# CapitalGuard AI-Agent Safe-Use Guide

## Before Giving an Agent Repo Access

1. Remove production secrets from files.
2. Block access to credentials, deployment keys, customer exports, and private certificates.
3. Require human review for CI, deployment, billing, database, and auth changes.
4. Treat docs, issues, prompts, and logs as untrusted input.
5. Redact sensitive values before summaries, exports, or support requests.
6. Review AI-agent configuration files such as `.cursor/`, `.claude/`, `.mcp.json`, `AGENTS.md`, and Copilot instruction files.
7. Review package lifecycle scripts before letting an agent install dependencies.
8. Keep cloud service accounts, kubeconfig files, package registry tokens, and Docker credentials outside the repository.

## During Agent Work

- Use the narrowest possible repository scope.
- Keep terminal execution disabled unless required.
- Review generated diffs before merge.
- Watch for hidden instructions inside docs, comments, tickets, and copied prompts.
- Log file reads, commands, policy overrides, and external tool calls.
- Do not let agents modify MCP servers, tool bridges, package install scripts, workflow permissions, or deployment manifests without human approval.
- Treat remote install commands and shell pipelines as high-risk until a human reviews them.

## After a CapitalGuard Report

- Prioritize critical and high exposure paths first.
- Deploy the generated policy file.
- Add protected reviews for sensitive paths.
- Re-scan after installing guardrails.
- Move to monitoring if AI-agent access changes weekly.
- Use the CapitalGuard local scan report to track score, risk band, triggered checks, safe fixes, and confidence levels.
