Dangerous Command Filter: How Remocode Protects Your System

An Extra Layer of Safety

AI coding agents are powerful but imperfect. They sometimes propose commands that could cause significant damage: deleting files, force-pushing to repositories, publishing packages, or escalating privileges. While these agents have their own safety mechanisms, Remocode adds an independent confirmation layer that catches dangerous commands before they execute.

What Gets Filtered

Remocode maintains a list of command patterns classified as dangerous:

• ●`sudo` — Privilege escalation. An AI agent rarely needs root access, and when it does, you should know about it.
• ●`rm -rf` — Recursive forced deletion. One wrong path argument and entire directory trees disappear.
• ●`git push --force` — Force pushing overwrites remote history. In team environments, this can destroy other developers' work.
• ●`npm publish` — Publishing a package to the npm registry is irreversible for that version number.
• ●Other patterns — Additional destructive operations are detected based on common risk patterns.

How the Filter Works

When an AI agent attempts to execute a filtered command, Remocode intercepts it before execution. Instead of running the command, it sends a confirmation request to your Telegram chat. The message includes:

• ●The exact command that was intercepted
• ●The terminal session name where it was attempted
• ●Confirmation buttons to allow or deny execution

Only after you explicitly approve does the command execute. If you deny it, the command is blocked and the terminal receives no input.

Why This Matters for Remote Workflows

When you are at your desk and an AI agent runs rm -rf node_modules, you see it happen and can intervene if needed. When you are remote, the agent might run rm -rf / (an extreme example, but the principle holds) while you are unaware.

The dangerous command filter ensures that high-risk operations always require your explicit approval, regardless of whether you are at your desk or on your phone. This is especially important for unattended sessions where agents work autonomously.

Interaction With AI Agent Permissions

Some AI agents have their own permission systems. Claude Code asks before running shell commands. Gemini CLI has safety checks. Remocode's filter is independent of these — it operates at the terminal level, not the agent level.

This means a command might pass the agent's own safety check but still be caught by Remocode's filter. This layered approach provides defense in depth: even if one safety mechanism has a gap, the other catches it.

Customizing the Filter

The dangerous command filter is designed to catch the most universally dangerous patterns. The filter patterns cover the commands most likely to cause irreversible damage across all development environments.

False Positives

Occasionally, the filter may intercept a command that you intended to run. For example, if your workflow legitimately requires git push --force to a feature branch. In these cases, simply tap Allow on the confirmation message. The one-tap approval is fast enough that it adds minimal friction to legitimate operations.

The Confirmation Flow

The full flow works like this:

• ●AI agent generates a command containing a dangerous pattern.
• ●Remocode intercepts the command before it reaches the shell.
• ●A confirmation message is sent to Telegram with Allow and Deny buttons.
• ●You review the command and tap your choice.
• ●If allowed, the command executes normally. If denied, it is silently blocked.

This flow takes seconds and provides peace of mind that your AI agents cannot accidentally wreak havoc while you are away from your machine.

Best Practices

Trust the filter but do not rely on it exclusively. Always review what your AI agents are doing periodically using status or reply. The filter catches explicit dangerous commands, but there are creative ways to cause damage that no pattern-based filter can catch (such as writing a script that later deletes files). Combine the filter with regular check-ins for comprehensive safety.