Terminal
The Sidekick Terminal gives the Agent the ability to run shell commands on your system. You have complete control over what commands can run automatically, which require your approval, and which are blocked entirely.
Command Execution Flow
When the Agent wants to run a command, Sidekick checks your rules in this order:
Agent requests command
↓
Check Blocklist → If matched: BLOCKED (cannot run)
↓
Check Allowlist → If matched: AUTO-RUN (no approval needed)
↓
Require Approval → Wait for your confirmationThe blocklist always takes priority. A command in both lists will be blocked.
Command Rules
Allowlist (Auto-Approve)
Commands in the allowlist run immediately without asking for permission. Use this for commands you trust and use frequently.
Examples:
git— Allows all git commands (git status, git push, git pull, etc.)npm test— Allows running testsls— Allows listing directory contents
Blocklist (Always Block)
Commands in the blocklist can never run, even if you try to approve them. Use this for dangerous operations you want to prevent.
Examples:
rm -rf— Prevents recursive force deletionsudo— Blocks elevated privilege commandschmod 777— Prevents insecure permission changes
Unlisted Commands (Manual Approval)
Commands not in either list require your explicit approval before running. This is the default behavior for new commands.
Managing Command Rules
Open Terminal Settings
Navigate to Settings → Terminal rules.
Choose Allow or Block Tab
Switch between the Allow and Block tabs to manage each list.
Add Commands
Type a command or pattern in the input field and press Enter or click Add.
Remove Commands
Hover over any command in the list and click the delete button to remove it.
Use the search box to filter commands when your list grows large (appears with 4+ items).
Prefix Matching
Both lists support prefix matching, which means a single entry can cover multiple related commands.
| Entry | Matches |
|---|---|
git | git status, git push, git commit -m "message" |
npm | npm install, npm run dev, npm test |
docker | docker build, docker run, docker compose up |
rm -rf | rm -rf /tmp, rm -rf node_modules, rm -rf ./dist |
# Development tools
git
npm
pnpm
yarn
cargo
go
# Safe read operations
ls
cat
head
tail
grep
find
pwd
# Build and test
npm test
npm run build
cargo build
cargo test# Dangerous deletions
rm -rf /
rm -rf ~
rm -rf /*
# System modifications
sudo
su
chmod 777
chown
# Network risks
curl | bash
wget | bash
nc -l
# Environment
export PATH=
unset PATHApproving Commands
When the Agent requests an unlisted command, an approval dialog appears:
Approval Options
| Option | What It Does |
|---|---|
| Skip | Reject the command—it won't run |
| Run | Execute once without adding to allowlist |
| Run & Add to Allowlist | Execute and permanently allow this command |
Use "Run & Add to Allowlist" for commands you'll approve repeatedly. This saves time on future executions.
Background Execution
Long-running commands (servers, builds, watchers) run in background mode:
- Command starts and returns after 3 seconds
- Agent continues without waiting for completion
- Output streams in real-time to the terminal
- Stop button appears to kill the process
Background mode prevents the Agent from getting stuck waiting for commands that run indefinitely.
Managing Background Processes
- Click the Stop button next to any running background command
- The process is killed and marked as stopped
- You can clear completed commands with the Clear button
Recommended Setup
For New Users
Start with a minimal allowlist and add commands as you use them:
# Allowlist - Safe defaults
git
ls
pwd
cat
# Blocklist - Dangerous patterns
rm -rf /
rm -rf ~
sudo rm
chmod 777For Development
Common development workflow allowlist:
# Version control
git
# Package managers
npm
pnpm
yarn
# Build tools
cargo
go
make
# Testing
npm test
npm run test
cargo test
pytest
jestFor Production Caution
If working with sensitive systems, keep the allowlist minimal:
# Allowlist - Read-only
git status
git diff
git log
ls
cat
grep
# Blocklist - Prevent modifications
git push
git commit
rm
mv
cp
touch
mkdirBest Practices
Allowlist Strategy
- Start restrictive — Add commands as you need them
- Use prefixes wisely —
gitis convenient but allows all git operations - Be specific when needed —
npm testis safer than justnpm
Blocklist Strategy
- Block patterns, not just commands —
rm -rfcatches variations - Include dangerous flags —
chmod 777,rm -f - Consider piped commands —
curl | bashcan execute arbitrary code
Approval Workflow
- Review before approving — Read the full command in the tooltip
- Use "Run & Add" for trusted tools — Saves time on repeat commands
- Skip suspicious commands — When in doubt, don't run it
The Agent doesn't have malicious intent, but it might suggest commands that have unintended side effects. Always review unfamiliar commands before approving.