What can we help you with?
-
AI Skill
- Access Fingerprinter
- Accessibility Design
- Ad Campaign Optimization
- Advisor Action Framework
- AEO RECOMMENDATION TOOL - SYSTEM PROMPT
- Agentic Task Execution
- AI Candor Probe
- AI Citation Tracking
- AI Content Authenticity Detection
- AI Coworker Trust Protocol
- AI Inference Boundary Review
- AI Journalism
- AI Project Showcase Skill
- AI Self-Report Calibration
- AI Vision Diagnosis
- Antigravity Browser QA
- Antigravity Parallel Debug
- Antigravity Test Orchestration
- Apache HTTPD Configuration
- API Design
- Apple Human Interface Design System
- AppSec Engineer — API Security Specialist
- AppSec Engineer — Cloud & Container Security Specialist
- AppSec Engineer — DevSecOps Specialist
- AppSec Engineer — IAM Security Specialist
- AppSec Engineer — Security Testing & Incident Response Specialist
- Arborist / Tree Care Specialist
- Atlanta Gardening
- Atlanta Guide
- B2B Media Consulting
- Botanical Garden Taxonomist
- Botanist / Plant Scientist
- Brand Voice Development
- Business Proposal Evaluation
- Career Assessment
- Celery Task Management
- Chapter 22: Safety & Guardrails
- Chapter 26: Security Standards
- Chapter 28: Cursor Skills
- Children's Garden Educator
- Civic Tech Privacy Architecture
- Claims Integrity Audit
- CloudKit + Tauri Debugging
- Code Review
- Community Engagement Features
- Community Engagement Manager
- Competitive Analysis
- Conservation Biologist
- Content Gap Analysis
- Content Strategy
- Contract Analysis
- Conversational UI Design
- Cooking Technique Tutorial
- Copywriting
- Culinary Knowledge Lookup
- Curator of Living Collections
- Customer Journey Methodology
- Customer Support
- Data Interpretation
- Democratic Health Monitoring
- Dependency Hygiene
- Design Systems
- Dify Knowledge Base Management
- Director of Education
- Director of Horticulture
- Director of Science & Research
- Dive Conditions Forecasting
- Dive Planning
- Dive Site Data Ingestion
- Diversity, Equity & Inclusion (DEI) Coordinator
- Docker Compose Management
- Education Curator
- Education Program Coordinator
- Email Campaign Automation
- Email Parsing — Travel Bookings
- Estate Accounting
- Estate and Trust Management
- Estate Document Extraction
- Estate Jurisdiction Engine
- Estate Manager — Build Plan
- Estate Manager — Updated Product Roadmap
- Estate Professional — CPA / Accountant
- Estate Professional — Elder Law Attorney
- Estate Professional — Enrolled Agent
- Estate Professional — Estate Planning Attorney
- Estate Professional — Financial Advisor
- Estate Professional — Insurance Agent
- Estate Professional — Probate Attorney
- Estate Professional — Probate Litigation Attorney
- Estate Professional — Real Estate Agent
- Estate Professional — Real Estate Appraiser
- Estate Professional — Real Estate Attorney
- Estate Professional — Tax Attorney
- Estate Professional — Title Company
- Estate Task Automation
- EventKit Calendar Sync
- Executive Advisor Board — Build Plan
- Executive Board Advisor
- Executive CCO (Chief Customer Success Officer)
- Executive CEO
- Executive CFO
- Executive CHRO
- Executive CMO
- Executive COO
- Executive CPO (Chief Product Officer)
- Executive CRO (Chief Revenue Officer)
- Executive CTO
- Executive General Counsel
- Expat Planning
- Expat Tax Compliance
- Fact-Checking
- Family Gamification Design
- FastAPI Development
- Federal Register API Integration
- FIFA 2026 World Cup Travel Advisory
- Financial Analysis
- Flask Application Development
- FLUX Image Generation
- FLUX Operations
- Garden Technician
- Gardener / Groundskeeper
- Generative Engine Optimization
- GIS / Mapping Specialist
- Grateful Dead Historian
- Greenhouse Manager
- Greenhouse Technician
- Guided Content Journeys
