By Feature · Credentials & the Safety Spine

Credentials & the Safety Spine

Agents do a lot, but never hold the keys to disaster.

This is the most important feature to get right. The principle is simple: agents should be able to do a lot, but never hold the keys to catastrophe. Before you grant autonomy, contain the blast radius — so that even a worst-case action stays recoverable.

By FeatureThe Forward-Deployed Agent Repo Hygiene GitHub, CI & Auto-Merge Autonomous Workflows Credentials & the Safety Spine Experiment Runners Roles & Orchestration Bookkeeping & Cost Routines & Tech Tree

Deploys run through Actions, not the agent

Production deploys happen via GitHub Actions + secrets— not from the agent's hands. The agent merges code; the pipeline holds the keys and ships it. That one seam keeps the deploy path deterministic and auditable while the agent stays one step removed from the credentials that matter.

Grant access indirectly

Don't hand agents SSH keys directly. Grant access indirectly via GitHub Actions so you can revoke it any time without leaking keys.

Route high-compute or sensitive operations through GitHub Actions — deploys to Cloudflare/AWS, and even experiments on your own or org GPU rigs. Everything stays deterministic and auditable.

Treat GitHub Actions as the vault for any fixed script that needs secrets or keys the agent shouldn't see raw.

Guard against disastrous data loss

Require secondary-account approval to merge into main/prod, so no single actor — human or agent — can ship to production alone.

Give the agent a dedicated user with restricted read/write rights, and back up experiment data somewhere safe from accidental deletion — even just moving it to a read-only group.

Enable GitHub's deletion-protection policy. Do this from your local machine that holds your GitHub credentials, not from the agent.

This spine is the foundation every higher warp inherits. Warp 3 and Warp 4 add more agents and more autonomy on top of exactly this containment — if the blast radius isn't contained here, it only grows as you climb.

Why it comes first

Every other feature assumes this one is in place. You can multiply agents, promote them into roles, and eventually let routines launch work on their own — but only because each of those actions runs inside this boundary. Get the safety spine right once, and the rest of the ladder is about leverage, not risk.

See it in a level

Warp 2 — Assisted →

The level where the safety spine gets built and earns the autonomy

Experiment Runners →

The same spine pointed at a third deploy target — runs on your own hardware

Warp 4 — Autopilot →

Autonomous runs operate strictly inside this boundary

Autonomous Workflows Experiment Runners