10 / Security

Agents should have boundaries.

Security is part of the product boundary: least-privilege tools, permission-aware context, traceable actions, and human approval for consequential work.

Ask a security question

01

Least privilege

Agents should receive only the tools, sources, and actions needed for the current workflow.

02

Traceability

Every retrieved source and external action should be available for review after a run.

03

Approval gates

High-impact actions should pause for an explicit approval instead of relying on model confidence.

04

Security questions

Email team@crumbles.dev for the current architecture and security review process.