot delete
allow_key_management = false  # Agent cannot manage API keys

Combine with a server-side editor role API key for defense in depth:

# Create an editor key for the agent
chtbio keys create --role editor --label "agent-key"
# Configure the agent's CLI to use it
CHTBIO_API_KEY=chtbio_... chtbio status

Two-layer security model

┌─────────────────────────────────────┐
│        CLI Policy (client)          │
│   ~/.chtbio/policy.toml             │
│   - Confirmations                   │
│   - Dry-run mode                    │
│   - Permission toggles              │
├─────────────────────────────────────┤
│        RBAC (server)                │
│   API key → role → permissions      │
│   - admin: full access              │
│   - editor: create + update         │
│   - viewer: read-only               │
└─────────────────────────────────────┘

Both layers must allow an operation for it to succeed.

Policy file​

Default policy​

Safeguards​

confirm_delete​

confirm_update​

dry_run​

Permissions​

Agent-safe configuration​

Two-layer security model​