Safety Architecture

Your server is safe.
Here's exactly why.

AI managing production servers sounds scary. It should. That's why we built 7 independent safety layers between SAM's AI and your server. Any single layer can prevent damage.

Our core safety principle

“Assume the AI is wrong until proven right.”

Every command SAM proposes is treated as untrusted. Before it reaches your server, it must pass through 7 independent checks — none of which use AI. Pure logic, database lookups, and your explicit rules.

The 7-Layer Safety Pipeline

Every command passes through all 7 layers. If any layer rejects it, the command never reaches your server.

Layer 1Structured Output

Layer 2Grounded in Real Data

Layer 3Reality Validation

Layer 4Confidence Gate

Layer 5Blocked Commands

Layer 6Risk + Mode Check

Layer 7Agent Blocklist

Command reaches your server

How each layer protects you

Structured Output

SAM can only respond in a strict format. No free-text commands. Every suggestion must include the exact command, risk level, what it does in plain English, and how to undo it.

If SAM's response doesn't match the expected format, it's rejected automatically and escalated to you.

Grounded in Real Data

SAM doesn't guess what's on your server. It sees real data collected by the agent: which services are running, which packages are installed, which configs exist.

If nginx isn't in the agent's discovery data, SAM cannot suggest nginx commands. The AI only works with facts, not assumptions.

Reality Validation

Before checking permissions, we check truth. Does the command reference software that actually exists on your server?

apt install on AlmaLinux blocked (wrong package manager)

redis-cli but no Redis installed blocked

systemctl restart nginx and nginx is running passes

This check uses zero AI — it's a simple database lookup comparing the command against your server's real state.

Confidence Gate

SAM reports how confident it is in every diagnosis. We use that signal — but we don't blindly trust it.

Above 80% — proceed normally

50-80% — you must approve (even in autopilot)

Below 50% — SAM stops and says “I'm not sure — take a look”

When SAM doesn't know, it tells you. No guessing on your production server.

Blocked Commands

Dangerous patterns are blocked at the platform level before they ever reach your server. You can also add your own custom blocks.

rm -rf / · mkfs · dd if=/dev/zero · fork bombs · chmod 777 /

Add your own: “never run DROP DATABASE on db-01” — SAM will refuse even if it thinks it should.

Risk Scoring + Your Rules

Every command gets a risk score — not from AI, but from pattern matching we control:

read Viewing logs, checking status

low Restarting a service

medium Installing packages, stopping services

high Firewall rules, user management

destructive Deleting files, formatting disks

You choose which risk levels SAM can auto-execute. Destructive commands can never be auto-executed, regardless of settings.

Agent-Side Blocklist

The final safety net lives on your server itself. Even if our entire platform were compromised, the agent has its own hardcoded blocklist that cannot be overridden remotely.

This is the same principle as a circuit breaker in your house — it protects you regardless of what happens upstream.

Automatic Rollback

Every fix command includes a rollback plan. For config changes, SAM backs up the file first, tests the new config, and auto-restores if the test fails.

If a fix makes things worse, SAM detects it and rolls back — before you even notice.

What SAM can never do

Auto-execute destructive commands (delete, format, shutdown) — always requires your approval

Run commands in Observe mode — SAM can only read and report

Override your custom blocked commands list

Bypass the agent-side blocklist — it's hardcoded in the binary

Access other customers' servers or data — strict tenant isolation

Send your server data to any third party

Act when confidence is below 50% — SAM stops and asks you

You control the autonomy level

Start with zero autonomy. Give SAM more power as you build trust.

Observe

SAM monitors, investigates, and reports. No commands executed. Your server is read-only to SAM.

Perfect for: evaluating SAM, critical production servers, compliance-sensitive environments.

Guided

Recommended

SAM proposes actions with full context. You see every command, its risk level, and rollback plan. You click approve or reject.

Perfect for: most servers, teams who want AI assistance with human oversight.

Autopilot

SAM auto-executes within your defined boundaries. You set which risk levels are allowed. Destructive commands always need you.

Perfect for: routine servers where SAM has proven itself through Guided mode.

Trust through transparency

Every command is logged

Complete audit trail: what was executed, when, on which server, who approved it, what the result was. Both on our platform and locally on your server.

Cryptographic identity

Each agent has a unique Ed25519 keypair. The private key never leaves your server. No shared passwords, no API keys, no tokens to leak.

Minimal permissions

The agent runs as an unprivileged user with specific sudo rules. It can restart nginx but can't create users or modify firewall rules unless you explicitly allow it.

No inbound ports

The agent connects outbound to our platform. Your server needs zero open ports for SAM. Works behind NAT, firewalls, and restricted networks.

How SAM compares

Safety Feature	ServerAdmin.ai	ChatGPT + SSH	Traditional Monitoring
Command risk scoring
Reality check against server state
AI confidence gate			N/A
Audit trail of every action
Automatic rollback
Destructive command protection			N/A
Per-command approval workflow
Agent-side safety blocklist			N/A
Understands YOUR server

Common safety questions

What if the AI hallucinates a command?

Every command is checked against your server's real state before execution. If SAM suggests restarting a service that doesn't exist, or using the wrong package manager for your OS, the reality checker blocks it. This check uses zero AI — it's a simple database comparison.

Can SAM accidentally delete my data?

Destructive commands (rm, mkfs, dd, etc.) are blocked at multiple levels: the platform blocklist, the risk classifier (marks them as "destructive"), and the agent-side blocklist. Even in autopilot mode, destructive commands ALWAYS require your manual approval. There is no setting to change this.

What if SAM is wrong about a diagnosis?

If SAM's confidence is below 50%, it stops and tells you it's not sure. Between 50-80%, it requires your approval even in autopilot mode. And every diagnosis shows the evidence it's based on — you can verify before approving any action.

What if your platform gets hacked?

The agent has its own hardcoded safety blocklist that cannot be overridden by the platform. Even in a worst-case scenario, the agent refuses to execute dangerous patterns. Additionally, the agent uses cryptographic keys (not passwords) — compromising the platform doesn't give access to your server.

Can I completely disable command execution?

Yes. Set SAM to Observe mode and it can only read and report — it cannot execute any commands. Many customers start in Observe mode to evaluate SAM before giving it any execution permissions.

How do I remove the agent?

Run our one-line uninstall script. It removes the binary, config files, keys, logs, sudoers rules, and system user. Nothing is left behind. No lock-in.

See for yourself

Start with Observe mode. Watch SAM investigate without touching anything. Upgrade to Guided when you're ready.

Connect Your First Server Free

Your server is safe.Here's exactly why.