Security RBAC

Last updated: April 11, 2026

Security & RBAC

The dLANDiscord backend is a powerful system capable of direct infrastructure manipulation. To ensure safety, it employs a multi-layered security model.

👥 RBAC (Role-Based Access Control)

Access to tools and information is strictly controlled based on the user's role. Roles are defined in assistant/assistant.go and checked during every tool execution.

Role Access Level Description
MasterAdmin Full Complete system access (Dan). Can approve tools and modify any code.
Partner High High trust, access to personal information and core infrastructure (Liz).
Friend Medium Trusted, can access casual features and shared information.
Business Medium Focused on business tasks, can access business tools and reports.
Guest Low Default role, very limited access to general information.
Banned None User is explicitly blocked; agents will not respond.

🏷️ Role Enforcement

Every tool defines its AllowedRoles in its markdown file (e.g., AllowedRoles: MasterAdmin, Partner).

  • Session Tool Map: When a session is created, only the tools permitted for the user's role are loaded into the agent's tool map.
  • Execution Filter: If an agent attempts to call a tool not in its session's map, the framework blocks the execution and logs a security warning.

🛡️ Command Safety & Interception

The system includes built-in safeguards to prevent dangerous or destructive operations, especially via SSH.

1. "Logic Scalpel" (Destructive Pattern Blocking)

The system uses the IsRemoteCommandSafe() function to scan all outgoing shell commands for destructive patterns:

  • Blocked: rm -rf, rmdir, mkfs, dd, shutdown, reboot, halt.
  • Blocked: iptables -F, ufw disable, and other firewall teardown commands.
  • Blocked: "Fork bombs" and other resource-exhaustion attacks.

2. Path Sanitization

All file operations (read/write/delete) are passed through filepath.Clean() to prevent directory traversal (../../) attacks. Agents are strictly confined to their authorized session directories.

3. "ACK" Security Protocol (Human-in-the-loop)

Certain high-risk operations (like firewall changes or critical server updates) require a manual "ACK" (Acknowledgement) from the user.

  • Interception: The system pauses the agent's execution.
  • Notification: The user is pinged via WhatsApp: "Master Dan, I'm about to change the firewall on server LDN. Proceed?"
  • Resumption: Execution only continues once the user sends a positive confirmation.

🔒 System Hardening

  • Bubblewrap Sandboxing: On Linux systems, shell commands can be executed within a Bubblewrap sandbox, isolating the agent from the host's /etc, /root, and other sensitive directories.
  • Container Isolation: Many agents (like Nikki) run in isolated containers with limited network access to the main host.
  • ZFS Snapshots: The system takes automatic ZFS snapshots of containerized environments before and after major operations (like those managed by AntFarm swarms) for instant rollback if something goes wrong.

For technical details on the RBAC implementation, see Assistant Core.