Safety and operating rules
Buffaly is built to be the safest, most secure agent available. This is not achieved through defensive prompts, but through a fundamentally different architecture that strictly separates LLM reasoning from actual execution.
Why Buffaly is fundamentally safer
Traditional LLM agents are an operational dead-end for enterprise workflows. To get an LLM to execute a script or make an API call, you have to serialize all your data—including API keys, passwords, and sensitive customer data—into a giant text prompt. This makes them structurally vulnerable to prompt injection and data leaks.
Buffaly thinks in code; traditional AI thinks in language.
Traditional Agents (Text Serialization)
Full records are serialized and sent to the LLM context. Passwords, API tokens, and raw PHI/PII are exposed directly to the model provider.
Buffaly (Native Reference)
The LLM never sees the sensitive data. It acts as a router, triggering native, compiled C# code. Because the execution logic is compiled, prompt injection is structurally blocked.
Data & Secrets: You don't need to expose anything
Because Buffaly binds directly to your existing objects and logic, you do not need to build insecure workarounds.
- No plaintext passwords in promptsYou never need to tell Buffaly your password. The runtime accesses the secure secret store natively when executing a tool.
- No tokens in environment variablesYou do not have to export sensitive bearer tokens into your global OS environment just so a script can read them. Buffaly handles authentication bounds within its own native services.
- Opaque Handles for PHI/PIIThe safest PHI is the PHI the model never sees. Buffaly uses handles (e.g.,
Patient#A17F). The native runtime manipulates the real data locally; the LLM only reasons over the opaque handle.
That being said, you are an adult.
While the architecture protects your data, Buffaly is still a highly permissive developer tool. We do not use "training wheels."
Many consumer agents try to protect you from yourself by blocking shell commands, restricting internet access, or forcing you to approve every single file modification. Buffaly does not do this.
Buffaly assumes you know what you are doing. Shell usage is allowed. Internet access is allowed. Executing code is allowed. It will follow your instructions and execute the actions you authorize. You manage the risk by using standard engineering hygiene and promoting stable workflows into code.
Safety via Evolution (The 1-2-3 Rule)
Operational safety in Buffaly comes from removing the LLM's imagination from tasks it has already solved. Follow this escalation path to naturally secure your operations:
The First Time: Discovery
You are figuring out the task. Let Buffaly use the shell, search the web, and poke around your repository. Be careful here. Monitor the output, check the diffs, and use Git actively while you and the agent find the solution.
The Second Time: Prompt Skills
You know the steps now. Don't make the LLM guess again. Save the successful sequence as a Prompt Skill. Buffaly is now following a learned, repeatable script instead of freely improvising.
The Third Time: Deterministic Code
The workflow is stable. Tell Buffaly to write a ProtoScript action or a native C# tool for it. The LLM is now completely out of the execution loop; it just routes your intent to 100% safe, typed, deterministic software.
Standard Developer Hygiene
You don't need to treat Buffaly like a bomb waiting to go off. Just treat it like a junior developer pair-programming with you.
- Commit often. Let Buffaly commit its own work as it completes logical steps.
- Push your branches. Don't leave days of un-pushed work sitting on your local machine.
- Revert when necessary. If Buffaly goes down a rabbit hole and messes up 10 files, just `git reset --hard` or `git clean`, tell it what it did wrong, and try again.