- Head Gardener / Garden Manager
- Herbarium Curator
- Horticulturist
- Image Generation Service Operations
- Influencer Marketing
- Infrastructure Operations
- Infrastructure Upgrades
- Integrated Pest Management (IPM) Specialist
- Interaction Design
- Internship Program Coordinator
- Interview Coaching Design
- Irrigation Specialist
- ITI Audience Development
- ITI Consulting Intake
- ITI Content Strategy
- ITI Financial Modeling
- ITI MD to Wordpress HTML Converter
- ITI Quality Assurance
- ITI Report Synthesis
- ITI Strategic Planning
- ITI Technology Strategy
- ITI Token Compression Skill
- Java Development
- Journey Mapping
- Landing Page Optimization
- Lead Qualification
- Local SEO Optimization
- Marine Life Identification
- Market Research
- MCP Client for Tauri
- MCP Server Development
- Meal Planning
- Meeting Management
- Mental Load Equity Design
- Multi-Agent Deliberation Design
- Multilingual Content Management
- Music Discovery
- n8n + Dify Testing
- n8n Debugging
- n8n Workflow Development
- News Credibility Scoring
- Nginx Reverse Proxy
- Objection Handling
- Onboarding Design
- Pinecone Embedding Management
- Podcast Production
- Political Speech Analyzer
- PostgreSQL Administration
- Presentation Design
- Press Release Writing
- PRISM ZIP Code → Zone Lookup
- Privacy Compliance
- Product Design
- Product Roadmap Update Prompt
- Professional Selection
- Project Management
- Prompt Auditor
- Proposal Evaluation
- Public Relations Manager
- RabbitMQ Messaging
- Recipe Formatting
- Redis Operations
- Release Management
- Requirements Writing
- Research Associate / Lab Technician
- Retirement Calculator Engine
- Roadmap Build Planning
- Safety Guardrails
- Salary Negotiation Frameworks
- Schema Markup Generation
- School Programs Specialist
- Scope Control
- Scouting Trip Planning
- Screenshot Capture Guide
- Seed Bank Curator
- SEO & AEO Optimization
- Session Context Protocol
- Skills Index
- Social Media Content Calendar
- Stable Diffusion Image Generation
- Tauri Desktop Development
- Tavily & Pinecone Integrations
- Tavily API Quick Reference - Factchecker Plugin
- Tech Debt Analysis
- Technical Writing
- Test Plan Writing
- Therapeutic Horticulture Program Manager
- Travel Planning
- TSP Route Optimization
- UI Design
- UX Research
- Vibe Coding Guardrails
- Video Scripting
- Visual Brand Design
- Volunteer Coordinator
- Weather-Disease Modeling
- Wildlife Habitat Certification Guide
- WordPress SEO Plugin Integration
- Workflow Adapter Integration
- Show Remaining Articles (211) Collapse Articles
-
Product Showcase
- AEO Optimizer Product Showcase
- AI News Cafe Product Showcase
- AI Project Showcase: Journey Mapper (Customer Journey Mapper)
- AI Project Showcase: SEO Assistant with LLM
- Estate Manager Product Showcase
- Executive Advisor Board Product Showcase
- Expat Advisor Showcase
- Factchecker Product Showcase
- Farmers Bounty Product Showcase
- Gardener's Bounty AI Assistant Product Showcase
- GD Claude Chatbot Product Showcase
- IT Influentials Agent POC Product Showcase
- IT Influentials Agent Product Showcase
- IT Influentials Express Agents Product Showcase
- My TravelPlanner Product Showcase
- Patriot Agent Product Showcase
- Patriot University Showcase
- ScubaGPT — Product Showcase
- ScubaGPT Showcase
- WordPress Plugin Clone Safety Checker Showcase
- Show Remaining Articles (5) Collapse Articles
-
ITI Knowledge System
- Chapter 1: Introduction
- Chapter 10: n8n — Debugging & Operations
- Chapter 11: Dify — Knowledge Bases & RAG
- Chapter 12: The ITI Workflow Adapter
- Chapter 13: The ITI Shared Library
- Chapter 14: WordPress Plugin Development
- Chapter 15: Desktop Apps with Tauri 2
- Chapter 16: Python Services
- Chapter 17: iOS & macOS with Swift
