Guides
Project trust
Configure trust levels for project directories.
Project trust rules assign taint levels to directories. This determines the initial trust level when an AI agent operates in a given project.
Why project trust?
For AI coding tools, files are the untrusted channel. A cloned repository can contain adversarial instructions in:
README.md,CLAUDE.md,.cursorrules- Code comments and docstrings
package.jsonpostinstall scripts- Git hooks (
.git/hooks/) - CI/CD configuration files
By assigning trust based on where a project lives, Security Layer automatically restricts what an agent can do when working in untrusted code.
Configuring trust rules
Via CLI
# Trust your personal projects
sl projects trust "~/Dev/Personal/**" --taint owner
# Trust work projects at a lower level
sl projects trust "~/Dev/Work/**" --taint trusted
# Mark temporary directories as untrusted
sl projects trust "/tmp/**" --taint web
# Remove a trust rule
sl projects untrust "/tmp/**"Via config file
Edit ~/.securitylayer/projects.yaml:
version: 1
trust_rules:
- path: "~/Dev/Personal/**"
taint: OWNER
- path: "~/Dev/Work/**"
taint: TRUSTED_CONTACT
- path: "/tmp/**"
taint: WEB_CONTENT
- path: "~/Downloads/**"
taint: WEB_CONTENT
default: UNTRUSTED_HUMANTaint level mapping
| CLI Value | Taint Level | Use Case |
|---|---|---|
owner | OWNER | Your own projects |
trusted | TRUSTED_CONTACT | Known collaborators' projects |
untrusted | UNTRUSTED_HUMAN | Unknown sources |
web | WEB_CONTENT | Downloaded/cloned from internet |
skill | SKILL_GENERATED | Generated by skills |
memory | MEMORY_REPLAY | From persistent memory |
How it works
- When an AI agent starts working, Security Layer checks the current directory
- The most specific matching trust rule determines the initial taint level
- Capabilities that require higher trust are automatically restricted
- Taint can only increase during a session, never decrease
Viewing current trust
# List all trust rules
sl projects list
# Check current directory's taint
sl taint showBest practices
- Personal projects →
OWNER— Full capabilities - Work projects →
TRUSTED_CONTACT— Most capabilities, some restrictions - Open-source contributions →
UNTRUSTED_HUMAN— Limited capabilities - Downloaded repos →
WEB_CONTENT— Minimal capabilities - Temporary directories →
WEB_CONTENT— Minimal capabilities
See also
- Taint levels — Full taint level reference
- projects — CLI command reference
- taint — View taint status