Barbossa runs AI agents that have access to your codebase and can create commits and pull requests. This document outlines security considerations and best practices.

• GitHub repositories you configure (read/write via SSH)
• Claude API through your subscription
• Local filesystem within the Docker container

• Access to repositories not in your config
• Your GitHub password or OAuth tokens (uses SSH keys)
• Access to other services on your machine (isolated in Docker)

Always configure do_not_touch for sensitive files:

{
  "repositories": [{
    "do_not_touch": [
      ".env*",
      "*.pem",
      "*.key",
      "src/lib/auth.ts",
      "src/lib/stripe.ts",
      "prisma/migrations/",
      "secrets/",
      "config/credentials*"
    ]
  }]
}

Consider using a deploy key with limited permissions instead of your personal SSH key:

# Generate a deploy key for Barbossa
ssh-keygen -t ed25519 -f ~/.ssh/barbossa_deploy -N ""

# Add as deploy key to your repo (with write access)
# GitHub > Repository > Settings > Deploy keys

Start with manual review of all PRs:

{
  "settings": {
    "tech_lead": {
      "auto_merge": false
    }
  }
}

Even with auto_merge: true, periodically review merged PRs to ensure quality.

If you discover a security vulnerability:

1. Do NOT create a public GitHub issue
2. Open a private GitHub Security Advisory: https://github.com/ADWilkinson/barbossa-dev/security/advisories/new
3. Alternatively, email security concerns to the maintainers at gm@andrewwilkinson.io
4. Include steps to reproduce if possible

We aim to respond within 48 hours and patch critical issues quickly.

Barbossa runs in an isolated Docker container with:

• No privileged access
• Limited network access
• Volume mounts only for config and logs

Verify the container image signature:

docker pull ghcr.io/adwilkinson/barbossa-dev:latest
docker inspect ghcr.io/adwilkinson/barbossa-dev:latest

Barbossa uses the GitHub CLI for repository operations. Your credentials are stored securely by gh:

# View current auth status
gh auth status

# Refresh if needed
gh auth refresh

Claude credentials are managed by the Claude CLI and stored in your user profile, not in the container.

Keep Barbossa updated to receive security patches:

docker pull ghcr.io/adwilkinson/barbossa-dev:latest
docker compose down && docker compose up -d

All agent sessions are logged in logs/. Review periodically:

ls -la logs/
cat logs/$(ls -t logs/ | head -1)

Barbossa agents are designed to make small, focused changes. The Tech Lead agent rejects:

• PRs touching more than 15 files
• PRs to protected files
• PRs without tests (for significant changes)

This limits the blast radius of any single change.