- Chapter 18: Claude & the Anthropic API
- Chapter 19: Prompt Engineering
- Chapter 2: Workspace Overview
- Chapter 20: Agents, Skills & Pipelines
- Chapter 21: Knowledge Bases
- Chapter 22: Safety & Guardrails
- Chapter 23: Build Session Protocol
- Chapter 24: Required Product Artifacts
- Chapter 25: Testing
- Chapter 26: Security Standards
- Chapter 27: Deployment
- Chapter 28: Cursor Skills
- Chapter 29: Cursor Rules
- Chapter 3: The Docker Stack
- Chapter 30: MCP Integrations
- Chapter 31: Builder and Agent Roles
- Chapter 32: Builder's Portfolio
- Chapter 33: Claims Integrity & Content Governance
- Chapter 4: Daily Operations
- Chapter 5: Infrastructure Upgrades
- Chapter 6: PostgreSQL & pgvector
- Chapter 7: Redis
- Chapter 8: Nginx Reverse Proxy
- Chapter 9: n8n — Workflow Development
- Show Remaining Articles (18) Collapse Articles
-
AI Agent
-
User Guide
- ADMIN-SHORTCODES.html Update Summary
- Factchecker Plugin - Installation Guide
- Factchecker Plugin - Troubleshooting Guide
- Farmers Bounty - Quick Start Guide
- Farmers Bounty - Troubleshooting Guide
- Farmers Bounty - User Guide
- Farmers Bounty Chatbot - Complete Documentation
- Farmers Bounty Desktop User Guide
- Farmers Bounty Plugin - Gardener's Review Guide
- Farmers Bounty Plugin v6.6.0 - Release Notes
- Farmers Bounty v2.0 - Complete User Guide
- Farmers Bounty v5.3.0 - Complete User Guide
- SEO Assistant with LLM
- 🌱 Farmers Bounty Homepage Shortcode - Quick Start
- 🌱 Farmers Bounty Shortcodes
- 🌹 Grateful Dead Chatbot - Quickstart Guide ⚡
- Show Remaining Articles (1) Collapse Articles
-
Requirements
-
ScubaGPT
-
Grateful Dead Chatbot
-
Farmers Bounty
- 01 current state analysis
- 02 architecture overview
- 03 data sources
- 05 cost analysis
- 06 database schema
- 08 ui ux changes
- 09 ai context optimization
- 10 testing validation
- 11 risk mitigation
- 12 implementation checklist
- ADMIN-SHORTCODES.html Update Summary
- Atlanta Gardening
- Beneficial Insects Guide for Georgia Gardens
- Botanical Garden Taxonomist
- Children's Garden Educator
- Farmers Bounty - Quick Start Guide
- Farmers Bounty - Troubleshooting Guide
- Farmers Bounty - User Guide
- Farmers Bounty Chatbot - Complete Documentation
- Farmers Bounty Desktop User Guide
- Farmers Bounty Plugin - Gardener's Review Guide
- Farmers Bounty Plugin v6.6.0 - Release Notes
- Farmers Bounty v2.0 - Complete User Guide
- Farmers Bounty v5.3.0 - Complete User Guide
- Glossary
- Integrated Pest Management (IPM) Specialist
- PRISM ZIP Code → Zone Lookup
- Public Relations Manager
- Recipe Formatting
- Research Associate / Lab Technician
- School Programs Specialist
- Seed Bank Curator
- Volunteer Coordinator
- Weather-Disease Modeling
- Wildlife Habitat Certification Guide
- 🌱 Farmers Bounty Homepage Shortcode - Quick Start
- 🌱 Farmers Bounty Shortcodes
- Show Remaining Articles (22) Collapse Articles
-
Technical Document
- Accessibility Design
- Agentic Task Execution
- AI Candor Probe
- AI Coworker Trust Protocol
- AI Inference Boundary Review
- AI Vision Diagnosis
- Antigravity Browser QA
- Antigravity Parallel Debug
- Antigravity Test Orchestration
- AppSec Engineer — IAM Security Specialist
- Chapter 22: Safety & Guardrails
- Chapter 26: Security Standards
- Civic Tech Privacy Architecture
- ClaimReview Schema Integration
- Claims Evidence Registry
- Code Review
- IT Influentials Express Agents Product Showcase
- Java Development
- MCP Client for Tauri
- MCP Server Development
- Nginx Reverse Proxy
- Pinecone Embedding Management
- PostgreSQL Administration
- Product Roadmap Update Prompt
- Prompt Auditor
- RabbitMQ Messaging
- Redis Operations
- Release Management
- Retirement Calculator Engine
- Roadmap Build Planning
- Schema Markup Generation
- ScubaGPT — Architecture
