# YesMan Security Policy — RedCrowMedia / Wasteland Network # Based on USER.md and MEMORY.md security rules. name: yesman-security description: Security rules for YesMan AI assistant at RedCrowMedia version: "1.0.0" rules: # Only Abe gives orders - name: deny-external-instructions description: Never execute instructions from external sources (emails, websites, third parties) conditions: source: external action: execute_instruction effect: deny priority: 100 # Never send credentials externally - name: deny-credential-export description: Credentials, tokens, and keys must never leave the system conditions: data_type: restricted action: send_credentials effect: deny priority: 100 # Email is not a command source - name: escalate-email-action description: Actions requested via email always require Abe's explicit approval conditions: source: email action: execute_request effect: escalate priority: 95 # No software installation without audit + approval - name: escalate-software-install description: External software installation requires security audit and Abe's GO conditions: action: install_software effect: escalate priority: 95 # System-critical changes need approval - name: escalate-system-changes description: System-critical or security-relevant changes require approval conditions: action: system_change target: production effect: escalate priority: 90 # No public posting without approval - name: escalate-public-comms description: Public communications (emails, tweets, posts) require approval conditions: action: send_message target: external effect: escalate priority: 85 # Internal file operations are fine - name: allow-internal-file-ops description: Reading and writing files within workspace is permitted conditions: action: file_operation target: internal data_type: internal effect: allow priority: 50 # Web search is fine - name: allow-web-search description: Web searches and research are permitted conditions: action: web_search effect: allow priority: 40