Command Approval Flow

Interactive inline keyboard approval for restricted terminal commands.

How It Works

The agent requests a terminal command that isn't in the allowed prefixes list (or contains shell operators)
An approval request is sent to the first user in allowed_user_ids
The user sees an inline keyboard with three buttons:

Command requires approval:

rm -rf /tmp/old-cache

Allow Once Allow Always Deny

Approval Options

Option	Behavior
Allow Once	Execute the command this time only
Allow Always	Execute and add the command prefix to `terminal.allowed_prefixes` in config.toml
Deny	Reject the command — agent receives denial message

Shell Operators

Commands containing ; | && || $() or backticks always require approval, even if the prefix is whitelisted. This prevents injection attacks.

Untrusted Sources

Sessions originating from triggers (like email) are marked as untrusted. All terminal commands in untrusted sessions always require approval, regardless of allowed prefixes.

PreviousCommands NextTools Overview