Skip to main content
Turen’s 61 command validation rules prevent AI agents from executing destructive or dangerous shell commands. These rules are evaluated before the command runs — if a rule matches, the command is blocked and never executed.

Where to Find These Rules

Go to Agentic Security > Agent Security (/security/prompt) and select the Commands tab. You can filter rules by category, severity, or status using the FilterSearch bar.

Rule Categories

Filesystem (CMD-01 to CMD-17)

Commands that could delete or corrupt files:
  • rm -rf / and variants targeting critical paths
  • mkfs — formatting disks
  • dd — raw device writes
  • shred — secure file deletion
  • Overwriting boot sectors or MBR
  • Removing package manager databases

Git (CMD-18 to CMD-26)

Dangerous version control operations:
  • Force pushes to protected branches
  • git reset --hard to remote
  • git filter-branch (history rewriting)
  • Deleting HEAD reference
  • Expiring reflog entries

Security (CMD-27 to CMD-41)

Commands that could compromise system security:
  • Fork bombs
  • chmod 777 on system paths
  • Curl/wget piped to shell
  • Disabling firewalls, SELinux, or AppArmor
  • Reverse shells and bind shells
  • SSH key injection
  • Cron persistence

Database (CMD-42 to CMD-47)

Destructive database commands:
  • DROP TABLE / DROP DATABASE
  • TRUNCATE
  • DELETE or UPDATE without WHERE clause
  • Granting all privileges

Process (CMD-48 to CMD-52)

Dangerous process management:
  • Killing system processes or PID 1
  • System reboot, shutdown, or halt

Publishing (CMD-53 to CMD-58)

Package publishing operations:
  • Publishing to npm, PyPI, RubyGems, crates.io, or Go modules
  • Pushing Docker images to registries

Network (CMD-59 to CMD-61)

Network configuration changes:
  • Flushing iptables rules
  • Disabling network interfaces
  • Modifying DNS configuration

Example

When Claude Code attempts to run a blocked command, Turen intercepts it: 
Developer: "Clean up the old test database"
Claude: I'll drop the test tables...

BLOCKED: DROP TABLE command detected
   Rule: CMD-42 (Critical)
The command never executes. Claude Code receives feedback that the action was blocked and can suggest a safer alternative.

Toggling Rules

Click any rule row in the Commands tab to toggle it on or off. Disabled rules appear dimmed. Changes are batched — click Save in the unsaved changes bar to apply them to all agents on their next check-in.

Customization

You can adjust command validation rules to fit your workflow:
  • Disable specific rules if your team routinely uses certain commands in a controlled environment
  • Create custom rules to block organization-specific dangerous patterns
See Custom Rules for instructions.