Module 7 · Security Best Practices

Why This Module Matters

DaisiBot can run commands, access files, and interact with external services through tool groups. That power comes with responsibility. A misconfigured agent or a malicious skill can cause real damage. This module covers every layer of defense.

1. Authentication

DaisiBot uses a two-step OTP (one-time password) flow:

1. Request – Enter your email or phone number. The system sends a verification code.
2. Verify – Enter the code. On success, DaisiBot receives a ClientKey (token) that is persisted in SQLite.

The AuthState tracks: ClientKey, KeyExpiration, UserName, AccountName, AccountId, and UserEmail. An IsAuthenticated computed property checks that the key exists and hasn't expired.

Best practices:

• Never share your ClientKey or paste it into a chat.
• Log out when using shared machines (the token persists in the SQLite database).
• If you suspect your key is compromised, re-authenticate to rotate it.

2. Tool Group Permissions

Tool groups are the primary access-control mechanism for agent capabilities. DaisiBot distinguishes between Standard and Elevated groups via the ToolPermissions class.

Best practices:

• Only enable tool groups a conversation or bot actually needs.
• Default new conversations to Basic think level (no tools) until you need them.
• Review elevated group usage regularly, especially for long-running bots.

3. Skill Review & Trust

Skills inject system prompts that can influence everything the agent does. Treat them like third-party code.

• Review before installing – Read the skill's description, required tool groups, and (when possible) the system prompt template. If a "productivity" skill requests the Coding and File tool groups, ask why.
• Trust the review pipeline – Only Approved skills appear in the public marketplace. But approval is a filter, not a guarantee.
• Prefer minimal permissions – If two skills do similar things but one requires fewer tool groups, choose the simpler one.
• Audit your installed skills – Periodically check your installed skills and remove skills you no longer use.

4. Protecting Keys & Secrets

• The SQLite database contains your ClientKey and settings. Treat the database file like a password store.
• Never commit the database file to version control.
• If you run DaisiBot.Web in production, ensure the Cosmos DB connection string and cookie encryption keys are stored in a secrets manager (not in appsettings.json).
• ORC connection settings include the domain and port — in a private network, keep these internal.

5. Network Security

• Always use TLS – Keep OrcUseSsl = true for all gRPC connections to the orchestrator.
• Host mode exposure – If you enable NetworkHostEnabled to serve inference to others, understand that your machine will process prompts from other users on the network. This does not expose your filesystem, but it uses your compute.
• Firewall the gateway – Never expose the local inference endpoint directly to the public internet. Let the ORC handle routing.

Security Checklist

☐	Only enable tool groups you need per-conversation
☐	Review every skill's required permissions before installing
☐	Protect your SQLite database file (it contains your auth token)
☐	Keep OrcUseSsl = true for all network connections
☐	Store production secrets in a secrets manager, not config files
☐	Periodically audit and remove unused installed skills
☐	Never expose local inference endpoints to the public internet
☐	Log out on shared machines

Active Recall Checkpoint

Cover the answers and test yourself before peeking.