Action playbooks

AI agent shell command policy

Runtime authorization for running shell commands: policy checks, approval thresholds, and decision records before the agent acts.

Veto EditorialMay 27, 2026Updated May 27, 20266 min

Page audit

  • Cited source ledger with May 27, 2026 access dates.
  • Action-time policy, approval, and evidence model.
  • Primary conversion path points to a demo; developer pages also point to install.

Shell commands collapse file, network, credential, and deployment authority into one interface.

Decision boundary

Put the Veto decision before run_shell reaches the system of record. The policy should see actor, tenant, amount or target, environment, and reason before the action executes.

Risk signalPolicy response
Low value or read-onlyAllow and record the decision.
Sensitive data or production targetRequire approval from the system owner.
Wrong tenant, missing reason, or blocked destinationDeny before execution.
Repeated attempts after denyEscalate to incident review.

Example protected action

run_shell.ts
const decision = await veto.protect({
  tool: "run_shell",
  arguments: input,
  context: {
    actorId,
    tenantId,
    environment: "production",
  },
})

if (decision.action === "deny") {
  throw new Error(decision.reason)
}

if (decision.action === "require_approval") {
  await veto.waitForApproval({ decisionId: decision.id })
}

return executeTool(input)

A good page for this search should help the reader implement one governed action, not describe abstract governance. The useful artifact is the action-level decision record.

Sources

LLM06: Excessive Agency

OWASP. Accessed May 27, 2026.

Hooks reference

Anthropic. Accessed May 27, 2026.

AI RMF Generative AI Profile

NIST. Accessed May 27, 2026.

FAQ

What should a team authorize before running shell commands?

Authorize the exact tool name, arguments, actor, tenant, environment, and review requirement before the side effect reaches the upstream system.

Why not rely on prompts for this?

Prompts guide model behavior, but they do not reliably stop a tool dispatch. Runtime authorization sits after the model proposes an action and before the tool executes.

What evidence should the page produce?

Keep a decision record with the actor, tool, arguments summary, policy version, verdict, reviewer when required, timestamp, and source system context.

Related paths

Use cases

Start from the action your buyer worries about.

Install Veto

Wrap one protected tool call and test allow, deny, and review decisions.

Book a demo

Map your first protected agent action to policy, approval, and evidence.

Govern the next agent action

Book a callSign up