Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.rumus.ai/docs/llms.txt

Use this file to discover all available pages before exploring further.

When the agent wants to run a shell command, it’s gated by your command control rules: a whitelist of base commands that auto-approve, a blacklist of base commands that are blocked outright, and an approval prompt for everything in between. Configure this at Settings → AI → Conversation → Command Control.

How matching works

Both the whitelist and blacklist match on the base command — the first token of the command line. Patterns are not glob expressions or regex; they’re exact matches on that first token.
CommandFirst tokenMatched against
npm installnpmthe whitelist / blacklist npm entry
git log --onelinegitthe whitelist / blacklist git entry
sudo systemctl restart nginxsudothe whitelist / blacklist sudo entry
./deploy.sh./deploy.shexact match only
This keeps the rules predictable. If you whitelist git, every git invocation runs without asking — git log, git push, git rm -rf, all of them. Choose what to whitelist with that in mind.

Three statuses

Every command the agent wants to run gets one of three statuses:
StatusWhat happensColor
Auto-approvedRuns without askingGreen
Needs approvalPauses and shows the approval promptAmber
BlockedRefuses to run, even if you click approveRed
Auto-approved means the base command is on your whitelist. Blocked means it’s on your blacklist. Anything else falls into “needs approval”.

Defaults

Rumus ships with sensible defaults you can edit: Whitelist (auto-approved): npm, pnpm, yarn, cargo, node, git, bun — common dev-tool entry points that are read-mostly in normal use. Blacklist (blocked): rm, del, mv, copy, and similar destructive primitives — the things you don’t want a fast-moving agent to invoke. You can add to or remove from either list freely.

The approval prompt

When a command needs approval, you see three buttons:
  • Run — runs this one command. The next time the agent wants to run something with the same base command, you’ll be asked again.
  • Always Allow — runs this command and adds the base command to your whitelist. Future invocations with the same first token auto-approve.
  • Cancel — refuses; the agent gets a “denied” signal and decides what to do next (try a different approach, or report back to you).
You can also edit the command before approving. If the agent proposes kubectl delete pod foo and you actually want kubectl describe pod foo, edit the text in place, then click Run.

The blocked prompt

Blacklisted commands show a Blocked badge and don’t expose a Run button — the only path forward is to edit the command into something not blacklisted and then approve the edited version. Example: the agent proposes rm /tmp/cache.bin (blocked because rm is blacklisted by default). Edit to find /tmp/cache.bin -delete, and that goes through the normal approval flow.

Tips for setting up the lists

  • Whitelist tools you trust at the binary level. git, make, kubectl get — wait, you can’t whitelist a sub-command. So whitelist git knowing it includes git push --force too.
  • Blacklist anything that scares you. Adding dd and mkfs is cheap insurance even if the agent rarely tries them.
  • Default approval is the safe middle. When in doubt, leave a command out of both lists — the prompt is just one click and you’ll quickly learn which patterns you genuinely want to auto-approve.
  • Look at how long it takes you to click Always Allow on common commands. Patterns you approve every day belong on the whitelist; patterns you approve once a month don’t.

What if the prompt is happening too often?

If you’re approving the same command over and over, click Always Allow once and stop being asked. If approvals are coming up for commands you didn’t expect to be gated, check the conversation: it’s possible the agent is calling a tool with a wrapper script (e.g. bash -c "git status"), and bash is the base command that’s being matched, not git. Adjust the agent’s instructions, or add bash to the whitelist if you trust it.

Where settings live

  • Whitelist / Blacklist — Settings → AI → Conversation → Command Control. Edit each list as plain text, one entry per line.
  • Auto-approve safe tools — a separate toggle that lets read-only tools (read file, web fetch) run without prompts. On by default.
  • Reset to defaults — wipes your whitelist and blacklist and restores the shipping defaults.

Sub-agents and approvals

When a sub-agent wants to run something that needs approval, the prompt bubbles up to the parent conversation. You answer once and the sub-agent gets the answer. This means heavily-parallel runs can pile up several pending approvals at once if the whitelist isn’t tuned. If that’s annoying, whitelist the relevant base commands.

Next steps

Agentic execution

The full picture of how the agent decides what to run.

Rules & skills

Constrain the agent’s behavior at the prompt level, not just the command level.