Module 2 · Lesson 2.5

Safe defaults: cost, privacy, and a posture you’ll actually keep.

Module 2 ends here. You’ll turn the rules you’ve been collecting into two short, written postures — the kind that survive a deadline. By the end you’ll have a frozen workstation-posture artifact in your /capstone/ folder.

Stage 1 of 3

Read & Understand

5 concept blocks

Why “posture” beats “rules” CORE

You could walk out of Module 2 with a long list of rules — never commit a key, always set a cost cap, turn off Wi-Fi to test local, never upload my journal to cloud. Rules are useful. They are also easy to forget under pressure. The minute you are pushing a deadline, the rule you broke is the rule that mattered.

A posture is different. A posture is a short, written commitment about how you work — specific enough to act on, general enough to survive new tools and new tasks. It is the thing you read to yourself at the start of a new project and ask: does what I am about to do match what I said I do?

Two postures matter for Module 2: a cost posture and a privacy posture. You will write both today and freeze them as the second artifact in your /capstone/ folder. Every Module-onward recipe will carry a “Safe default” callout; those callouts have teeth only if you already know what your own default is.

Your cost posture, in four lines CORE

A cost posture answers: how much am I willing to spend, how will I know before I get there, and what do I do when a bill surprises me?

Four lines, fill them in:

  1. Monthly cost ceiling, per provider, in dollars. Pro-only students: write your subscription fee here ($20/month or whatever Pro currently costs). API-path students: this is the hard cap you set in the developer console in Lesson 2.4 ($5–20/month is a sensible starting point).
  2. How I know I am approaching it. Most providers email when you cross 50%, 75%, 90% of your cap. Confirm the email address on your account is one you actually read. If your provider does not send warnings, check your usage dashboard once a week; put it on a calendar.
  3. What I do when I hit it. Two real choices: raise the cap (you underestimated; that is fine if the work is real) or stop and audit (you had a loop going sideways; never raise a cap without knowing why you hit it). Writing this line in advance prevents the “quickly raise cap to unblock myself” reflex that drains accounts.
  4. High-volume rule. For any task you plan to run repeatedly (scheduled agent, batch processing, anything hitting the API dozens of times per hour), you commit to a dry run on a small sample first, with a paper estimate of the total cost before scaling up.

If all four lines are populated and you can point at them, you have a cost posture. If any line says “I’ll figure it out later,” you do not.

Your privacy posture, in four lines CORE

A privacy posture answers: what kinds of data am I willing to send to which providers, and what do I do when I am not sure?

Four lines:

  1. My default placement rule. One sentence like cloud is my default; local is required when the input is personal, medical, financial, or subject to a promise of confidentiality. Or the reverse. Either is defensible; vague is not.
  2. A list of categories that always go local. Populate it. Examples: my journal, my family’s financial records, anything my parents shared with me in confidence, draft text of a private letter, images of family members’ faces.
  3. A list of categories that are fine in cloud. Examples: schoolwork I plan to turn in and would not mind a teacher seeing anyway; public data; code for open-source projects; my own writing I plan to publish.
  4. The “when unsure” rule. If I am on the line, I default to local, even if it is slower. Or: if I am on the line, I redact the sensitive parts and use cloud. Either is a rule you can execute; “I’ll trust my gut” is not.

Notice that the privacy posture is not a policy about providers — it is a policy about your own data. Providers change; your data categories do not.

Two drift failure modes CORE

Postures fail in two characteristic ways. Both are slow, and both start invisibly.

Sneaky-cost drift. Happens when a low-cost tool inches upward without you noticing. Scheduled agents are the worst offenders — a 5-cent daily run does not catch your eye, but 365 days at 10× that cost is a $180 surprise. A coding agent that spawns sub-agents inflates token counts non-linearly. The counter-move: check your usage dashboard weekly, not monthly, and always estimate before scaling up a recurring task. A one-time calendar reminder to check spend every Sunday does more than every cap in the world.

