OPSEC Guide for Users

This guide explains what Automac IT can see, what it sends to the AI, and how to use it safely. Every claim is verified against the actual source code. If you find a discrepancy, report it at github.com/beautifulplanet/Automac-IT/issues.

📄 Download as PDF

1. What Automac IT Can See

Automac IT runs diagnostic tools on your Windows PC using PowerShell. Here is the complete list of what those tools can access:

System Information

OS version, CPU model, RAM, and system uptime — same information visible in Settings > System > About.

Installed Programs

The list of installed programs from the Windows registry (HKLM uninstall keys). Same list you see in Settings > Apps.
It can search for a specific program by name.
It cannot read program files, settings, or data.

Running Processes

The top 20 processes by memory usage — same list in Task Manager.
It can see process name, PID, memory usage, and CPU time.
It cannot read what those processes are doing, their data, or their files.

Startup Programs

Programs that run when your PC boots — from registry Run keys and the Startup folder.
It can disable startup items (with your approval).

Disk and Files

Disk space on all drives — total, used, free.
File names and sizes in your user folders — it reads directory listings, not file contents. It sees report.docx (2.4 MB), not what's inside the document.
Temp folder sizes — how much space temporary files are using.
Disk health and SMART data — physical disk status and reliability counters.
The file finder is restricted to C:\Users, temp directories, and non-C drives. It cannot list files in C:\Windows, C:\Program Files, or C:\ProgramData.

Network

Network adapters, IP addresses, DNS settings — your network configuration.
Connectivity test — pings 8.8.8.8 and resolves google.com to check if internet works.
It cannot see your browsing history, network traffic, or what you're downloading.

Windows Services

List of all Windows services and their status (running, stopped, etc.).
It can restart services (with your approval).
System-critical services (lsass, rpcss, windefend, etc.) are protected and cannot be restarted.

Event Logs

Application, System, and Setup event logs — error and warning entries.
It cannot access Security logs or other restricted log channels.

Windows Update

Pending updates — checks what updates are available but not yet installed.

Custom PowerShell (Last Resort)

In rare cases, the AI may propose running a custom PowerShell command. This is always shown to you for approval.
Dangerous commands are blocked: formatting disks, deleting system files, creating users, downloading from the internet, invoking scripts, modifying boot records, and many more (40+ blocked patterns).

2. What Gets Sent to the AI

When Automac IT runs a tool, the raw output is shown to you in the chat window. Before that same output is sent to the AI provider, it is scrubbed — sensitive patterns are replaced with bracketed placeholders.

What the Scrubber Catches

Data Type	Example	Replacement
Windows username in paths	`C:\Users\JohnDoe\Documents`	`C:\Users\[user]\Documents`
Your username as a word	`Owner: JohnDoe`	`Owner: [user]`
Your computer name	`DESKTOP-ABC123`	`[computer name hidden]`
Private IPs	`192.168.1.105`	`[local IP hidden]`
Public IPs	`203.0.113.45`	`[IP hidden]`
IPv6 addresses	`fe80::1`	`[IPv6 hidden]`
MAC addresses	`AA:BB:CC:DD:EE:FF`	`[MAC address hidden]`
Email addresses	`john@example.com`	`[email hidden]`
Domain\account pairs	`CORP\jdoe`	`[domain\account hidden]`
API keys and tokens	`api_key=sk-abc123...`	`[secret hidden]`
Bearer tokens	`Bearer eyJ...`	`[token hidden]`
AWS access keys	`AKIAIOSFODNN7EXAMPLE`	`[AWS key hidden]`
Stripe keys	`sk_live_...`	`[Stripe key hidden]`
GitHub tokens	`ghp_xxxx...`	`[GitHub token hidden]`
JWTs	`eyJhbG...`	`[JWT hidden]`
Connection strings	`postgres://user:pass@host/db`	`[connection string hidden]`
PEM private keys	`-----BEGIN PRIVATE KEY-----`	`[private key hidden]`
Social Security Numbers	`123-45-6789`	`[SSN hidden]`
GUIDs	`550e8400-e29b-...`	`[ID hidden]`

What the Scrubber Does NOT Catch

Your full name — unless it matches your Windows username.
Physical addresses — street addresses are not detected.
Phone numbers — not currently in the rule set.
Medical information — domain-specific terms are not scrubbed.
Non-English patterns — the scrubber is designed for English-language Windows output.

