DocsGuidesBest Practices
Back to Docs
Guides

Best Practices

Recommended practices for safe, efficient, and cost-effective YeePilot usage

Last updated: February 27, 2026

Overview

YeePilot is a powerful tool for AI-assisted server management. These best practices will help you use it safely on production systems, manage costs effectively, and get the best results from every session.

Security First

Use Strict Mode on Production Servers

Always run with strict security mode on production servers. This blocks the most dangerous commands entirely and requires confirmation for everything else.

yaml
# ~/.yeepilot/config.yaml
security:
  mode: strict
 
ai:
  autonomy_profile: strict_review

With strict_review, every single command requires your explicit approval before execution. This gives you complete control over what happens on your server.

Review Every Command Plan

Even when a command is classified as SAFE, take a moment to verify it does what you expect. The AI is powerful but not infallible. A command that is safe in general might still be wrong for your specific situation.

Good habits:

  • Read the full command before approving.
  • Check file paths -- make sure the command targets the right files and directories.
  • Verify flags and options -- a misplaced flag can change a command's behavior entirely.
  • Consider side effects -- will this command restart a service? Modify a config file used by other applications?

Keep Audit Logs Enabled

YeePilot's audit log creates a tamper-evident record of every command executed. Keep it enabled for compliance, incident investigation, and accountability.

yaml
security:
  audit_log_path: "~/.yeepilot/audit.log"
  audit_max_size_mb: 10
  audit_max_archives: 50

On shared servers or in regulated environments, consider writing audit logs to a central location:

yaml
security:
  audit_log_path: "/var/log/yeepilot/audit.log"

Use Vault for Credentials

Store database passwords, API tokens, and other secrets in YeePilot's encrypted Vault rather than in plain configuration files or shell history.

yaml
vault:
  enabled: true
  start_locked: true
  auto_lock_duration: "15m"
  bruteforce_protection_enabled: true

The Vault automatically locks after a period of inactivity, protecting credentials if you step away from your terminal.

Getting Better Results from the AI

Use Think Mode for Complex Tasks

When working on multi-step tasks, debugging tricky issues, or planning infrastructure changes, enable extended thinking. This gives the AI more time to reason through the problem before responding.

plaintext
/think medium

Use the following as a guide:

Think LevelWhen to Use
offSimple, one-step commands (check disk space, list files)
lowStraightforward multi-step tasks (install a package and configure it)
mediumDebugging, troubleshooting, complex configuration changes
highArchitecture decisions, security audits, migration planning

Provide Context with /file

The AI works best when it understands your server's configuration. Use /file to attach relevant files to your session so the AI can reference them.

plaintext
/file /etc/nginx/nginx.conf
/file /etc/systemd/system/myapp.service
/file docker-compose.yml

Good files to attach:

  • Web server configurations (nginx, Apache, Caddy)
  • Docker Compose files
  • Systemd service definitions
  • Application configuration files
  • Error logs (attach the relevant portion)

Keep Context Focused

Set a reasonable conversation history limit to keep the AI focused on your current task rather than being distracted by earlier, unrelated work.

yaml
ai:
  conversation_max_history: 10

A history of 10 messages is a good default. Reduce it to 5 if you switch topics frequently within a single session, or increase it if you are working through a long, multi-step procedure.

Use Sessions to Organize Work

Start separate sessions for different tasks or servers. This keeps the AI's context clean and avoids confusion from mixing unrelated topics.

For example, run one session for "debug nginx 502 errors" and another for "set up monitoring." The AI performs better when the conversation stays focused on a single topic.

Managing Costs

Enable Token Saver Mode

If you want to reduce API costs, enable token saver mode. This shortens system prompts, compresses conversation history, and applies more aggressive context compaction.

yaml
ai:
  token_mode: saver

Token saver mode is especially effective during long sessions with many back-and-forth exchanges.

Choose the Right Model

Not every task needs the most powerful model. Use smaller, cheaper models for routine tasks and reserve larger models for complex problems.

Task TypeRecommended Model
Simple commands (restart service, check logs)gpt-4o-mini or similar
Configuration changes, debugginggpt-4o or claude-sonnet-4-20250514
Architecture planning, security reviewsgpt-4o with /think high

Reduce Output Truncation for Routine Tasks

If you primarily run simple commands, reduce the output truncation length to save tokens:

yaml
ai:
  output_truncate_length: 200

Increase it back to 500 or more when you need the AI to analyze longer command outputs like log files.

Operational Best Practices

Start with a Plan, Then Execute

For complex tasks, ask YeePilot to create a plan first before executing anything:

plaintext
Plan the steps to set up a PostgreSQL 16 replica on this server. Don't execute anything yet.

Review the plan, ask questions, and adjust before telling YeePilot to proceed. This approach is safer and often produces better results than diving straight into execution.

Update Regularly

Security patches and improvements are released frequently. Keep YeePilot up to date:

bash
yeepilot update

Enable automatic update checks so you are always notified when a new version is available:

yaml
update:
  auto_check: true
  check_interval_hours: 1

Test on Staging First

When using YeePilot for significant infrastructure changes, test the procedure on a staging server first. Even with strict security mode, it is good practice to validate the full workflow before applying it to production.

Use Sandbox Wisely

Keep the sandbox enabled at all times. It provides an essential safety net that limits the damage if something goes wrong.

yaml
sandbox:
  enabled: true
  use_namespaces: true  # Linux only
  network_access: true
  max_cpu_seconds: 300
  max_memory_mb: 512

For particularly sensitive operations, temporarily restrict sandbox permissions further:

yaml
sandbox:
  network_access: false  # Prevent accidental network calls
  denied_paths:
    - "/etc/shadow"
    - "/root/.ssh"

Quick Reference Checklist

Use this checklist when setting up YeePilot for a new server:

  • Install YeePilot and run yeepilot setup
  • Set security mode to strict for production
  • Set autonomy profile to guarded or strict_review
  • Enable sandbox with namespaces (Linux)
  • Configure credential storage (Keyring or Vault)
  • Enable audit logging
  • Set token mode to saver if cost is a concern
  • Attach relevant config files with /file
  • Enable auto-update checks
  • Test with a simple, safe command before starting real work
Previous

Windows Setup

Platform Setup

Next

Updates & Troubleshooting

Guides