|
4 | 4 | "edit": "allow", |
5 | 5 | "webfetch": "allow", |
6 | 6 | "bash": { |
7 | | - "*": "ask", |
8 | | - "backlog *": "allow", |
9 | | - "cargo *": "allow", |
10 | | - "cat *": "allow", |
11 | | - "cp *": "allow", |
12 | | - "date *": "allow", |
13 | | - "deno fmt *": "allow", |
14 | | - "deno lint *": "allow", |
15 | | - "echo *": "allow", |
16 | | - "fd *": "allow", |
17 | | - "find *": "allow", |
18 | | - "git add *": "allow", |
19 | | - "git checkout *": "ask", |
20 | | - "git commit *": "allow", |
21 | | - "git diff *": "allow", |
22 | | - "git log *": "allow", |
23 | | - "git push *": "allow", |
| 7 | + "*": "allow", |
| 8 | + // Destructive file operations |
| 9 | + "rm -rf /*": "deny", |
| 10 | + "rm -rf /": "deny", |
| 11 | + "rm *": "ask", |
| 12 | + // Privilege escalation |
| 13 | + "sudo *": "ask", |
| 14 | + // Disk/filesystem destruction (Linux) |
| 15 | + "dd *": "deny", |
| 16 | + "mkfs *": "deny", |
| 17 | + "fdisk *": "deny", |
| 18 | + "parted *": "deny", |
| 19 | + // Disk/filesystem destruction (macOS/BSD) |
| 20 | + "diskutil eraseDisk*": "deny", |
| 21 | + "diskutil eraseVolume*": "deny", |
| 22 | + "diskutil partitionDisk*": "deny", |
| 23 | + "diskutil apfs deleteContainer*": "deny", |
| 24 | + "diskutil *": "ask", |
| 25 | + "newfs*": "deny", |
| 26 | + "mount *": "ask", |
| 27 | + "umount *": "ask", |
| 28 | + // System power |
| 29 | + "shutdown *": "deny", |
| 30 | + "reboot *": "deny", |
| 31 | + "halt *": "deny", |
| 32 | + // macOS system configuration |
| 33 | + "nvram *": "deny", |
| 34 | + "bless *": "deny", |
| 35 | + "csrutil *": "deny", |
| 36 | + "systemsetup *": "deny", |
| 37 | + "launchctl *": "ask", |
| 38 | + "networksetup *": "ask", |
| 39 | + "scutil *": "ask", |
| 40 | + "dscl *": "ask", |
| 41 | + "pmset *": "ask", |
| 42 | + "tmutil delete*": "deny", |
| 43 | + "tmutil *": "ask", |
| 44 | + // Git history destruction |
24 | 45 | "git push --force*": "ask", |
25 | | - "git rev-parse *": "allow", |
26 | 46 | "git reset --hard*": "ask", |
27 | | - "git show *": "allow", |
28 | | - "git status *": "allow", |
| 47 | + // Git branch switching (potential uncommitted work loss) |
| 48 | + "git checkout *": "ask", |
29 | 49 | "git switch *": "ask", |
30 | | - "grep *": "allow", |
31 | | - "head *": "allow", |
32 | | - "jq *": "allow", |
33 | | - "ls *": "allow", |
34 | | - "mkdir *": "allow", |
35 | | - "mise *": "allow", |
36 | | - "mv *": "allow", |
37 | | - "npm *": "allow", |
38 | | - "npx *": "allow", |
39 | | - "prek *": "allow", |
40 | | - "rg *": "allow", |
41 | | - "rm *": "ask", |
42 | | - "sudo *": "ask", |
43 | | - "tail *": "allow", |
44 | | - "task *": "allow", |
45 | | - "touch *": "allow", |
46 | | - "tree *": "allow", |
47 | | - "wc *": "allow", |
48 | | - "yq *": "allow" |
| 50 | + // Process/system disruption |
| 51 | + "killall *": "ask", |
| 52 | + "pkill *": "ask", |
| 53 | + // Network exfiltration footguns |
| 54 | + "curl * | *sh*": "deny", |
| 55 | + "wget * | *sh*": "deny" |
49 | 56 | } |
50 | 57 | } |
51 | 58 | } |
0 commit comments