- ScubaGPT Safety Guardrails - Quick Reference
- Session Context Protocol
- Stable Diffusion Image Generation
- Tauri Desktop Development
- Tavily & Pinecone Integrations
- Tavily API Quick Reference - Factchecker Plugin
- Tech Debt Analysis
- Test Plan Writing
- Travel Planner — n8n + Dify Integration Guide
- UI Design
- UX Research
- Vibe Coding Guardrails
- WordPress Plugin Clone Safety Checker Showcase
- Workflow Adapter Integration
- Show Remaining Articles (31) Collapse Articles
-
Answer Engine Optimizer
-
SEO Optimizer
-
Travel Planner
-
Fact Checker
-
Estate Manager
-
ITI Operations
- Access Fingerprinter
- Accessibility Design
- Advisor Action Framework
- Agentic Task Execution
- AI Candor Probe
- AI Content Authenticity Detection
- AI Coworker Trust Protocol
- AI Inference Boundary Review
- AI Project Showcase Skill
- AI Self-Report Calibration
- Antigravity Browser QA
- Antigravity Parallel Debug
- Antigravity Test Orchestration
- Apple Human Interface Design System
- AppSec Engineer — API Security Specialist
- AppSec Engineer — DevSecOps Specialist
- Chapter 32: Builder's Portfolio
- CloudKit + Tauri Debugging
- Code Review
- Content Strategy
- Customer Journey Methodology
- Customer Support
- Data Interpretation
- Dependency Hygiene
- End-User Documentation Requirements Document
- Farmers Bounty Plugin - Gardener's Review Guide
- Generative Engine Optimization
- Guided Content Journeys
- Influencer Marketing
- Infrastructure Upgrades
- Interaction Design
- IT Influentials Agent POC Product Showcase
- IT Influentials Agent Product Showcase
- IT Influentials Express Agents Product Showcase
- ITI Audience Development
- ITI Consulting Intake
- ITI Financial Modeling
- ITI Quality Assurance
- ITI Report Synthesis
- ITI Strategic Planning
- ITI Token Compression Skill
- Market Research
- MCP Server Development
- Multi-Agent Deliberation Design
- Multilingual Content Management
- n8n Debugging
- n8n Workflow Development
- Pinecone Embedding Management
- Privacy Compliance
- Product Roadmap Update Prompt
- Project Management
- Prompt Auditor
- Proposal Evaluation
- Redis Operations
- Release Management
- Requirements Writing
- Roadmap Build Planning
- Safety Guardrails
- Scope Control
- Screenshot Capture Guide
- Stable Diffusion Image Generation
- Tavily & Pinecone Integrations
- Technical Writing
- Test Plan Writing
- UI Design
- UX Research
- Vibe Coding Guardrails
- Wordpress Plugin Install Safety Features
- Show Remaining Articles (53) Collapse Articles
-
ITI Marketing
- Articles coming soon
-
Patriot University
-
Personal Assistant
< All Topics
Print
Chapter 22: Safety & Guardrails
Posted
Updated
ByPeter Westerman
Chapter 22: Safety & Guardrails
Last Updated: 2026-04
## 22.1 Overview
Safety guardrails protect users from harmful AI outputs, protect ITI from legal and reputational risk, and ensure that AI-generated code meets security standards. Two complementary guardrail systems govern all ITI development:
| System | Scope | Tool |
|——–|——-|——|
| Vibe Coding Safeguards | AI-assisted development practices | Vibe Coding Guardian agent + vibe-coding-guardrails skill |
| AI Safety Guardrails | AI output behavior in high-stakes products | safety-guardrails skill + product-level prompt constraints |
| Claims Integrity | Published content accuracy | claims-integrity-audit + claims-evidence-registry skills |
| Dependency Hygiene | Third-party dependency management | dependency-hygiene skill |
22.2 Vibe Coding Safeguards
“Vibe coding” refers to AI-assisted development where the developer accepts AI-generated code without rigorous review. While this accelerates development, it introduces 15 known pitfall categories. The Vibe Coding Safeguards system requires that every ITI product address all 15.
