Agent that refuses to run commands without human approval
AgentFreeIn light of recent news about an agent deleting a production database, I thought now would be a good time to share this.As the use of AI tools in production is becoming more common, sadly so will the high profile incidents like the one mentioned.Fewshell is a terminal agent specifically designed to
Capabilities6 decomposed
interactive command approval gate with human-in-the-loop execution
Medium confidenceIntercepts shell commands before execution and presents them to a human operator for explicit approval or rejection, implementing a synchronous blocking pattern where the agent pauses execution flow until receiving user confirmation. The system captures command strings, displays them in a human-readable format, and only proceeds with subprocess execution after receiving affirmative input, preventing unintended or malicious command execution.
Implements a synchronous blocking approval gate at the command execution boundary rather than attempting to predict or filter commands pre-execution, giving humans real-time visibility into agent actions with zero latency between command proposal and human decision
More transparent and safer than sandboxing approaches because it shows humans exactly what will execute before it runs, rather than relying on container isolation or capability restrictions that can be circumvented
shell command proposal and formatting for human review
Medium confidenceFormats and presents proposed shell commands to users in a clear, human-readable format that highlights command structure, arguments, and potential side effects. The system parses command strings into components, displays them with syntax highlighting or structured formatting, and provides context about what the command will do, enabling informed human decision-making before execution.
Focuses on presentation and clarity rather than command validation, treating the human as the authoritative safety mechanism and optimizing for their ability to quickly assess command safety
More user-friendly than raw command logging because it structures information for human consumption rather than machine parsing, reducing cognitive load on approvers
agent-to-shell integration with command execution abstraction
Medium confidenceProvides an abstraction layer between an AI agent's decision-making logic and actual shell command execution, allowing the agent to request command execution through a standardized interface that enforces the approval gate. The system translates agent intent (expressed as command strings or structured requests) into shell invocations while maintaining control over execution timing and approval state.
Implements the approval gate as a middleware layer in the agent-to-shell pipeline rather than as a separate monitoring or logging system, making approval a first-class part of the execution model
More integrated than post-execution logging because it prevents execution entirely rather than just recording what happened, providing true safety rather than auditability alone
user input handling and approval decision capture
Medium confidenceCaptures explicit user input (yes/no, approve/reject, or similar binary decision) from an interactive terminal session and translates it into execution control signals. The system blocks agent execution pending user response, handles input validation and retry logic for invalid responses, and propagates the approval decision back to the execution layer to either proceed or abort.
Treats user approval as a synchronous blocking operation rather than an asynchronous event, ensuring agent execution is strictly serialized with human decision-making
More reliable than asynchronous approval systems because it guarantees the human has made a decision before execution proceeds, eliminating race conditions or missed approvals
command execution with subprocess isolation and error handling
Medium confidenceExecutes approved shell commands in a subprocess with captured output streams (stdout/stderr), exit code tracking, and error handling. The system spawns a shell process, feeds the command string to it, captures execution results, and returns them to the agent or user, providing visibility into command success or failure without affecting the parent process.
Executes commands in isolated subprocesses rather than in-process, preventing command failures or side effects from crashing the agent or approval system
Safer than in-process execution because subprocess isolation prevents malicious or buggy commands from directly affecting agent state or memory
approval state tracking and execution flow control
Medium confidenceMaintains state about whether each command has been approved, rejected, or is pending approval, and uses this state to control whether execution proceeds. The system tracks approval decisions throughout the command lifecycle, prevents execution of unapproved commands, and ensures commands execute only after explicit approval, implementing a state machine for command execution.
Implements approval state as a first-class concept in the execution flow rather than as a side effect of logging or monitoring, making approval decisions binding and enforceable
More reliable than post-execution auditing because it prevents unapproved execution entirely rather than just recording what happened, providing true safety guarantees
Capabilities are decomposed by AI analysis. Each maps to specific user intents and improves with match feedback.
Related Artifactssharing capabilities
Artifacts that share capabilities with Agent that refuses to run commands without human approval, ranked by overlap. Discovered automatically through the match graph.
Mini AGI
General-purpose agent based on GPT-3.5 / GPT-4
CopilotKit
The Frontend Stack for Agents & Generative UI. React + Angular. Makers of the AG-UI Protocol
AI Shell
Natural language to shell commands.
BLACKBOXAI Code Agent
Autonomous coding agent right in your IDE, capable of creating/editing files, running commands, using the browser, and more with your permission every step of the way.
Cline (Claude Dev)
Autonomous AI coding agent with file and terminal control.
Multi (Nightly) – Frontier AI Coding Agent
Frontier AI Coding Agent for Builders Who Ship.
Best For
- ✓developers building autonomous agents that need shell access but require safety guardrails
- ✓teams deploying LLM-based automation tools in production environments where command execution must be audited
- ✓security-conscious users who want to use agentic tools without granting unrestricted system access
- ✓non-technical users who need to approve agent actions but lack shell expertise
- ✓security auditors reviewing agent behavior logs
- ✓developers debugging agent command generation logic
- ✓developers building custom agents that need controlled shell access
- ✓teams integrating agents into existing automation frameworks
Known Limitations
- ⚠Synchronous blocking on user input creates latency — agent cannot proceed until human responds, unsuitable for time-critical automation
- ⚠No built-in timeout mechanism — if user is unavailable, agent hangs indefinitely waiting for approval
- ⚠Single-user approval model — no support for multi-party authorization or approval workflows
- ⚠No audit logging of approved/rejected commands — approval decisions are not persisted for compliance or debugging
- ⚠No semantic analysis of command intent — formatting is syntactic only, cannot warn about dangerous flag combinations
- ⚠Limited to standard shell syntax — complex piping, subshells, or advanced shell features may not format clearly
Requirements
Input / Output
UnfragileRank
UnfragileRank is computed from adoption signals, documentation quality, ecosystem connectivity, match graph feedback, and freshness. No artifact can pay for a higher rank.
About
Show HN: Agent that refuses to run commands without human approval
Categories
Alternatives to Agent that refuses to run commands without human approval
Search the Supabase docs for up-to-date guidance and troubleshoot errors quickly. Manage organizations, projects, databases, and Edge Functions, including migrations, SQL, logs, advisors, keys, and type generation, in one flow. Create and manage development branches to iterate safely, confirm costs
Compare →Are you the builder of Agent that refuses to run commands without human approval?
Claim this artifact to get a verified badge, access match analytics, see which intents users search for, and manage your listing.
Get the weekly brief
New tools, rising stars, and what's actually worth your time. No spam.
Data Sources
Looking for something else?
Search →