Security & Compliance All Tiers
Secure autonomous AI operations with PairCoder
Security Features
| Feature | Purpose |
|---|---|
| Contained Autonomy | Filesystem protection during autonomous mode |
| Security Agents | Pre-execution gatekeeping |
| Command Allowlists | Safe vs unsafe command classification |
| Secret Detection | Scan for leaked credentials |
| Webhook Security | Trello webhook authentication |
Meet Bellona
The pre-execution security gatekeeper is named after Bellona, the Roman goddess of war -- the defender who acts before the breach. She blocks dangerous operations before they execute, in contrast to her sister Laverna (the review-time security auditor who reports findings after the fact).
| Agent | Name Origin | Role | When Triggered |
|---|---|---|---|
| Bellona | Roman goddess of war | Pre-execution gate: scans commands, diffs, and PRs for credential exposure, dangerous operations, and policy violations. Blocks with clear explanations; warns on risky patterns. | Before Bash tool calls, before commits, before PR creation |
For the difference between Bellona (pre-execution blocking) and Laverna (review-time auditing), see the Review guide.
Contained Autonomy
Three-tier filesystem access control for autonomous AI operations:
| Tier | Access | Examples |
|---|---|---|
| Blocked | No read, no write | .env, credentials.json |
| Read-only | Can read, cannot write | CLAUDE.md, .claude/skills/ |
| Read-write | Full access | src/, tests/ |
bash
# Enter contained autonomy mode
bpsai-pair contained-auto
# Check status
bpsai-pair containment status
# Rollback if needed
bpsai-pair containment rollbackCommand Allowlists
Always Blocked
| Pattern | Reason |
|---|---|
| Hardcoded credentials | Credential exposure |
rm -rf / or rm -rf * | System destruction |
curl | bash, wget | sh | Arbitrary code execution |
eval(user_input) | Code injection |
Always Allowed
| Pattern | Reason |
|---|---|
git status, git diff, git log | Read-only |
pytest, bpsai-pair | Safe tooling |
cat, ls, grep | Read-only utilities |
Secret Detection
PairCoder scans for common secret patterns:
- AWS Keys:
AKIA[0-9A-Z]{16} - GitHub Tokens:
ghp_[A-Za-z0-9]{36} - Slack Tokens:
xox[baprs]-* - Private Keys:
BEGIN.*PRIVATE KEY
bash
# Scan staged changes
bpsai-pair security scan-secrets --staged
# Scan entire project
bpsai-pair security scan-secrets
# Install pre-commit hook
bpsai-pair security install-hookSOC2 Compliance
| Control | Description | PairCoder Feature |
|---|---|---|
| CC6.1 | Logical access security | Command allowlists |
| CC6.6 | External threat protection | Block dangerous downloads |
| CC7.1 | System change management | Pre-commit review |
| CC7.2 | Change detection | Scan all code changes |
Best Practices
For Developers
- Never commit secrets - Use environment variables
- Pin dependencies - Specify exact versions
- Validate all input - Never trust user data
- Use parameterized queries - Prevent SQL injection
For AI Agents
- Always check allowlist before executing commands
- Scan staged changes before committing
- Block and explain rather than silently failing
- Request human review when uncertain