Concepts
Spellbook exists because of a handful of ideas about access that are old, well understood, and almost never applied. These pages explain them plainly, with their sources, whether or not you ever use anything we build.
- Blast radiusBlast radius is how much of a system one action, one credential, or one mistake can damage. How to measure it, why it grows, and how to make it smaller.
- Least privilegeLeast privilege means every user, process, and agent holds the minimum access its job requires. The principle is fifty years old. Applying it is still hard.
- Standing accessStanding access is permission that persists when nobody is using it. Credential abuse appears in 39% of breaches (Verizon DBIR 2026). Why rotation is not enough.
- Excessive agencyExcessive agency is an AI agent holding more functionality, permission, or autonomy than its task needs. OWASP ranks it a top-ten LLM risk as LLM06.
- Self-service opsSelf-service ops lets developers run the operational actions they need without a ticket and without cluster access. Most implementations only manage one of the two.
The spells are these ideas, made into commands.
One short command, one bounded effect, no credential on anybody's laptop. Spellbook is not open yet.