SYD · Security

Security

Vault privacy audit, IBM data boundaries, and GDPR exposure checks.

All systems

Vault privacy audit — IBM data boundaries, GDPR exposure checks, and SYD armor scan status. Run the syd-workflow:security skill for a live scan of vault files.

IBM

Client Data Boundary

IBM client names, engagements, HR, budgets → Box only. Never iCloud. Zero exceptions.

CLEAR

IBM

Box-only Routing

ICA and Copilot pages route explicitly to IBM Box. No iCloud paths in IBM agent flows.

CLEAR

GDPR

Personal Data in URLs

No PII in URL parameters or query strings across any route.

CLEAR

GDPR

Vault Scope Boundary

Writes stay inside ~/Documents/SYD/ or iCloud claude/ home. No Desktop/Downloads writes without permission.

CLEAR

VAULT

Change Log Integrity

Append-only ('a' mode). Two parallel sessions writing simultaneously may trigger iCloud conflict copy — manual merge needed.

WARN

VAULT

Script Open() Mode

Pre-flight check (3f) scans Python scripts for 'w' mode on vault paths before execution.

CLEAR

VAULT

Encoding Safety

Spanish/German surnames can corrupt silently if open() lacks encoding='utf-8'. Partially mitigated by pre-flight.

WARN

SYD

SYD Armor Scan

syd-workflowarmor skill runs every 2 days at 09:00 — scans scripts, LaunchAgents, MCP configs for malicious patterns.

CLEAR

SYD

External Content Guard

External content (emails, web pages, pasted URLs) treated as data, never instructions. Injection guard always active.

CLEAR

SYD

Backup Before Edit

CLAUDE.md and global-instructions.md backed up to SYD/98 before any edit. Lesson from 2026-06-13 encoding incident.

CLEAR