This is why the scrubber is described as “best-effort” and not “guaranteed.”

⚠ Your Typed Messages Are NOT Scrubbed

This is intentional. The AI needs your exact words to understand your problem. If you type “my WiFi password is hunter2,” the AI provider receives exactly that text.

Tool output → scrubbed → AI sees placeholders
Your typing → NOT scrubbed → AI sees exactly what you wrote

Where Data Goes

AI provider: Your chosen provider (GitHub Copilot or Anthropic) receives the conversation. Their data retention policies apply.
Session logs: Saved locally on your machine. All text in session logs IS scrubbed. Logs are never transmitted.
No telemetry: Automac IT collects no usage data, analytics, or crash reports.
No accounts: No sign-up, no login, no user profiles.

⚠️ Recommended: Disable AI training on your chats

If you use GitHub Copilot as your AI provider, your conversations may be used by GitHub to improve their models unless you opt out.

To opt out: Open VS Code → Settings (Ctrl+,) → search for github.copilot.chat.codeGeneration.useCodeSnippetsOnServer and uncheck it. Also go to github.com/settings/copilot → uncheck “Allow GitHub to use my code snippets from the code editor for product improvements.”

This is a GitHub setting, not an Automac IT setting. We recommend disabling it unless you’re comfortable contributing your diagnostic conversations to AI training data.

3. What the AI CANNOT Do

Automac IT's tools have hard-coded restrictions. The AI cannot bypass these regardless of what it says or what you ask:

Cannot access the internet — all download commands are blocked.
Cannot install software — no package managers, no MSI/EXE execution.
Cannot modify system files — Remove-Item targeting \Windows, \System32, or \Program Files is blocked.
Cannot format or partition disks — all disk formatting commands are blocked.
Cannot create or modify user accounts — net user, New-LocalUser are blocked.
Cannot modify boot configuration — bcdedit and bcdboot are blocked.
Cannot execute scripts — Invoke-Expression, .ps1 execution are blocked.
Cannot spawn sub-shells — powershell.exe, cmd.exe /c are blocked.
Cannot kill system-critical processes — csrss, lsass, winlogon, explorer, and more are protected.
Cannot uninstall protected programs — Windows Defender, GPU drivers, antivirus products, and Automac IT itself.
Cannot restart protected services — lsass, rpcss, windefend, and other critical services.
Cannot shut down or restart your PC.

4. Safe Practices When Chatting — The 30 Rules

Privacy — The Never Share List (Rules 1–6)

Never paste passwords, API keys, or tokens into chat.
Never paste credit card numbers, SSNs, or bank account numbers.
Never paste medical records, prescriptions, or diagnoses.
Don't paste full names + addresses together — the combination creates PII.
Assume anything you type to the AI leaves your machine. Tool output is scrubbed. Your typing is not.
If you pasted something sensitive by accident, start a new session.

File Safety — The Always Check List (Rules 7–11)

Always review the full preview before clicking Apply on a file move.
Always verify a duplicate is actually identical before deleting — same size ≠ same contents.
Never run a destructive tool on a folder you don't recognize.
If a file path is in a system folder, don't touch it.
Rollback exists, but assume it might fail — act like there's no undo.

AI Fallibility — The Don't Trust, Verify List (Rules 12–16)

The AI can be confidently wrong. Confidence ≠ correctness.
If the AI says a fix worked, verify the original problem is actually gone.
If the AI suggests something that feels wrong, it probably is.
Never let the AI make the same suggestion twice without checking why the first attempt failed.
If the AI hits the loop limit, stop. Don't just restart it.

