01 Browser automation Tabs, cookies, downloads, autofill, DOM actions
included in freeze plan 02 Local filesystem Repo edits, desktop files, generated artifacts
included in freeze plan 03 Shell / package managers npm, uv, brew, curl, build scripts, spawned processes
included in freeze plan 04 Secrets & auth Env vars, credential helpers, API tokens, session cookies
tap to add if exposed 05 Outbound messaging Email, Telegram, Slack, GitHub comments, public posts
tap to add if exposed 06 Peripherals Audio, USB, cameras, input devices, local network sensors
tap to add if exposed AGENT KILL SWITCH PACKET
Mission: Nightly coding agent run
Owner: Mirco
Trigger: Unexpected network egress
Mode: FREEZE
Verdict: Isolate now (97/100)
First move:
Disable outbound network except allowlisted verification endpoints and capture destination logs.
Freeze surfaces:
- Browser automation: Close sensitive tabs, block downloads, export browser action log.
- Local filesystem: Stop write access, git diff changed repos, quarantine new binaries.
- Shell / package managers: Kill child processes, disable installs, hash recent executables.
Evidence to preserve:
- Last 20 tool calls and timestamps
- Network destinations / package install logs
- Git diff and newly created files
- Human approvals or rejected actions
Release rule: resume only after one human confirms the trigger is explained, exposed credentials are rotated, and the next run has a narrower allowlist. 