In 2025 an AI agent deleted a live production database during a code freeze. "The agent panicked" is not an acceptable post-mortem. palaheal is the open-source skills โ hooks, audits, sub-agents, verify loops โ that let an agent author your codebase without destroying data, crossing a tenant boundary, or shipping a CVE. Plus a community that teaches you how.
The pillar post + the production-safety starter kit, the moment you sign up. First access when repo-audit slots and the cohort open.
Starts with the AI agent that deleted a production database during a code freeze โ then the six guardrails that make that failure class impossible: the blast-radius CLAUDE.md, hooks that refuse destructive commands, a tenant-scope linter, a security-reviewer sub-agent, two-tenant verification, and the safety signal worth watching.
Read the post โYou run a multi-tenant product with real paying customers. Claude writes a lot of your code. One missed WHERE tenant_id is a data breach, not a bug โ and you need that to be structurally impossible, not a thing you remember to check.
You're letting agents touch a production codebase with real data. You need guardrails you can defend in code review: hooks that block destruction, reviews that hunt for cross-tenant leaks, a verify step that actually proves isolation.
There are dozens of courses on shipping faster with AI agents. There are almost none on the question that actually matters when you have paying customers: how do you let an agent move fast through a multi-tenant codebase without it leaking one tenant's data into another's โ or deleting it all? That gap is this.
Every guardrail here is mined from running a real multi-tenant SaaS with Claude Code daily โ and from the public post-mortems of teams that learned the hard way. If a module references a hook, you'll see the hook refusing a destructive command on screen, in a real repo, with real output.
That's the sharp end. But the guardrails โ hooks that refuse destruction, dev/prod isolation, a security-reviewer sub-agent, verify-before-done โ protect any codebase with production data and real users. If a mistake by your agent reaches a customer, this is for you. Multi-tenant is just where the stakes are highest.
Because that's exactly what the team in the Replit incident did โ and the agent did it anyway, during a freeze. A prompt is a request. A hook is a control. This is the difference between hoping and enforcing.
The audit is me, live, installing these guardrails on your actual repo in about two hours โ fastest path if you have customers now and want it handled. The course teaches you to do it yourself, at your pace, built from real audits. Start with whichever fits.
No. This assumes you're past "hello world" and asks the harder question most setups ignore: what stops the agent the day it decides a destructive command is a good idea? If you can't answer that with a hook, there's something here for you.
The principles are stack-agnostic; examples lean on common setups (Postgres/RLS, a Python or TypeScript API, a background-job queue). You'll adapt the hooks to your stack in module 2 โ they're short, readable scripts, not a framework.
Sign up, get the pillar post and the guardrail starter kit immediately. You'll get first access โ and founder pricing โ when repo-audit slots and the first cohort open.