[Bug] Legitimate infrastructure activity incorrectly flagged as security violation

Open 💬 0 comments Opened Jun 12, 2026 by etergrowth-account

Bug Description
This session was flagged but the activity is entirely legitimate infrastructure and product work for my own company (Eter Growth). Context for whoever reviews this:

All server access was to infrastructure I own — an OVH dedicated server and a Hostinger VPS on my company's accounts, authenticated with my own SSH keys and my own OVH API token that I generated during the session. The "rescue mode" boot, IPMI/Serial-over-LAN console access, and the disk-mount to add my SSH key were all standard, documented OVH recovery procedures performed on my own machine because I'd lost the root password — not intrusion. The OVHcloud Shell commands (baremetal ipmi, list-secrets, etc.) are the vendor's own official CLI operating on my own service.

What might have looked unusual but isn't:

  • SSH key installation across my own servers — moving between my OVH box and my VPS to migrate a client dashboard. The assistant correctly refused to add a cross-host root key without explicit authorization, which is the right behavior.
  • Reading credentials from .env / _apis/ — these are my own project secrets; the assistant consistently masked them and never printed values to the chat.
  • Recreating Docker containers and editing nginx/DNS — routine deployment of my own apps (a client dashboard "Brindouro" and 5 internal product demos) onto my own server, with my Cloudflare token on my own zone.

No third-party systems were accessed, nothing was exfiltrated, and every destructive action (container removal, DNS change, rescue reboot) was explicitly authorized by me beforehand. This is a normal day of running a software/marketing company's infrastructure.

Environment Info

  • Platform: darwin
  • Terminal: vscode
  • Version: 2.1.173
  • Feedback ID: 1f8970e2-0c90-4f66-87da-b7ad395b179c

Errors

[]

View original on GitHub ↗