Sneaky-privacy drift. Happens when a new tool you add to your workflow quietly widens the data surface going to cloud. A browser extension that “helps you summarize pages” may send pages to a cloud model. An editor plugin that “autocompletes code” may send your surrounding context — which may include .env — to a cloud provider. The counter-move: for every new tool you install, read the one-sentence summary of what it uploads and to whom before you enable it on real work. If there is no such summary, that is your answer.

Both drifts are defeated by the same habit: look at the dashboard, read the one sentence, before, not after.

The four-part checklist before any new tool goes on real work CORE

New tools will keep arriving for as long as you do this work. You need a cheap, repeatable filter.

Four questions, ask them every time:

  1. What data does this tool see, and where does it go? One sentence from the tool’s docs or settings. If you cannot find it, that is the answer: do not use on real data yet.
  2. What does it cost, and how do I know I am approaching a limit? Same cap-and-warning pattern you set up in Lesson 2.4.
  3. What can it do on my behalf without asking? Is it read-only? Does it write files? Send messages? Move money? The more it can do autonomously, the more carefully you gate it.
  4. Where does it live in my posture? Local-only? Cloud-default? Only for categories of data listed above?

If all four have answers you are willing to live with, adopt it. If any answer is “I’ll figure it out,” the tool is not ready for your real workflow.

Stage 2 of 3

Try & Build

1 recipe + activity

Per-tool “Safe default” reminder index RECIPE

Last verified 2026-04-17
Next review 2026-07-17

A pointer-index to the safe-default callouts in Module 2. Every callout applies the principles above to one specific tool; this is where you look when you add a new tool and want to see the pattern you are copying.

  • VS Code (Lesson 2.2): editor itself is local; extensions are the risk surface. Audit extensions before install.
  • Terminal (Lesson 2.2): local; commands you paste do whatever they say they do. Read before pasting from untrusted sources.
  • Python (Lesson 2.2): local interpreter; the risk surface is pip install — packages you install run code on your machine. Read what you install.
  • Git (Lesson 2.2): local version control; the risk surface is what you commit. Always confirm .env and other secret files are in .gitignore before committing.
  • Ollama / LM Studio (Lesson 2.3): no per-run cost; prompts do not leave the machine after install. Verify offline.
  • Claude desktop app — Chat tab (Lesson 2.4): no file access; conversation only. Pro subscription covers usage.
  • Claude desktop app — Cowork tab (Lesson 2.4): autonomous tasks run in a cloud environment; doesn't access local files unless you explicitly attach them. Pro subscription covers usage.
  • Claude desktop app — Code tab (Lesson 2.4): sees only the folder you grant; real-time diff review on every edit. Pro subscription covers usage.
  • Anthropic API (Lesson 2.4, optional advanced): token-metered cost; console-level monthly cap required; prompts go to the provider per policy.
  • OpenAI API (Lesson 2.4, optional reference): same pattern as Anthropic.
  • Claude Code CLI (Lesson 2.4, optional advanced): terminal access to the folder it launches from; same engine as the Code tab. Pro subscription covers usage if you authed via subscription; per-token billing applies if you authed via API key.

Every Module 3-onward recipe must carry a matching “Safe default” callout. This is non-negotiable; the quarterly refresh depends on it.

Try it — Workstation posture one-pager CORE

written deliverable · open the printable template →

Fill in a single-page document with:

  • Your cost posture (four lines).
  • Your privacy posture (four lines).
  • Your default-model rule (from Lesson 2.1).
  • Your installed stack (from Lessons 2.2–2.4) with one line per tool. If you skipped a tool because of hardware or scope — for example, the local model in Lesson 2.3 — write “skipped — using cloud only” on its line. The skipping is itself part of your posture.
  • Your four-part new-tool checklist (copy it verbatim; you are adopting it, not writing it).

Deliverable. Save as workstation-posture.md in your course working folder. Then copy it — unchanged — into /capstone/workstation-posture-v1.md. This frozen copy is your second capstone artifact, matching my-first-loop-v1.md from Module 1.

Done with the hands-on?

