01
Least privilege
Agents should receive only the tools, sources, and actions needed for the current workflow.
10 / Security
Security is part of the product boundary: least-privilege tools, permission-aware context, traceable actions, and human approval for consequential work.
Ask a security question01
Agents should receive only the tools, sources, and actions needed for the current workflow.
02
Every retrieved source and external action should be available for review after a run.
03
High-impact actions should pause for an explicit approval instead of relying on model confidence.
04
Email team@crumbles.dev for the current architecture and security review process.