The 15 pitfall categories
| # | Pitfall | Safeguard |
|---|---|---|
| 1 | Hardcoded secrets | API keys in Keychain/env only; .env in .gitignore
|
| 2 | Unsanitized input | Platform sanitization functions on all user input |
| 3 | Unescaped output | Platform escape functions on all output |
| 4 | Missing nonce/CSRF |
check_ajax_referer() on every WordPress AJAX handler |
| 5 | Eval on user data | Never use eval(), exec(), or equivalent on user input |
| 6 | Missing permission checks |
current_user_can() / capability checks before privileged actions |
| 7 | Committed secrets | Pre-commit hook or .gitignore enforcement |
| 8 | Missing error logging | All errors logged; security events explicitly logged |
| 9 | Scope creep | Scope Owner agent review for any out-of-scope additions |
| 10 | Missing tests | QA agent writes tests for every new feature |
| 11 | Stale context | Context Keeper agent maintains CLAUDE.md accuracy |
| 12 | Missing artifacts | All 5 required artifacts present (see Chapter 24) |
| 13 | Dependency audit skipped |
dependency-hygiene skill applied before any new dependency |
| 14 | No deployment procedure | DEPLOY.md exists and is tested before first deployment |
| 15 | Claims without evidence | Claims Ombudsman agent audits all marketing and documentation |
Running a Vibe Coding Guardrail audit
At the start of a new product kickoff and before any release:
“Run a vibe coding guardrail audit on [product name].”
The Vibe Coding Guardian agent reviews the product against all 15 pitfalls and produces a pass/fail report with remediation steps. Alternatively, apply the vibe-coding-guardrails skill directly for a structured risk scorecard and prioritized remediation plan.
22.3 AI Safety Guardrails for High-Stakes Products
Some ITI products operate in domains where incorrect AI outputs can cause real harm: medical, legal, financial, or safety-related advice. These products require additional guardrails in their system prompts.
Risk tiers
| Tier | Domain | Required Guardrails |
|---|---|---|
| Low | Travel, gardening, general advice | Standard output quality controls |
| Medium | Career, financial planning | Uncertainty acknowledgment; professional referral paths |
| High | Medical, legal, safety | Mandatory disclaimers; refusal rules; emergency referrals |
Required guardrails for Tier 2 (Medium) products
## Limitations
- I provide information and analysis, not professional [financial/legal/medical] advice.
- Consult a qualified professional before making major [financial/legal/health] decisions.
- My knowledge has a training cutoff. For current regulations or market conditions, verify with an up-to-date source.
Required guardrails for Tier 3 (High) products
## Non-Negotiable Safety Rules
1. I will not diagnose medical conditions or prescribe treatments.
2. For any medical emergency, immediately respond: "This is a medical emergency.
Call 911 (US) or your local emergency number immediately."
3. I will not provide legal advice that constitutes attorney-client relationship.
4. I will acknowledge uncertainty: if I am not confident in information,
I will say so explicitly rather than presenting a guess as fact.
5. I will always provide a referral path to a qualified professional.
22.4 The Prompt Auditor
Before building any new AI feature, apply the Prompt Auditor skill. It checks system prompts for common failure patterns identified in ITI’s RAID (Risks, Assumptions, Issues, Dependencies) history.
“Apply the prompt-auditor skill to this system prompt: [paste prompt]”
The auditor flags:
- Scope ambiguity — unclear what the model should/shouldn’t do
- Missing verification steps — no way to validate outputs
- Underspecified user scenarios — edge cases not addressed
- Safety gaps — missing constraints for the product’s risk tier
- Format conflicts — contradictory output format instructions
22.5 Claims Integrity
All marketing content, portfolio documents, and product descriptions must pass a Claims Integrity audit before publication.
The Claims Ombudsman agent audits:
- Factual accuracy of all stated claims
- Evidence supporting performance claims (“increases conversions by 40%”)
- Currency of cited statistics and sources
- Legal exposure from unsubstantiated superlatives
Run the audit:
“Run a claims integrity audit on [document].”
Claims evidence registry
All claims used in marketing are tracked in a Claims Evidence Registry with:
- The claim text
- The evidence supporting it (source, date, methodology)
- Staleness threshold (date after which evidence must be refreshed)
The registry lives in ITI/operations/ and is maintained by the Claims Evidence Curator agent. Two skills support this process: claims-integrity-audit for running audits and claims-evidence-registry for building and maintaining registries.
22.6 Security Standards for All Code
These rules apply to all ITI code, regardless of whether it was written by a human or an AI agent:
| Rule | Applies To |
|---|---|
| Never hardcode API keys or passwords | All platforms |
| Sanitize all user input before processing | All platforms |
| Escape all output before rendering | All platforms |
Never commit .env or credential files to Git |
All platforms |
Never use eval() on user-controlled data |
PHP, JS, Python |
| Log all security events (failed auth, invalid tokens) | All platforms |
| Use prepared statements for all database queries | PHP, Python, Rust |
Full security standards are in Chapter 26 — Security Standards.
Previous: Chapter 21 — Knowledge Bases | Next: Chapter 23 — Build Session Protocol
Table of Contents
