Command Approval Flow
Interactive inline keyboard approval for restricted terminal commands.
How It Works
- The agent requests a terminal command that isn't in the allowed prefixes list (or contains shell operators)
- An approval request is sent to the first user in
allowed_user_ids - The user sees an inline keyboard with three buttons:
Command requires approval:
rm -rf /tmp/old-cache
Allow Once
Allow Always
Deny
Approval Options
| Option | Behavior |
|---|---|
| Allow Once | Execute the command this time only |
| Allow Always | Execute and add the command prefix to terminal.allowed_prefixes in config.toml |
| Deny | Reject the command โ agent receives denial message |
Shell Operators
Commands containing
; | && || $() or backticks always require approval, even if the prefix is whitelisted. This prevents injection attacks.Untrusted Sources
Sessions originating from triggers (like email) are marked as untrusted. All terminal commands in untrusted sessions always require approval, regardless of allowed prefixes.