Safety and Guardrails
AgentDesk includes multiple layers of protection to ensure AI workflows operate safely and within defined boundaries.
How AI actions are limited
Change limits
The AI is restricted in how much it can change in a single workflow:
These limits prevent runaway changes and keep each fix focused and reviewable.
Blocked operations
Certain dangerous operations are automatically blocked. The AI cannot:
- Delete entire directories or critical files
- Force-push changes or overwrite history
- Reset code to a previous state
- Perform any other destructive operation that could cause data loss
Branch isolation
All code changes happen on a separate branch, never on your main branch. If anything goes wrong, the branch is cleaned up automatically and your main codebase is unaffected.
No automatic merging
The AI never merges code. All proposed changes go through a pull request that your team must review and approve before anything is merged.
Portal-specific AI context
Each portal can configure how the AI behaves for its specific environment:
Behaviour guidelines
Set a Prime Directive for your portal's AI agent from the AI Agent tab. This tells the AI what to focus on, what to avoid, and any rules specific to your environment. For example, you might restrict the AI to only work on certain services or enforce specific coding standards.
Context files
Upload reference documents (such as internal guides, architecture notes, or service documentation) that the AI reads before working on tickets. This helps the AI understand your specific systems and respond more accurately.
Workflow-level safety
- Duplicate prevention -- The same workflow cannot run twice on the same ticket simultaneously
- Timeouts -- Every workflow step has a time limit to prevent stuck processes
- Approval gates -- High-impact actions (like creating pull requests) require human approval before proceeding
- Credentials are encrypted -- All integration credentials and secrets are encrypted and never exposed in logs or AI outputs