Rules editor
The Rules editor is a modal that creates or edits an auto-approve rule. It opens from:
- Settings → Auto-approve rules → New rule
- History → Approval audit → Promote (drafts a rule pre-filled from the audit entry, with dry-run on by default)
Layout
A two-column modal:
- Form (left) — the rule fields.
- Preview (right) — how the rule will look in the table, plus a sample-traffic preview that shows the rule evaluated against the last recent decisions.
Form fields
| Field | What it does |
|---|---|
| Name | Short label that shows up in tables and the audit log. |
| Tool | Bash / Edit / Read / Write / Grep / WebFetch / * (any). Changes which input field the pattern is matched against (e.g. command for Bash, file_path for Edit). |
| Match type | Literal, glob, or regex. The hint text under the pattern field updates with examples. |
| Pattern | Matched against the tool input field. Empty = match-all (use with caution). |
| Working directory glob | Optional. Restricts the rule to sessions whose cwd matches the glob. |
| Action | Allow (auto-approve), Deny (auto-reject), or Ask (explicit fallthrough — useful to exclude something from a broader rule above). |
| Dry-run | When on, the daemon logs matches but doesn't decide. Default for newly-promoted rules. |
| Enabled | When off, the rule is saved but inactive. |
Preview pane
- Rule preview — shows how the rule will appear in the rules table (name, pattern + type, tool, scope glob, action).
- Sample traffic — runs the in-progress rule against the last 5–12 resolved decisions. Each is labelled match / no-match / scope-miss so you can see the scope you're about to take effect over.
Lints
The editor surfaces inline warnings when patterns look unsafe, e.g.:
- A catch-all
Bash:*allow with no cwd scope. - An allow rule containing
rm -rfor similar. - A regex that looks malformed.
Lints don't block save — they're guidance.
Order matters
The first matching rule wins. Reorder with the ↑↓ controls in the rules table. Deny rules above allow rules is the safest default — a narrow deny followed by a broad allow lets you carve exceptions cleanly.
tip
Promote, don't write from scratch. Letting the agent run normally and promoting frequent decisions from the audit log is the lowest-risk way to build up a rule set — the rule starts in dry-run, and you can watch real traffic against it before flipping it on.