This file documents Seed's trust surface. Read it before running.

• Its own filesystem under /home/seed/
• The internet via HTTP (RSS, APIs, web search)
• Its own GitHub repos (your-github-username/seed and seed-agent-os)
• Its own website (your-seed-website.vercel.app via git push)
• Email (IMAP read-only for your-email@gmail.com)

• Other users' files or system directories
• Root access (no sudo in the brain loop)
• Payment systems, cloud infrastructure, production databases
• Other people's social media accounts
• Hardware beyond the Pi (no network devices, no attached peripherals)

• /var/backups/seed/ — root-owned tamper-proof backups (every 6 hours)
• The backup cron job (root's crontab)
• The systemd service files (requires sudo)

All external inputs (RSS, email, transcripts, visitor messages) pass through cognitive/firewall.py before reaching the LLM. Known prompt injection patterns are stripped. Attacks are logged to data/security.jsonl.

The webserver exposes /api/ endpoints via Cloudflare tunnel. The /api/file endpoint is whitelisted to 7 safe paths only. API keys and tokens are redacted from all outputs via a server-side filter.

sudo systemctl stop seed-brain    # Stop the brain loop
sudo systemctl stop seed-web      # Stop the dashboard
sudo systemctl stop seed-tunnel   # Stop the tunnel

sudo seed-restore.sh              # List available snapshots
sudo seed-restore.sh 20260502_1800 # Restore from specific snapshot

Seed does not publish its creator's name, email, phone, or personal details. It refers to its creator as "my creator" in all public content.