Skip to main content
AI/MLWaterplanAI

ac-safety-configure-safety

Configures guardian behavior for pi-ac-safety by reviewing defaults, proposing overrides, and updating project-level or user-level safety.yaml. Triggers on keywords: configure safety, safety config, safety yaml, guardian config

Stars
31
Source
WaterplanAI/agentic-config
Updated
2026-05-25
Slug
WaterplanAI--agentic-config--ac-safety-configure-safety
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/WaterplanAI/agentic-config/HEAD/packages/pi-ac-safety/skills/ac-safety-configure-safety/SKILL.md -o .claude/skills/ac-safety-configure-safety.md

Drops the SKILL.md into .claude/skills/ac-safety-configure-safety.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Configure Safety

Interactive safety.yaml configuration for pi-ac-safety.

Compatibility Note

Use normal chat questions and confirmations for the interactive steps. Do not assume a separate prompt tool.

Trigger

/skill:ac-safety-configure-safety

Behavior

  1. Read the 3-tier config resolution and display the current effective config:
    • Package defaults: ../../assets/config/safety.default.yaml
    • User-level: ~/.claude/safety.yaml
    • Project-level: ./safety.yaml (relative to project root)
  2. Display current effective settings per currently shipped guardian:
    • credential_guardian: blocked paths and allowed files
    • destructive_bash: category decisions (deny / ask / allow)
    • write_scope: allowed/blocked prefixes and files
    • supply_chain: category decisions and allowlists
    • playwright: allowed domains, always-blocked/always-allowed tools, and category decisions for blocked-domain navigation, file uploads, and unknown actions on the current Playwright surface
  3. Ask which guardian(s) to customize.
  4. For each selected guardian, present the current category decisions and ask for changes:
    • Show category: current_decision
    • Accept deny, ask, or allow per category
    • For list fields, show the current values and ask for additions/removals
  5. Ask the target location: project-level (./safety.yaml) or user-level (~/.claude/safety.yaml).
  6. Generate or update the YAML file at the chosen location.
    • Only write overrides; do not duplicate defaults.
    • Deep-merge with existing content if the file already exists.
  7. Validate by loading the merged config and displaying the effective result.

Steps

1. Read ../../assets/config/safety.default.yaml
2. Read ~/.claude/safety.yaml (if it exists)
3. Read ./safety.yaml (if it exists)
4. Display the merged effective config as a table
5. Ask: "Which guardian should be customized? (credential/destructive_bash/write_scope/supply_chain/playwright/all)"
6. For each selected guardian:
   a. Show categories with current decisions
   b. Ask for a new decision per category (or skip)
   c. For list fields, show current values and ask for additions/removals
7. Ask: "Save to project-level or user-level? (project/user)"
8. Write YAML with overrides only
9. Re-read and display the new effective config

Constraints

  • Never modify ../../assets/config/safety.default.yaml
  • Only write overrides; do not duplicate default values
  • Validate decisions are one of deny, ask, or allow
  • Treat playwright settings as active policy for the shipped guardian parity on the current Playwright surface
  • Preserve any existing file content by deep-merging updates