2026-02-09 · Authensor

SafeClaw Policy Recipe: Content Generation Agent

This policy is for AI agents that generate written content — blog posts, marketing copy, documentation, social media posts, or email templates. The agent can read reference materials and write output to a designated content directory. Shell access, network access, and writes outside the content directory are blocked. Install SafeClaw with npx @authensor/safeclaw and paste this into safeclaw.config.yaml.

Use Case

A content generation agent produces text based on briefs, style guides, and reference documents. It may run as part of a CMS pipeline, a marketing automation tool, or a documentation generator. The agent reads input briefs, style guides, and existing content for context, then writes new or updated content files. Risks include the agent modifying non-content files (source code, configuration), executing shell commands to access the broader system, or making network requests that leak draft content or internal information. This policy confines the agent to a strict read-reference, write-content pattern.

The Policy

# safeclaw.config.yaml — Content Generation Agent

For: Blog generators, documentation writers, marketing copy agents


Install: npx @authensor/safeclaw

version: "1.0"
agent: content-writer
defaultAction: deny


rules:
  # --- FILE READ RULES ---



# Block reading credential files
  - id: deny-read-env
    action: file_read
    target: "*/.env"
    decision: deny
    description: "Block reading environment secret files"



# Block reading system files
  - id: deny-read-system
    action: file_read
    target: "/etc/**"
    decision: deny
    description: "Block reading system configuration"



# Block reading source code (content agent does not need code access)
  - id: deny-read-src
    action: file_read
    target: "./src/**"
    decision: deny
    description: "Block reading application source code"



# Allow reading content briefs and assignments
  - id: allow-read-briefs
    action: file_read
    target: "./briefs/**"
    decision: allow
    description: "Allow reading content briefs and writing assignments"



# Allow reading style guide
  - id: allow-read-style-guide
    action: file_read
    target: "./style-guide/**"
    decision: allow
    description: "Allow reading brand voice and style guidelines"



# Allow reading existing content for reference and consistency
  - id: allow-read-existing-content
    action: file_read
    target: "./content/**"
    decision: allow
    description: "Allow reading published content for context"



# Allow reading templates
  - id: allow-read-templates
    action: file_read
    target: "./templates/**"
    decision: allow
    description: "Allow reading content templates and layouts"



# Allow reading SEO keyword lists
  - id: allow-read-seo
    action: file_read
    target: "./seo/**"
    decision: allow
    description: "Allow reading SEO keyword research files"



# Allow reading media asset metadata
  - id: allow-read-assets
    action: file_read
    target: "./assets/metadata/**"
    decision: allow
    description: "Allow reading image/video metadata for alt text"



# --- FILE WRITE RULES ---



# Block writing to briefs (input is read-only)
  - id: deny-write-briefs
    action: file_write
    target: "./briefs/**"
    decision: deny
    description: "Block modifying input briefs"



# Block writing to style guide
  - id: deny-write-style-guide
    action: file_write
    target: "./style-guide/**"
    decision: deny
    description: "Block modifying style guidelines"



# Block writing outside project
  - id: deny-write-outside
    action: file_write
    target: "/**"
    decision: deny
    description: "Block writing to absolute paths outside project"



# Allow writing new content drafts
  - id: allow-write-drafts
    action: file_write
    target: "./content/drafts/**"
    decision: allow
    description: "Allow writing draft content files"



# Allow writing content to published directory (for review pipeline)
  - id: allow-write-content
    action: file_write
    target: "./content/generated/**"
    decision: allow
    description: "Allow writing generated content output"



# Allow writing SEO metadata files
  - id: allow-write-seo-meta
    action: file_write
    target: "./content/seo-meta/**"
    decision: allow
    description: "Allow writing SEO metadata (titles, descriptions)"



# Allow writing content logs
  - id: allow-write-logs
    action: file_write
    target: "./logs/content/**"
    decision: allow
    description: "Allow writing content generation logs"



# --- SHELL EXEC RULES ---



# Block all shell execution — content agents do not need shell
  - id: deny-shell-all
    action: shell_exec
    target: "*"
    decision: deny
    description: "Block all shell commands — no shell access for content generation"



# --- NETWORK RULES ---



# Block all network access — content is generated from local references
  - id: deny-network-all
    action: network
    target: "*"
    decision: deny
    description: "Block all network access — no external data fetching"

What This Policy Allows

What This Policy Blocks

What Requires Approval

This policy does not include require_approval rules because content generation is a contained write-to-directory workflow. To add approval gates, consider:

Customization Guide

  1. Change the content directory structure. Replace ./content/drafts/ and ./content/generated/ with your CMS's actual content paths. If you use Hugo, the path might be ./content/posts/. For Next.js blogs, it might be ./posts/ or ./app/blog/**.
  1. Allow network access for research. If the content agent should be able to fetch external research, add specific network allow rules for approved domains (e.g., target: "https://en.wikipedia.org/*") above the deny-network-all rule. Keep the deny catch-all to block everything else.
  1. Add image generation output. If the agent generates images alongside text (via DALL-E or similar), add a file_write allow rule for ./content/images/ or ./assets/generated/ to permit image output.

Example Session

1. ALLOW — Agent reads a content brief:

{
  "actionType": "file_read",
  "target": "./briefs/2026-02-blog-ai-safety.md",
  "agentId": "content-writer",
  "decision": "ALLOW",
  "rule": "allow-read-briefs",
  "evaluationTime": "0.3ms"
}

2. ALLOW — Agent reads the style guide:

{
  "actionType": "file_read",
  "target": "./style-guide/tone-and-voice.md",
  "agentId": "content-writer",
  "decision": "ALLOW",
  "rule": "allow-read-style-guide",
  "evaluationTime": "0.2ms"
}

3. ALLOW — Agent writes a draft blog post:

{
  "actionType": "file_write",
  "target": "./content/drafts/ai-safety-best-practices.md",
  "agentId": "content-writer",
  "decision": "ALLOW",
  "rule": "allow-write-drafts",
  "evaluationTime": "0.3ms"
}

4. DENY — Agent attempts to read source code:

{
  "actionType": "file_read",
  "target": "./src/api/routes.ts",
  "agentId": "content-writer",
  "decision": "DENY",
  "rule": "deny-read-src",
  "evaluationTime": "0.2ms"
}

5. DENY — Agent attempts to run a shell command:

{
  "actionType": "shell_exec",
  "target": "cat /etc/passwd",
  "agentId": "content-writer",
  "decision": "DENY",
  "rule": "deny-shell-all",
  "evaluationTime": "0.2ms"
}

Every evaluation is logged to SafeClaw's tamper-proof audit trail (SHA-256 hash chain). Test this policy with simulation mode before enforcing. SafeClaw evaluates each rule in sub-millisecond time with zero third-party dependencies, verified across 446 tests in TypeScript strict mode. The control plane at safeclaw.onrender.com sees only action metadata, never your content or keys.

Cross-References

Try SafeClaw

Action-level gating for AI agents. Set it up in your browser in 60 seconds.

$ npx @authensor/safeclaw