Agent safety boundaries

Automation and MCP agents must follow the same rules as human operators.

Never

Action Reason
Delete workspace/ Destroys site state, historian, model
docker compose down -v Wipes volumes
docker volume prune Irreversible data loss
Print tokens or passwords Credential leak
BACnet write without explicit human approval Live equipment risk
Expose API on public internet OT security

Always

Action When
openfdd_rust_site_backup.sh Before updates or destructive changes
Preflight CSV import Before /api/csv/import/execute
Dry-run BACnet writes Before /api/bacnet/write
Validate after changes openfdd_rust_edge_validate.sh

Assignment rule

Bind drivers → Haystack IDs → FDD/CDL via /api/model/assignments before activating rules.

LAN / OT deployment

Run on loopback or behind VPN/TLS. JWT auth is required in production configurations.

See root AGENTS.md for session scripts.