Default posture
Two postures depending on whether the write targets an app, repo, or storage (with a known scope) or the computer’s raw filesystem. Out of the box, Kazzle ships with sensible defaults so the AI works immediately.| Category | Default | Effect |
|---|---|---|
| Terminal commands | allow | All commands allowed, with exceptions |
| Browser navigation | allow | All URLs allowed; add custom rules to restrict |
| File writes (app/repo/storage) | allow | Writes are scoped to a known root, always allowed |
| File writes (computer) | allow, except sensitive paths | .env*, .ssh/*, *.pem, *.key blocked |
| Destructive actions | ask | File deletes, app publish/delete, database deletes, risky SQL |
| Safety changes | ask (always, one-off only) | Cannot be auto-approved via “Always allow” |
Rule types
Terminal commands
Rules match by command prefix.git push matches git push origin main.
Default exceptions that require approval: git push and sudo. Default block: git push --force.
Browser URLs
Browser navigation is allowed by default on all URLs. Add custom rules on the browserurl field to restrict or require approval for specific sites.
File paths
Rules match by glob pattern.*.pem matches certificate files anywhere.
Default blocks on computer writes: .env*, .ssh/*, *.pem, *.key.
File path rules can be scoped to a specific computer. A rule with “All computers” applies everywhere. A rule scoped to one computer only applies when the AI is working on that machine. Computer-specific rules take priority over global ones.
Tool approvals
Individual tools and actions can be set to allow, ask, or block. By default,fs delete, app publish, app delete, and db delete ask for approval. Database queries (db exec) ask for risky SQL and allow low-risk statements automatically.