Home / Features / Safety / Dangerous Command Guard
SAFETY

Dangerous Command Guard

A seatbelt for your shell. Chau7 pauses rm -rf for confirmation. Because undo does not exist in terminals.

The problem

  • AI agents, pastes, and sleepy humans occasionally hit Enter on the wrong command.
  • Shells do not reliably warn before obviously destructive operations.

What Chau7 does about it

  • Detects risky command patterns before they are sent to the shell.
  • Presents a confirmation dialog instead of executing immediately.
  • Settings let you control guard behavior and highlight scope.
  • Uses the same terminal-aware command parsing path that avoids naive string matching.

What is Dangerous Command Guard in Chau7?

Dangerous Command Guard is a safety feature in the Chau7 terminal that intercepts destructive commands before the shell executes them. Chau7 maintains a curated ruleset of dangerous command patterns: rm with recursive or force flags, dd targeting block devices, mkfs, chmod 777 on root paths, and more.

Chau7 also detects Unicode homoglyph attacks where Cyrillic or fullwidth characters masquerade as ASCII in commands. The guard checks pasted multi-line content for dangerous patterns as well.

When Chau7 detects a match, execution is paused and a confirmation dialog appears. The dialog shows exactly what the command will do, which paths it affects, and the potential consequences.

How do I prevent accidental rm -rf in the terminal?

Chau7's Dangerous Command Guard automatically detects rm with recursive or force flags and pauses execution before the shell sees the command. No shell aliases, wrapper scripts, or third-party tools are needed.

Chau7's guard operates at the terminal input layer, not as a shell plugin. This means Chau7 catches dangerous commands regardless of which shell you use: zsh, bash, or fish.

Chau7's guard catches dangerous commands whether they are typed or pasted from the clipboard. Multi-line pastes are also checked for dangerous patterns across all lines.

How does Chau7's dangerous command guard compare to other terminals?

Most terminals have no built-in protection against destructive commands. iTerm2, Warp, Alacritty, and Kitty rely on shell aliases or third-party tools like safe-rm. Those approaches are fragile and easy to bypass.

Chau7 intercepts dangerous commands at the terminal input layer. Chau7's guard works regardless of shell and presents a confirmation dialog for all detected dangerous patterns.

Does Chau7's guard slow down normal commands?

No. Chau7's pattern matching runs in microseconds on every command submission. Safe commands execute with no visible delay.

Only when Chau7 detects a dangerous pattern does the confirmation dialog appear. The guard adds zero overhead for non-destructive commands.

Can I customize Chau7's guard rules?

Yes. Chau7 supports per-directory allowlists scoped by exact or child path match, plus a global allowlist. Commands on the allowlist bypass the guard. You can also add your own patterns to detect additional dangerous commands.

Chau7's rules are customizable. All detected patterns trigger the same confirmation dialog. The check() function accepts an optional directory parameter to apply the correct per-directory allowlist.

Why Chau7's Dangerous Command Guard matters

Every developer has a horror story about a misplaced rm -rf or a dd that targeted the wrong device. Shell aliases and confirmation functions are fragile and easy to bypass.

Chau7's Dangerous Command Guard intercepts known destructive commands at the terminal level, before the shell sees them, and presents a confirmation dialog. It also detects Unicode homoglyph attacks and checks multi-line pastes. It is a seatbelt, not a cage: experienced drivers still wear them.

Questions this answers

  • What is Dangerous Command Guard in Chau7 terminal?
  • How does Chau7's dangerous command guard compare to other terminals?
  • How do I prevent accidental rm -rf in the terminal?
  • Does the guard slow down normal commands?
  • Can I customize the guard rules?

Related features

Process Exit Confirmation

Warns before closing tabs with running processes.

MCP Approval Gate

Optional per-tool approval for MCP actions before they execute.

Frequently asked questions

What is Dangerous Command Guard in Chau7 terminal?

Dangerous Command Guard is a safety feature in the Chau7 terminal that intercepts destructive commands like rm -rf, dd, and mkfs before the shell executes them. Chau7 also detects Unicode homoglyph attacks where Cyrillic or fullwidth characters masquerade as ASCII, and checks pasted multi-line content for dangerous patterns. Chau7 pauses execution and shows a confirmation dialog describing what the command will do and which paths it affects.

How does Chau7's dangerous command guard compare to other terminals?

Most terminals have no built-in protection against destructive commands. iTerm2, Warp, Alacritty, and Kitty rely on shell aliases or third-party tools. Chau7 intercepts dangerous commands at the terminal input layer, catching them regardless of shell.

How do I prevent accidental rm -rf in the terminal?

Chau7's Dangerous Command Guard automatically detects rm with recursive or force flags and pauses execution before the shell sees the command. A confirmation dialog shows the exact paths affected and the potential consequences. No shell aliases or wrapper scripts are needed.

Does the guard slow down normal commands?

No. Chau7's pattern matching runs in microseconds on every command submission. Safe commands execute with no visible delay. Only when Chau7 detects a dangerous pattern does the confirmation dialog appear.

Can I customize the guard rules?

Yes. Chau7 supports per-directory allowlists scoped by exact or child path match, plus a global allowlist. You can add your own patterns to detect additional dangerous commands. All detected patterns trigger the same confirmation dialog.

Protect yourself from rm -rf. Or from Tuesday-morning-before-coffee you.

Download for macOS

Free. Open source. Named after a sock.