> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turen.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Command Validation

> Block dangerous shell commands before execution

Turen's 61 command validation rules prevent AI agents from executing destructive or dangerous shell commands. These rules are evaluated **before** the command runs: if a rule matches, the command is blocked and never executed.

## Where to Find These Rules

Go to **Agentic Security > Agent Security** (`/security/prompt`) and select the **Commands** tab. You can filter rules by category, severity, or status using the FilterSearch bar.

## Rule Categories

### Filesystem (CMD-01 to CMD-17)

Commands that could delete or corrupt files:

* `rm -rf /` and variants targeting critical paths
* `mkfs`: formatting disks
* `dd`: raw device writes
* `shred`: secure file deletion
* Overwriting boot sectors or MBR
* Removing package manager databases

### Git (CMD-18 to CMD-26)

Dangerous version control operations:

* Force pushes to protected branches
* `git reset --hard` to remote
* `git filter-branch` (history rewriting)
* Deleting HEAD reference
* Expiring reflog entries

### Security (CMD-27 to CMD-41)

Commands that could compromise system security:

* Fork bombs
* `chmod 777` on system paths
* Curl/wget piped to shell
* Disabling firewalls, SELinux, or AppArmor
* Reverse shells and bind shells
* SSH key injection
* Cron persistence

### Database (CMD-42 to CMD-47)

Destructive database commands:

* `DROP TABLE` / `DROP DATABASE`
* `TRUNCATE`
* `DELETE` or `UPDATE` without `WHERE` clause
* Granting all privileges

### Process (CMD-48 to CMD-52)

Dangerous process management:

* Killing system processes or PID 1
* System reboot, shutdown, or halt

### Publishing (CMD-53 to CMD-58)

Package publishing operations:

* Publishing to npm, PyPI, RubyGems, crates.io, or Go modules
* Pushing Docker images to registries

### Network (CMD-59 to CMD-61)

Network configuration changes:

* Flushing iptables rules
* Disabling network interfaces
* Modifying DNS configuration

## Example

When Claude Code attempts to run a blocked command, Turen intercepts it:

```text theme={null}
Developer: "Clean up the old test database"
Claude: I'll drop the test tables...

BLOCKED: DROP TABLE command detected
   Rule: CMD-42 (Critical)
```

The command never executes. Claude Code receives feedback that the action was blocked and can suggest a safer alternative.

## Toggling Rules

Click any rule row in the Commands tab to toggle it on or off. Disabled rules appear dimmed. Changes are batched: click **Save** in the unsaved changes bar to apply them to all agents on their next check-in.

## Customization

You can adjust command validation rules to fit your workflow:

* **Disable specific rules** if your team routinely uses certain commands in a controlled environment
* **Create custom rules** to block organization-specific dangerous patterns

See [Custom Rules](/security-rules/custom-rules) for instructions.
