Jazz's security model: trust-but-verify. Agents are powerful, but you stay in control.
Dangerous operations always require explicit approval:
- Email deletion (trash or permanent)
- File creation/deletion
- Git commits and pushes
- Shell command execution
Example:
Agent: ⚠️ About to PERMANENTLY DELETE 127 emails. This cannot be undone!
Do you want me to proceed? (yes/no)
40+ dangerous patterns are blocked automatically:
| Category | Examples | Why Blocked |
|---|---|---|
| File Destruction | rm -rf /, rm -rf ~ |
Could delete entire systems |
| Privilege Escalation | sudo, su |
Could gain root access |
| Remote Execution | curl ... | sh |
Could download malware |
| System Commands | shutdown, reboot |
Could shut down system |
Shell commands run with sanitized environment variables that exclude:
- API keys (vars containing "API", "KEY", "SECRET")
- Tokens (vars containing "TOKEN", "PASSWORD")
- Credentials (vars containing "CREDENTIAL", "AUTH")
Implementation: src/core/agent/tools/env-utils.ts
All dangerous operations are logged to ~/.jazz/logs/ for audit purposes.
All operations have maximum execution times to prevent runaway processes:
- Shell commands: 30 seconds
- File operations: 10 seconds
- API requests: 30 seconds
- Git operations: 60 seconds
Principle of Least Privilege - Only give tools the agent needs:
# Good - specific tools for specific purpose
jazz agent create email-helper --tools gmail
# Bad - unnecessary access
jazz agent create email-helper --tools gmail,git,shell,filesystemApproval Checklist:
Before approving:
□ Do I understand what this will do?
□ Am I in the right directory?
□ Are the file paths correct?
□ Is this reversible if something goes wrong?
□ Do I have backups if needed?
- Start small - Test with a few emails before bulk operations
- Use trash first - Trash emails before permanent deletion
- Verify counts - Check email counts before approving deletion
- Check pwd first - Know your working directory
- Use absolute paths - Avoid ambiguity
- Test with ls - List contents before operations
- Backup before deletion - Copy important files first
- Check status first - Run
git statusbefore commits - Review diffs - See what's changed
- Verify remote - Check remote before pushing
- Never force push to main - Protect important branches
Safe:
npm install
git status
ls -la
cat package.jsonRisky (be careful):
rm -rf node_modules # Could delete wrong folder
npm install -g # Installs globally
chmod 777 * # Too permissive- Stop immediately - Exit the agent (
exit) - Assess damage - Check what was affected
- Review logs -
~/.jazz/logs/ - Restore from backup - If data was lost
Deleted files: Check trash/recycle bin, restore from backup
Git issues:
git reflog # Find previous state
git reset --hard <commit> # RestoreEmail issues: Check Gmail trash (30-day retention)
□ Agents have minimum required tools
□ Approval system is working
□ Logs are being captured
□ Backups are current
□ API keys are secure
□ Jazz is up to date
Run Jazz in Docker for additional isolation:
FROM node:20-alpine
RUN npm install -g jazz-ai
USER node
WORKDIR /home/node
CMD ["jazz"]Use dedicated accounts for automation:
- Separate Gmail account for email operations
- Separate GitHub account for bot operations
- Dedicated user account for running Jazz
Security Questions:
Report Security Vulnerabilities:
- See SECURITY.md for responsible disclosure
- Do NOT post vulnerabilities in public issues
Remember: The approval system is your safety net. Always review, always verify, always backup.