{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"hn-47957127","slug":"agent-that-refuses-to-run-commands-without-human-a","name":"Agent that refuses to run commands without human approval","type":"agent","url":"https://github.com/few-sh/fewshell","page_url":"https://unfragile.ai/agent-that-refuses-to-run-commands-without-human-a","categories":["cli-tools","deployment-infra"],"tags":["hackernews","show-hn"],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"hn-47957127__cap_0","uri":"capability://safety.moderation.interactive.command.approval.gate.with.human.in.the.loop.execution","name":"interactive command approval gate with human-in-the-loop execution","description":"Intercepts shell commands before execution and presents them to a human operator for explicit approval or rejection, implementing a synchronous blocking pattern where the agent pauses execution flow until receiving user confirmation. The system captures command strings, displays them in a human-readable format, and only proceeds with subprocess execution after receiving affirmative input, preventing unintended or malicious command execution.","intents":["I want to run an AI agent that can execute shell commands but I need to review each command before it actually runs","I need to prevent accidental or adversarial command execution while still allowing an agent to propose system operations","I want to maintain control over what my agent does on my machine without disabling its ability to interact with the shell"],"best_for":["developers building autonomous agents that need shell access but require safety guardrails","teams deploying LLM-based automation tools in production environments where command execution must be audited","security-conscious users who want to use agentic tools without granting unrestricted system access"],"limitations":["Synchronous blocking on user input creates latency — agent cannot proceed until human responds, unsuitable for time-critical automation","No built-in timeout mechanism — if user is unavailable, agent hangs indefinitely waiting for approval","Single-user approval model — no support for multi-party authorization or approval workflows","No audit logging of approved/rejected commands — approval decisions are not persisted for compliance or debugging"],"requires":["Shell environment (bash, zsh, sh, or compatible)","Python 3.7+ or Node.js 14+ depending on implementation language","Interactive terminal or TTY for user input prompts","Appropriate file system permissions to execute commands in target directories"],"input_types":["command strings (shell syntax)","command arguments and flags","environment variables"],"output_types":["approval/rejection decision (boolean or enum)","command execution result (stdout/stderr)","exit codes"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"hn-47957127__cap_1","uri":"capability://safety.moderation.shell.command.proposal.and.formatting.for.human.review","name":"shell command proposal and formatting for human review","description":"Formats and presents proposed shell commands to users in a clear, human-readable format that highlights command structure, arguments, and potential side effects. The system parses command strings into components, displays them with syntax highlighting or structured formatting, and provides context about what the command will do, enabling informed human decision-making before execution.","intents":["I want to see exactly what command my agent is about to run in a clear, easy-to-understand format","I need to quickly identify if a proposed command is safe or if it contains unexpected arguments or flags","I want to understand the intent and scope of a command before approving it"],"best_for":["non-technical users who need to approve agent actions but lack shell expertise","security auditors reviewing agent behavior logs","developers debugging agent command generation logic"],"limitations":["No semantic analysis of command intent — formatting is syntactic only, cannot warn about dangerous flag combinations","Limited to standard shell syntax — complex piping, subshells, or advanced shell features may not format clearly","No command documentation lookup — users must know what flags do without built-in help integration"],"requires":["Shell command string as input","Terminal or display capable of rendering formatted text"],"input_types":["shell command strings","command arguments","environment variable references"],"output_types":["formatted command display (text, possibly with syntax highlighting)","structured command representation (parsed arguments, flags, targets)"],"categories":["safety-moderation","text-generation-language"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"hn-47957127__cap_2","uri":"capability://tool.use.integration.agent.to.shell.integration.with.command.execution.abstraction","name":"agent-to-shell integration with command execution abstraction","description":"Provides an abstraction layer between an AI agent's decision-making logic and actual shell command execution, allowing the agent to request command execution through a standardized interface that enforces the approval gate. The system translates agent intent (expressed as command strings or structured requests) into shell invocations while maintaining control over execution timing and approval state.","intents":["I want my agent to be able to request shell command execution without directly calling subprocess or os.system","I need to decouple agent logic from shell execution so I can inject approval gates without modifying agent code","I want to support multiple shell environments (bash, zsh, sh) through a unified agent interface"],"best_for":["developers building custom agents that need controlled shell access","teams integrating agents into existing automation frameworks","projects where agent code and execution environment are separated"],"limitations":["Abstraction adds latency — each command execution goes through approval gate before reaching shell","Limited to command-line tools — cannot directly invoke system APIs or graphical applications","No built-in error recovery — if a command fails, agent must handle retry logic itself","Shell-specific syntax required — agent must generate valid shell syntax, no higher-level abstraction"],"requires":["Agent framework or runtime (language-specific)","Shell environment with appropriate permissions","Mechanism for agent to communicate command requests (function calls, message passing, or API)"],"input_types":["command strings from agent","structured command objects (if supported)","environment context"],"output_types":["command execution results (stdout, stderr)","exit codes","execution status (approved, rejected, failed)"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"hn-47957127__cap_3","uri":"capability://safety.moderation.user.input.handling.and.approval.decision.capture","name":"user input handling and approval decision capture","description":"Captures explicit user input (yes/no, approve/reject, or similar binary decision) from an interactive terminal session and translates it into execution control signals. The system blocks agent execution pending user response, handles input validation and retry logic for invalid responses, and propagates the approval decision back to the execution layer to either proceed or abort.","intents":["I want to interactively approve or reject each command my agent proposes in real-time","I need a simple, unambiguous way to tell the agent whether to execute a command or not","I want the agent to wait for my decision before proceeding, not