it's not a deny list. there are no "bad commands" - commands map to intent (filesystem_delete, network_outbound, lang_exec, etc.) and policies apply to intents.
the context policy was the big "aha" moment for me where the same command can trigger a different decision depending where you are on rm __pycache__ inside the project is fine, rm ~/.bashrc is not.
but.. nah won't catch an agent that does a set of actions that look normal and you approve - stateless hooks have limits, but for most stuff that's structurally classifiable, I find that it works very well without being intrusive to my flow.
it's not a deny list. there are no "bad commands" - commands map to intent (filesystem_delete, network_outbound, lang_exec, etc.) and policies apply to intents.
the context policy was the big "aha" moment for me where the same command can trigger a different decision depending where you are on rm __pycache__ inside the project is fine, rm ~/.bashrc is not.
but.. nah won't catch an agent that does a set of actions that look normal and you approve - stateless hooks have limits, but for most stuff that's structurally classifiable, I find that it works very well without being intrusive to my flow.