name: adom-security description: Critical security rules for every Claude Code running on an Adom container. Read proactively before posting anything to an external destination (Google Chat, Slack, email, public wiki, GitHub issue/PR/comment, any URL outside the container). Covers secret-shaped identifiers that must NEVER leak — container slugs, Docker hostnames, internal service URLs, tokens, webhook URLs — and the safe alternatives (user name + repo name). Trigger words: post, message, notify, alert, chat, gchat, email, webhook, announce, share, publish, comment, tweet, send to, attribution, security, identity, leak, redact, safe to share.
adom-security — what Claude MUST NOT reveal outside the container
Every Adom container has identifiers that behave like passwords. Leaking them into a chat message, GitHub comment, wiki page, log file that might be shared, or any other outward-facing surface lets anyone construct internal URLs and reach services that were supposed to be private.
Before any outbound post, run the checklist below. This is a HARD rule — not a stylistic preference.
🚫 NEVER include in outbound messages
| Value | Example | Why it's sensitive |
|---|---|---|
| Container slug | 8v0y8o3547h2, rk6euj7525tq | Part of `adom-cli carbon containers current |
| Docker short hostname | 27bd9735b059, c1c0a59c279a | The value of $(hostname) inside a container. Sometimes exposes the slug (or a sibling ID that works the same way) via the /proxy/PORT/ URL pattern. Treat identically to slug. |
| Coder / container internal URL | https://coder.john-service-jlcpcb-9a8b6c0328533a9b.containers.adom.inc/... | Contains the slug fragment. Anyone with the URL can attempt auth against the internal service. Especially sensitive for service-* containers that may not require auth on every endpoint. |
| Auth tokens / bearer strings | WIKI_AUTH_TOKEN, ADOM_WIKI_TOKEN, any gh PAT, any API key, chat.googleapis.com/.../?key=...&token=... webhook URL | Obvious. But webhooks are easy to accidentally paste; they carry their own token in the query string. |
| OAuth refresh tokens / client secrets | Values from ~/.config/gchat-oauth.json, .env files | Full account takeover potential. |
| Absolute paths that reveal usernames of other people | /home/noah/... when posting from an automated script | Minor but preferred. |
✅ SAFE to include
| Value | Source | Example |
|---|---|---|
| Adom user name | adom-cli carbon user get | jq -r .name | john |
| Display name | adom-cli carbon user get | jq -r .display_name | John Lauer |
| Repo name | adom-cli carbon containers current | jq -r .repository.name | galliaApril |
| Repo owner name | adom-cli carbon containers current | jq -r .repository.owner.name | john |
| Public domain URLs | (these don't embed slugs) | wiki-ufypy5dpx93o.adom.cloud, adom.inc |
These are not secrets — they're the equivalent of "name and team" and are already visible to anyone on the platform.
Canonical attribution format
When posting automated messages to any channel (Google Chat via kel, Slack, email, a GitHub comment, wiki page, etc.), attribute to the user and (if useful) the repo, never the slug or hostname:
- Short form:
on behalf of john - With repo:
on behalf of john via galliaApril - Kel-specific:
*Kel (on behalf of john)*or*Kel (on behalf of john via galliaApril)*
The kel CLI does this automatically. If you're writing a script that posts to any other outward channel, follow the same pattern — don't roll your own $(hostname) tag.
Where to get safe identifiers
Preferred — read the cached identity file populated by gallia/install.mjs:
python3 -c "import json; d=json.load(open('/home/adom/.config/adom-identity.json')); print(d['user'], d['repo'])"
Fallback (slower, makes a network call):
adom-cli carbon user get | jq -r .name
adom-cli carbon containers current | jq -r .repository.name
If neither works, do not post — omit the message or fail loudly. Don't substitute in $(hostname).
Common mistakes Claude Code makes (and must avoid)
- Reflexively using
$(hostname)as "the container name". Docker's short hostname is derived from the container ID, which is slug-equivalent. Use the identity file instead. - Pasting the current terminal path/context into a bug report.
~/project/gallia/...is fine;/proxy/8785/...URLs with slug fragments are not. - Including a coder container URL in a public wiki page or GitHub issue. The URL is clickable-proof-of-access to your internal services. Always rewrite to the public domain (e.g., the wiki's
wiki-ufypy5dpx93o.adom.cloud) or drop the URL entirely. - Echoing a webhook URL back to the user in an outward channel. The URL itself is the auth token. Keep it in private config files only.
- Writing logs/alerts that include the slug, then sending the log to chat. Tail-and-post workflows need to redact first:
sed -E 's/[a-z0-9]{16}\.containers\.adom\.inc/REDACTED.containers.adom.inc/g; s/[a-f0-9]{12}/REDACTED/g'.
Redaction helper (use before posting raw log contents)
# Redact likely slugs + coder URLs from piped input before posting.
redact() {
sed -E \
-e 's#coder\.[a-z0-9-]+\.containers\.adom\.inc#REDACTED-container-url#g' \
-e 's#\b[a-f0-9]{12}\b#REDACTED-hostname#g' \
-e 's#\b[a-z0-9]{12,16}\.adom\.cloud#REDACTED-container.adom.cloud#g' \
-e 's#key=[A-Za-z0-9_-]+#key=REDACTED#g' \
-e 's#token=[A-Za-z0-9_.-]+#token=REDACTED#g' \
-e 's#Bearer [A-Za-z0-9_.-]+#Bearer REDACTED#g'
}
tail -20 /var/log/build.log | redact | kel --stdin
When in doubt
If you're about to post something outward and you're uncertain whether a string might be a slug, token, or internal-only URL — redact it. A message with one REDACTED blob that reaches the reader is strictly better than the one where a slug leaked and later had to be rotated.
This rule is non-negotiable across every channel, every user, every container. If you see a prior message in the current conversation where Claude leaked an identifier, flag it to the user immediately so they can rotate (the webhook URL, the token, or if necessary the container itself).