execute speculatively"],"best_for":["interactive development and testing of agents","manual oversight scenarios where a human is actively monitoring agent behavior","environments where approval decisions need to be made by a human in the loop"],"limitations":["Requires active human presence — cannot be used in fully automated pipelines or unattended execution","No timeout mechanism — agent waits indefinitely for user input if human is unavailable","Single approval decision per command — no support for conditional approvals or parameterized decisions","Terminal-dependent — requires interactive TTY, incompatible with headless or batch execution modes"],"requires":["Interactive terminal or TTY","Human operator available to provide input","Standard input stream (stdin) accessible to the approval system"],"input_types":["user keyboard input (yes/no, y/n, approve/reject, or similar)","terminal signals (Ctrl+C to abort)"],"output_types":["boolean approval decision","execution control signal (proceed or abort)"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"hn-47957127__cap_4","uri":"capability://automation.workflow.command.execution.with.subprocess.isolation.and.error.handling","name":"command execution with subprocess isolation and error handling","description":"Executes approved shell commands in a subprocess with captured output streams (stdout/stderr), exit code tracking, and error handling. The system spawns a shell process, feeds the command string to it, captures execution results, and returns them to the agent or user, providing visibility into command success or failure without affecting the parent process.","intents":["I want to run approved shell commands and get their output back to the agent","I need to capture both standard output and error output from commands","I want to know if a command succeeded or failed via exit codes"],"best_for":["agents that need to execute system commands and process their results","automation workflows that depend on command output for downstream logic","scenarios where command execution must be isolated from the agent process"],"limitations":["Subprocess overhead — each command execution spawns a new process, adding latency","No real-time streaming — output is captured after command completes, not streamed live","Limited to command-line tools — cannot execute graphical applications or system services","Shell-dependent behavior — command execution varies across different shell environments (bash vs zsh vs sh)"],"requires":["Shell environment (bash, zsh, sh, or compatible)","Appropriate file system and system permissions to execute commands","Subprocess/process spawning capability in the runtime environment"],"input_types":["shell command string","working directory (optional)","environment variables (optional)"],"output_types":["stdout (command output)","stderr (error output)","exit code (integer)"],"categories":["automation-workflow","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"hn-47957127__cap_5","uri":"capability://safety.moderation.approval.state.tracking.and.execution.flow.control","name":"approval state tracking and execution flow control","description":"Maintains state about whether each command has been approved, rejected, or is pending approval, and uses this state to control whether execution proceeds. The system tracks approval decisions throughout the command lifecycle, prevents execution of unapproved commands, and ensures commands execute only after explicit approval, implementing a state machine for command execution.","intents":["I want the system to remember which commands have been approved and which have been rejected","I need to ensure that no command executes without explicit approval, even if the agent requests it multiple times","I want to prevent the agent from bypassing the approval gate"],"best_for":["safety-critical automation where command execution must be strictly gated","compliance scenarios where approval decisions must be enforced and tracked","multi-step workflows where approval state must persist across multiple commands"],"limitations":["No persistence across sessions — approval state is lost when the agent restarts","Single approval per command — no support for conditional or time-limited approvals","No audit trail — approval decisions are not logged for later review or compliance","No revocation mechanism — once approved, a command cannot be un-approved before execution"],"requires":["State management mechanism (in-memory or external)","Unique command identifiers or hashing to track approval state","Synchronization mechanism if multiple agents or threads are involved"],"input_types":["command string or identifier","approval decision (approve/reject)"],"output_types":["approval state (approved, rejected, pending)","execution control signal (proceed or abort)"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":34,"verified":false,"data_access_risk":"high","permissions":["Shell environment (bash, zsh, sh, or compatible)","Python 3.7+ or Node.js 14+ depending on implementation language","Interactive terminal or TTY for user input prompts","Appropriate file system permissions to execute commands in target directories","Shell command string as input","Terminal or display capable of rendering formatted text","Agent framework or runtime (language-specific)","Shell environment with appropriate permissions","Mechanism for agent to communicate command requests (function calls, message passing, or API)","Interactive terminal or TTY"],"failure_modes":["Synchronous blocking on user input creates latency — agent cannot proceed until human responds, unsuitable for time-critical automation","No built-in timeout mechanism — if user is unavailable, agent hangs indefinitely waiting for approval","Single-user approval model — no support for multi-party authorization or approval workflows","No audit logging of approved/rejected commands — approval decisions are not persisted for compliance or debugging","No semantic analysis of command intent — formatting is syntactic only, cannot warn about dangerous flag combinations","Limited to standard shell syntax — complex piping, subshells, or advanced shell features may not format clearly","No command documentation lookup — users must know what flags do without built-in help integration","Abstraction adds latency — each command execution goes through approval gate before reaching shell","Limited to command-line tools — cannot directly invoke system APIs or graphical applications","No built-in error recovery — if a command fails, agent must handle retry logic itself","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.36,"quality":0.22,"ecosystem":0.56,"match_graph":0.25,"freshness":0.6,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.1,"match_graph":0.28,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-06-17T09:51:04.692Z","last_scraped_at":"2026-05-04T08:09:59.925Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=agent-that-refuses-to-run-commands-without-human-a","compare_url":"https://unfragile.ai/compare?artifact=agent-that-refuses-to-run-commands-without-human-a"}},"signature":"GmBYuxaR/rWoss3JaCsJ1463X5q3yD0qMFlzsesdwXxGg0rfcmVlnL8GI5RhUeTurIm6Az7jftAYCKRuAQ3FAQ==","signedAt":"2026-06-21T10:16:38.781Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/agent-that-refuses-to-run-commands-without-human-a","artifact":"https://unfragile.ai/agent-that-refuses-to-run-commands-without-human-a","verify":"https://unfragile.ai/api/v1/verify?slug=agent-that-refuses-to-run-commands-without-human-a","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}