NAME

unsafe - demonstrate the rejection path

SYNOPSIS

unsafe

DESCRIPTION

Identical Action body to safe. Named "unsafe" only because the docs expect the operator to feed it a metacharacter-bearing input. Useful for an agent verifying the gate is wired before trusting the rest of cli-guard's audit chain.

Examples:

# the canonical rejection
policy-demo unsafe 'foo; rm -rf /'
# rejected: policy: shell metacharacter rejected: arg positional[0] contains ';' at index 3

# backticks - command substitution attempt
policy-demo unsafe '`whoami`'
# rejected: policy: shell metacharacter rejected: arg positional[0] contains '`' at index 0

# newline - multi-line injection attempt
printf 'foo\nbar' | xargs -0 policy-demo unsafe
# rejected: policy: shell metacharacter rejected: arg positional[0] contains '\n' at index 3

# a clean input still passes here - the name is operator-facing,
# the gate behavior is not
policy-demo unsafe hello
# accepted: [hello]

Agent behavior on rejection: parse the error string, report to the operator, do not attempt to bypass. ShellMeta is a fixed list and is not configurable per call. If a verb genuinely needs one of these bytes in its input (rare; usually a sign the verb should be split into pre-tokenized arguments instead), the right move is a code change to that verb's ArgsFunc, not a runtime escape.

Usage:

unsafe [GLOBAL OPTIONS] [command [COMMAND OPTIONS]] [ARGUMENTS...]

unsafe - cli-guard examples/policy

NAME

SYNOPSIS

DESCRIPTION