AI Safety & Governance

Some commands should never run without a human,
a watchlist that does not have to think about it

Dangerous Command Guard is the always-on watchlist of destructive commands. DROP, TRUNCATE, force push, prod-targeted scale to zero, IAM principal delete, secret hard-delete. Any agent that proposes one of these is routed straight to Approval Queue with the highest priority. The guard is not negotiable per-incident; it is a flat policy that ships on day one.

Get Started Talk to Sales
app.novaaiops.com / dangerous-commands
● LIVE
24+
Watchlist patterns
0
Bypass without signature
Highest
Priority in Approval Queue
2-person
Required for tier-0 services
The Watchlist

Patterns, not commands

The watchlist matches on patterns, not exact strings, because attackers and clever agents both spell things creatively. The pattern set covers DDL drop/truncate, IAM principal mutations, force-push, git history rewrite, namespace delete, prod-targeted scale-down, secret hard-delete, and tenant-data export. Patterns are public so customers can audit them.

  • Regex + AST patterns: SQL gets parsed before matching; we do not just grep for "DROP" because "DROPDOWN" is fine
  • Public pattern set: customers see the full watchlist; security through obscurity is not the goal here, deterministic blocking is
  • Add your own: add tenant-specific patterns (e.g., "delete from billing_invoices") via config
app.novaaiops.com / dangerous-commands · patterns
Routing

Highest priority in Approval Queue

Watchlist commands skip the normal approval routing logic and go straight to the platform-admin tier with a 2-minute TTL. The notification fans out to Slack, email, and PagerDuty simultaneously. If the first approver does not respond in 2 minutes, the request escalates to the second platform-admin in the rotation. No silent timeouts, no lost-in-queue.

  • Skip normal routing: goes straight to platform-admin tier, not the proposing team
  • 2-minute TTL: shorter than normal approvals because the underlying problem is urgent enough to warrant agent attention
  • Triple-fan notification: Slack + email + PagerDuty, not a single channel that might be muted
app.novaaiops.com / dangerous-commands · routing
Two-Person for Tier-0

Production-critical services need two signatures

For services tagged tier-0 (payment, identity, data-of-record), watchlist commands require two distinct signers, not one. The two-person rule prevents a single compromised account from authorizing destructive change. Both signatures land in the Decision Bundle.

  • Tier-0 only: tier-1 and tier-2 services use single-signer approval; tier-0 always two
  • Distinct accounts: cannot self-approve; the two signers must be different humans
  • Captured in bundle: both signatures, with timestamps and method (web, mobile QR), in the audit record
app.novaaiops.com / dangerous-commands · two-person
Audit & Reporting

Every watchlist hit is reviewed weekly

A weekly report goes to platform-admin with every watchlist hit, who approved, who denied, what the underlying incident was, and whether the action would have been safer if delayed. Use the report to spot patterns: are agents proposing destructive actions too often? That is a tuning signal upstream of the guard.

  • Weekly report: every hit, signers, denials, downstream incidents, emailed Monday morning
  • Pattern detection: when a class of action repeatedly hits the watchlist, Nova suggests a less destructive alternative
  • Compliance export: watchlist activity is part of the SOC2 / HIPAA exports from Decision Bundles
app.novaaiops.com / dangerous-commands · report
Video walkthrough coming soon

Subscribe to Nova AI Ops on YouTube for demos, tutorials, and feature deep-dives.

A short list, never short-circuited

You do not want a clever runbook that "knows" when to bypass DROP TABLE approval. The guard is dumb on purpose, and that is the feature.

Get Started Request a Demo