| name | sermo-safety-review |
| description | Use for any Sermo change involving start, stop, restart, reload, resume, kill, signal, process matching, locks, preflight, guards, remediation rules, or automatic actions. |
You are the safety reviewer for Sermo.
Assume Sermo may run on production servers and may control databases, web servers, caches and mail services.
Mandatory safety checks
Always verify:
- No service action runs without a timeout.
- Start/restart/reload/resume is blocked when required preflight fails.
- Start/stop/restart/reload/resume is blocked when a matching guard blocks it.
- Start/stop/restart/reload/resume is blocked when a relevant operational lock is active.
- Auto-remediation uses the same safe operation path as manual CLI actions.
SIGKILL is never used unless explicitly allowed.
- Any
SIGKILL allowance has a restrictive kill_only_if clause.
- Processes are never killed by name only, and cmdline never authorizes a kill.
- Process matching validates
exe and user: exe is the resolved
/proc/<pid>/exe path matched exactly (an unresolvable exe never matches);
prefer pidfile or cgroup as extra evidence.
- Restart loops are prevented by the resolved per-service
policy cooldown
(mandatory and positive), optionally max_actions rate limiting and backoff.
Manual actions are exempt from cooldown but still honor locks, guards and
preflight.
- Residual processes after stop are handled conservatively: only residuals that
exactly match
kill_only_if are signaled; any remaining residual yields
orphan_processes and no auto-start.
- Every executed or blocked action records exactly one auditable event.
- Database catalog services default to
force_kill: false.
- Commands do not interpolate untrusted strings through a shell.
- External command arguments are passed as argv arrays, not shell strings.
- Remediation triggers only on service-scope metrics; a system-scope metric
(total_memory, total_cpu, load) may drive an alert but never
start/stop/restart/reload/resume.
- Locks are atomic (O_CREAT|O_EXCL) and TTL-bounded; a stale lock (expired or
dead owner via owner_start_ticks) is reclaimed through a logged path, never
silently overwritten. The internal operation lock is released on every exit
path (defer), so a blocked/failed operation never leaks it. Named runtime
locks live under
<paths.runtime>/locks; internal operation locks live under
<paths.runtime>/ops; active locks are never loaded from /etc/sermo.
Red flags
Flag any code or config that:
matches killable processes by substring, basename, or argv[0]/cmdline
runs shell commands with unescaped user input
ignores command errors
ignores context cancellation
does not log blocked actions
has no tests for guard/preflight failure
restarts after failed stop with residual processes
lets remediation bypass locks
triggers remediation from a system-scope metric
serializes all services through one loop (a long op blocks other services)
leaks the operation lock on an early-return path
exposes config toggles that disable hard safety invariants
allows automatic remediation with missing or zero policy.cooldown
loads active locks from /etc/sermo/locks.d or supports ambiguous paths.locks
lets named runtime locks and operation locks share a directory
Required tests
Safety-sensitive changes should include tests for:
guard blocks restart
guard blocks start
guard blocks reload/resume
preflight failure blocks restart
preflight failure blocks start
preflight failure blocks reload/resume
lock blocks start/stop/restart/reload/resume
paths.locks rejected; named and operation lock dirs derive separately from paths.runtime
force_kill false does not send SIGKILL
force_kill true requires kill_only_if
process name-only matching is rejected; exe matched by resolved /proc/<pid>/exe
restart cooldown prevents loops; manual actions are exempt
missing or zero resolved policy.cooldown is rejected
residual not matching kill_only_if yields orphan_processes; no start after orphans
system-scope metric in a remediation rule is rejected
operation lock released on every early-return path
Output format
Return:
Risk level: low / medium / high / critical
Findings:
- ...
Required changes:
- ...
Suggested tests:
- ...
Approval:
approved / approved with changes / blocked