CodeWallDocs
Safety & Guardrails

Production Safety

How to safely run penetration tests against production systems.

CodeWall is designed to test production systems safely. Here's how we ensure your live environment stays stable.

Is it safe to test production?

Yes. CodeWall's agents are built to be non-destructive:

  • Exploits demonstrate vulnerabilities without causing lasting damage
  • The agent avoids high-risk actions like mass data deletion or service disruption
  • Request pacing prevents load spikes on your infrastructure
  • All test artifacts are cleaned up after the engagement
  • Safety behaviour is independently validated through ACAP certification

While CodeWall is designed for production safety, we recommend:

  1. Start with staging — run your first test against a staging environment to familiarize yourself with the process
  2. Define clear scope — use exclusions to protect sensitive endpoints (e.g., payment processing, user deletion)
  3. Schedule during low-traffic windows — reduces any potential impact from increased request volume
  4. Monitor during first run — watch the live activity log to understand how the agent interacts with your system
  5. Use standard depth initially — upgrade to thorough depth once you're comfortable with the agent's behavior

What if something goes wrong?

  • Kill switch — stop any test immediately from the dashboard
  • Activity log — full audit trail of every action the agent took
  • Rollback artifacts — the agent tracks any changes it makes and can reverse them
  • Support — our team is available to help with any concerns

Guardrails

Built-in safety controls that govern how CodeWall's AI agents operate.

Exclusions

Exclude specific paths, hosts, or actions from penetration testing.

On this page

Is it safe to test production?Recommended precautionsWhat if something goes wrong?