Quick reference for command patterns in Terminal.
| Pattern | Matches | Example |
|---|---|---|
git * |
git + any arguments |
git status, git commit -m "msg" |
node *.js |
node + files ending in .js |
node app.js, node server.js |
deno run * |
deno run + any |
deno run app.ts, deno run --allow-net server.ts |
npm * |
npm + any subcommand |
npm install, npm run build |
echo * |
echo + any text |
echo hello, echo "hello world" |
Patterns are matched token by token (space-separated):
// Pattern: ['git status *']
// Matches:
// git status // No
// git status --short // Yes
// git status file.txt // Yes
// Pattern: ['git *']
// Matches ALL git commands:
// git status // Yes
// git commit // Yes
// git log --oneline // Yesallow: [
'git *', // Version control
'npm *', // Node package manager
'node *.js', // Run JS files only
'deno run *', // Deno execution
'echo *', // Safe output
'cat *', // Read files (use carefully)
'ls *', // List directory
'pwd' // Print working directory
]allow: [
'npm run build',
'npm run test',
'npm run lint',
'node dist/*.js' // Only run compiled files
]Always include these in deny:
deny: [
'rm -rf *', // Recursive delete
'sudo *', // Privilege escalation
'mkfs.*', // Format filesystem
'dd *', // Direct disk access
'chmod -R *', // Mass permission change
'mv * /', // Move to root
'cp * /', // Copy to root
'> *', // Overwrite redirect (if shell enabled)
'* > /etc/*' // Write to system files
]Deny is always checked FIRST:
- If command matches
deny= BLOCKED - If
allowis empty = ALLOWED - If command matches
allow= ALLOWED - If no match = BLOCKED
// Quick test your patterns
Terminal.initialize({
workspaces: ['/tmp'],
commands: { allow: ['your-pattern *'], deny: [], maxArgs: 10, strictArgs: true, noShell: true }
})
try {
await Terminal.execute('your-command test', { cwd: '/tmp' })
console.log('Pattern MATCHED')
} catch (e) {
console.log('Pattern BLOCKED:', (e as Error).message)
}- Configuration - Full config options
- Security - Why restrictions matter