Skip to main content

Best Practices

This guide covers security recommendations, workflow optimization, and tips for getting the most out of Calmo Local Bridge.

Security Recommendations

Command Approval

Review Before Approving

Always read the full command before clicking Allow once. Understand what it will do before execution.

Understand Risk Levels

Pay attention to risk indicators:
  • 🟢 LOW = Safe reads
  • 🟡 MEDIUM = State changes
  • 🔴 HIGH = Potentially dangerous

Setting Up Auto-Approve Patterns

Use Always Allow strategically for low-risk, frequently-used commands: Good patterns to auto-approve: 
kubectl get
kubectl describe
kubectl logs
git status
git log
ls
cat
pwd
Patterns to avoid auto-approving: 
kubectl delete
kubectl apply
rm
git push
terraform apply
Start with a minimal set of auto-approved commands and add more as you build confidence in the patterns you use regularly.

Workspace Configuration

When configuring Local Workspaces:
  1. Add only necessary directories - Don’t add your entire home directory
  2. Scope to project folders - Add specific Git repos or project roots
  3. Review periodically - Remove workspaces you no longer need
Good: 
/Users/you/projects/frontend
/Users/you/projects/backend
/Users/you/infra/terraform
Avoid: 
/Users/you
/
/etc

MCP Server Security

  • Only install trusted MCP servers - Review the source before adding
  • Keep API keys secure - Don’t share your mcp.json file
  • Monitor server activity - Check logs for unexpected behavior
  • Remove unused servers - Disable or delete servers you don’t use

Workflow Optimization

Effective Prompting

Be specific when asking Calmo to run commands: Good prompts:
  • “Check the logs for the api-server pod in the staging namespace”
  • “Show me the last 50 lines of logs from the frontend deployment”
  • “List all pods in CrashLoopBackOff state across all namespaces”
Less effective:
  • “Check the logs” (which pod? which namespace?)
  • “What’s wrong with my cluster?” (too vague for targeted commands)

Batch Operations

For multiple related operations, ask Calmo to handle them sequentially: 
"First, check the pod status in the production namespace.
Then, describe any pods that aren't running.
Finally, show me the logs from the failing containers."
Calmo will queue the commands, and you can approve them in batch or individually.

Using Command History

The Command History in the Bridge tab is useful for:
  • Auditing - Review what commands were run in a session
  • Learning - See what commands Calmo uses for common tasks
  • Debugging - Identify failed commands and their context
Click the expand arrow (▸) on any command to see its full output.

Leveraging MCP Servers

Extend your capabilities with MCP servers:
Use CaseMCP Server
Look up library documentationcontext7
Access Mastra.ai docs and examples@mastra/mcp-docs-server
Complex problem-solving@modelcontextprotocol/server-sequential-thinking

Development Workflows

Kubernetes Debugging

A typical debugging session:
1

Get Overview

Auto-approve kubectl get patterns for quick status checks
2

Deep Dive

Use kubectl describe and kubectl logs (also safe to auto-approve)
3

Take Action

Manually approve any kubectl delete, kubectl apply, or kubectl scale commands

Infrastructure Changes

For Terraform or Kubernetes manifest changes:
  1. Preview first - Run terraform plan or kubectl diff (safe)
  2. Review carefully - Understand what will change
  3. Apply intentionally - Manually approve all apply/create/delete operations

Git Operations

Safe to auto-approve:
  • git status, git log, git diff, git branch
Manually approve:
  • git commit, git push, git merge, git checkout

Performance Tips

Keep Bridge Running

The bridge maintains state and history. Keep it running in the menu bar/system tray for:
  • Faster reconnection if the web connection drops
  • Persistent command history
  • Continued MCP server connections

Minimize Pending Commands

Don’t let commands queue up indefinitely. Either:
  • Approve/deny them promptly
  • Set up appropriate auto-approve patterns
  • Deny commands you don’t need

Regular Log Cleanup

The Logs tab can grow large. Click Clear periodically if you don’t need historical logs.

Team Usage

If multiple team members use Local Bridge:
  • Individual pairing - Each person pairs their own machine
  • Shared patterns - Document your team’s auto-approve patterns
  • Security policies - Establish guidelines for what’s safe to auto-approve
  • MCP standards - Share MCP configurations across the team

What to Avoid

Don’t do these:
  • Auto-approve destructive commands (rm, kubectl delete)
  • Add your entire home directory as a workspace
  • Share your mcp.json with API keys
  • Approve commands you don’t understand
  • Leave sensitive commands pending indefinitely

Quick Reference

Risk Assessment Matrix

Command TypeRiskAuto-Approve?
Read operations (get, list, describe, logs)Low✅ Recommended
Status commands (status, diff, plan)Low✅ Recommended
Write operations (apply, create, scale)Medium⚠️ Case by case
Delete operations (delete, rm, destroy)High❌ Never
Generic commands (exec, run)Variable❌ Manual review

Workspace Scope Guidelines

ScopeRecommendation
Single project✅ Ideal - minimal access
Multiple related projects✅ Good - grouped by purpose
Entire code directory⚠️ Broad - consider splitting
Home directory❌ Too broad - avoid
System directories❌ Unnecessary risk
For additional guidance, contact our support team at [email protected].