When the recipe steps and any activity above are complete, mark this stage to unlock the assessment, reflection, and project checkpoint.

Stage 3 of 3

Check & Reflect

key concepts, quiz, reflection, checkpoint, instructor note

Quick check

Four questions. Tap a question to reveal the answer and the reasoning.

Q1. What is the main difference between a “rule” and a “posture”?
  • A A rule is written down; a posture is in your head.
  • B A posture is a short, written commitment about how you work — specific enough to act on and general enough to survive new tools and tasks. A rule is a single tactical do/do-not.
  • C Posture applies only to privacy; rules apply to everything.
  • D There is no meaningful difference.
Show explanation

Answer: B. The posture framing is what the whole lesson is organized around. A inverts it. C would make cost posture meaningless. D is the drift position.

Q2. Your monthly cost cap is hit mid-month. What does your posture tell you to do first?
  • A Raise the cap so the work can continue.
  • B Stop, audit what has been running, and decide whether to raise the cap or fix a runaway loop.
  • C Switch to local model immediately.
  • D Call the provider.
Show explanation

Answer: B. Line 3 of the cost posture is “what I do when I hit it” — the answer is almost always “stop and audit first,” because the most common cause is an unintended loop, not genuine need. A is the reflex that drains accounts. C and D are overreactions.

Q3. A new browser extension promises to “autocomplete your writing with AI.” Which of the four-part checklist questions is most likely to reveal a problem before you install it?
  • A What does it cost?
  • B What data does it see, and where does it go?
  • C Where does it live in my posture?
  • D What can it do on my behalf without asking?
Show explanation

Answer: B. “Autocomplete your writing” implies the extension is reading your drafts, including potentially personal or confidential drafts, and sending them to an AI provider. The first question to ask is which provider, what fraction of your writing is uploaded, and whether it is retained. A is rarely the first signal for free/freemium tools. C and D are good follow-ups after you know the answer to B.

Q4. Which statement best describes “sneaky-cost drift”?
  • A A sudden spike in a single bill.
  • B A gradual, invisible increase in recurring spend from low-cost tools running frequently.
  • C A provider raising their prices without notice.
  • D A developer intentionally overcharging.
Show explanation

Answer: B. The drift is the slow kind — individual runs stay cheap, but the total adds up because nobody is looking. Counter-move: weekly dashboard check. A is something a cap catches. C is rare and visible. D is uncommon in reputable providers.

Reflection prompt

The line you can’t actually keep.

In 5–7 sentences: Read your finished workstation posture aloud. Which line feels least true — i.e., which commitment are you least likely to actually keep under pressure? Rewrite that line into something you can actually keep. What was the gap between what you “should” commit to and what you will commit to?

The gap is the only thing that matters here. A posture you cannot keep is worse than no posture at all.

Project checkpoint

Two files, one final pass over Module 2.

You have two files to save:

  1. workstation-posture.md in your course working folder. This is the living document you will revise throughout the course.
  2. workstation-posture-v1.md in /capstone/. This is a frozen copy — a portfolio artifact for the end-of-course credit documentation.

Also open my-first-loop.md one more time and ensure all the lines from Lessons 2.1 through 2.4 are in place:

  • Model: local / cloud / hybrid + why + switch condition
  • Local-model runner installed (or skipped — using cloud only)
  • Local-model throughput (if applicable)
  • Claude desktop app: installed, signed in with Anthropic Pro
  • Three tabs verified: Chat, Cowork, Code
  • Default tab for autonomous work: Cowork
  • Default tab for directed file edits: Code
  • Editor (VS Code) installed
  • Optional advanced — API key: set up / not yet / skipped (with key storage and monthly cap if set up)

If any line is missing, fill it in now. This file and your workstation posture are the two artifacts Module 2 produced. You will carry both forward.

Next in Module 2

Module 2 end-of-module check.

Ten-question integrative assessment closing out the workstation. Closed-book, no AI assistance, parent-scored. Verifies the workstation posture and installed stack will hold up before you walk into Module 3.

Continue to the Module 2 end-of-module check →