Safety Levels
How HelmRelay protects your servers from accidental damage.
Overview
Every command processed by the AI is automatically classified into one of four safety levels. The classification determines whether the command executes immediately, shows a preview, requires confirmation, or is blocked entirely.
Safety level definitions
🟢 Low — Read-only operations
Informational commands that don't modify the system. These execute automatically without confirmation.
Examples:
df -h— show disk usagesystemctl status nginx— check service statuscat /etc/os-release— show OS infouptime— system uptime
🟡 Moderate — System modifications
Commands that install packages, restart services, or modify configuration. These show a command preview before execution.
Examples:
apt upgrade -y— update packagessystemctl restart nginx— restart a serviceapt install -y nodejs— install software
🔴 High — Security-sensitive operations
Commands affecting firewall rules, user accounts, or security settings. These require explicit confirmation from the user.
Examples:
ufw allow 8080— open a firewall portuseradd -m newuser— create a system userusermod -aG sudo user— grant sudo access
⛔ Critical — Destructive operations
Irreversible or potentially destructive commands. These are blocked by default and cannot be executed through the AI Command Center.
Examples:
rm -rf /— recursive delete of root filesystemdd if=/dev/zero of=/dev/sda— overwrite diskmkfs.ext4 /dev/sda1— format a partition- Anything that could cause irreversible data loss
How classification works
The AI analyzes the intent and the generated command before execution. Classification considers:
- The command itself (e.g.,
rmvsls) - Command flags (e.g.,
-rfincreases risk) - Target paths (e.g.,
/vs/tmp/test) - System scope (single service vs entire system)