Destructive Tools — The Slow Down List (Rules 17–20)

Read the confirmation banner. Every time. Even the tenth time.
If you're tired, annoyed, or in a hurry, close the helpdesk.
One destructive action at a time. Finish, verify, then next.
If you don't understand what a tool does, don't approve it.

Reporting — The Before You Share List (Rules 21–24)

System reports contain info about your machine. Review before sharing publicly.
Never post a full report on a forum or social media without redacting.
IT support and technicians are fine. Public posts are not.
Screenshots of error messages are safer than raw logs.

Redundancy — The IT Habits List (Rules 25–30)

Before a big operation, make sure your important files are backed up.
If you're not sure, back out and ask. Aborting is free. Undoing is expensive.
Slow is smooth. Smooth is fast. Rushed is broken.
Critical claims get two checks.
Changes to system settings should be reversible.
When in doubt, don't.

5. File Organization Safety

Preview Mode

Every file operation shows a preview first. You see every file that will be moved, where it's coming from, and where it's going. Nothing happens until you approve.

Rollback

After a file operation, a rollback log is saved as a JSON file recording every move (source → destination). You can use this to reverse the operation.

But rollback is not a guarantee:

If the destination file was modified after the move, rollback overwrites those changes.
If the original location was deleted or renamed, rollback fails for that file.
If the system crashed during the operation, some files may have moved and others may not.
If the JSON log file is corrupted, rollback cannot recover.

Act like there's no undo.

What to Do If Something Goes Wrong

Don't panic. Most file moves are harmless — the file still exists, just in a different location.
Try rollback first — it works for the majority of cases.
If rollback fails, the rollback log tells you where each file went. You can move them back manually.
If you can't find a file, check the Recycle Bin.
This is why Rule 25 says to back up before big operations.

6. Security Audit Interpretation

Open Ports

An “open port” means a program on your PC is listening for network connections.
Normal: Port 80/443 (web browser), port 3389 (Remote Desktop), port 445 (file sharing).
Concerning: Ports you don't recognize, especially from unknown programs.
What to do: Don't close ports blindly. Ask the AI which program is using it.

Firewall Status

Windows Firewall should be ON for all profiles (Domain, Private, Public).
If it's OFF, investigate — but third-party firewall software may be the reason.

Windows Update

Missing updates are flagged because they may contain security patches.
Security updates are more critical than feature updates.
The AI may overstate urgency — install updates at a convenient time.

The AI's Interpretation

The AI reads the raw audit results and provides its assessment. This assessment is an opinion, not a fact.
Cross-check concerning findings with a web search or a trusted technician.

7. Export Report Safety

The report contains system details — installed programs, processes, disk usage, network info.
Sharing with IT support or a trusted technician is appropriate.
Posting publicly requires care — the report may contain your network configuration and file paths.
The scrubber is applied to session logs but NOT to exported reports. Review manually before sharing.
Screenshots of specific sections are safer than the full report.

8. Your Rights and Controls

Data Control

Disable PII scrubbing: You can turn it off if you prefer unredacted AI output. Not recommended.
Delete session logs: They're local files. Delete them anytime.
Choose your AI provider: GitHub Copilot or Anthropic. Each has their own data retention policy.
No data collection: No telemetry, no analytics, no crash reports.

What You Can Ask the AI

“What tools do you have?” — lists all diagnostic and repair tools.
“What can you see?” — the AI will describe its capabilities.
“What did you scrub?” — the Safety Helper panel shows what was redacted.
“Explain this in simpler terms” — always valid.

License

One-time $25 purchase. Use on up to 3 Windows PCs.
Updates included for as long as the product is actively maintained.
No subscription. No recurring charges.

Verified against Automac IT source code. Last updated: 2026-04-18. Version: v0.9.1