AI Safety Layer

The AI safety layer prevents dangerous operations from being executed, protecting your data and infrastructure.

Purpose

The safety layer validates all AI-generated code before execution, blocking:

• Destructive operations
• Data loss risks
• Policy violations

Blocked Patterns

SQL Operations

The following SQL patterns are blocked:

-- ❌ BLOCKED: DROP TABLE
DROP TABLE customers;

-- ❌ BLOCKED: TRUNCATE TABLE
TRUNCATE TABLE customers;

-- ❌ BLOCKED: DELETE FROM
DELETE FROM customers;

-- ❌ BLOCKED: ALTER TABLE ... DROP COLUMN
ALTER TABLE customers DROP COLUMN email;

Dangerous Patterns

Patterns that could cause data loss or corruption are blocked.

Soft Warnings

The following patterns generate warnings but are not blocked:

-- ⚠️  WARNING: SELECT * (may be inefficient)
SELECT * FROM customers;

-- ⚠️  WARNING: UNION ALL without dedupe
SELECT * FROM table1
UNION ALL
SELECT * FROM table2;

-- ⚠️  WARNING: CROSS JOIN (may be slow)
SELECT * FROM table1
CROSS JOIN table2;

Warnings are shown but operations proceed.

Policy Checks

PII Protection

PII columns are checked against glossary policies:

# glossary.yaml
policies:
  - name: "No PII in public assets"
    rule: "PII columns cannot be in public schema"
    pii_columns: ["email", "ssn", "phone"]

Enforcement:

• PII columns are masked in context packs
• PII columns are blocked in public assets
• Policy violations are reported

Glossary Policies

Glossary policies are enforced:

# glossary.yaml
policies:
  - name: "Revenue must be positive"
    rule: "Revenue columns must be > 0"
    applies_to: ["revenue", "amount"]

Enforcement:

• Policies are checked during AI generation
• Violations are reported
• Suggestions are provided

Safety Validation Flow

1. Code Generation

AI generates code based on context pack:

msh ai new --name customer_revenue

2. Safety Check

Safety layer validates generated code:

✓ Checking for dangerous operations...
✓ Validating SQL syntax...
✓ Checking policies...
✓ Safety check passed

3. Block or Warn

If dangerous operations detected:

✗ Safety check failed: Contains 'DROP TABLE'
Blocked operations:
- DROP TABLE customers

4. User Confirmation

For warnings, user is prompted:

⚠️  Warning: SELECT * detected (may be inefficient)
Continue? (y/n):

Examples

Blocked Operation

msh ai new --name test
# Description: "Create asset that drops the customers table"

✗ Safety check failed: Contains dangerous operation 'DROP TABLE'
Blocked operations:
- DROP TABLE customers

Generation blocked for safety.

Warning

msh ai new --name test
# Description: "Create asset that selects all from customers"

⚠️  Warning: SELECT * detected (may be inefficient)
Continue? (y/n): y

✓ Asset generated successfully

Policy Violation

msh ai new --name public_customers
# Description: "Create asset with email column in public schema"

✗ Policy violation: PII column 'email' cannot be in public schema
Suggested fix: Use private schema or mask email column

Generation blocked for policy violation.

Configuration

Disable Safety (Not Recommended)

Safety layer cannot be disabled for security reasons.

Custom Policies

Add custom policies in glossary.yaml:

policies:
  - name: "Custom Policy"
    rule: "Custom rule description"
    applies_to: ["asset_pattern"]

Best Practices

Review Generated Code

Always review AI-generated code before applying:

# Preview first
msh ai new --name test

# Review generated code
cat assets/test.msh

# Apply if safe
msh ai new --name test --apply

Use Dry-Run

Use dry-run mode to preview changes:

# Preview patch
msh ai apply patch.json --dry-run

# Review changes
# Apply if safe
msh ai apply patch.json

Report Issues

Report safety issues:

# If safety layer blocks legitimate operation
# Report issue with context

Related Documentation

• AI Commands - Commands using safety layer
• Patch Engine - Patch validation
• Glossary Policies - Policy enforcement