Skip to content
runok runok runok

v0.1.0

Released on 2026-03-01. Full changelog

Highlights

Section titled “Highlights”

Initial release

Section titled “Initial release”

runok is a command allowlisting tool for AI coding agents and human developers. It evaluates shell commands against a set of YAML-defined rules and determines whether each command should be allowed, denied, or require user confirmation.

Key features in this release

Section titled “Key features in this release”

YAML-based rule configuration — Define allow/deny/ask rules with pattern matching:

runok.yml
rules:
  - allow: 'git *'
  - deny: 'rm -rf /'
  - ask: 'curl *'

Rich pattern syntax — Wildcards (*), alternation (-f|--force), optional groups ([-v]), flag-with-value matching (--output <arg>), and <cmd> placeholder for wrapper commands.

Compound command evaluation — Pipes, &&/|| chains, subshells, and command substitutions are parsed and each sub-command is evaluated individually.

Sandbox enforcement — Commands can be sandboxed with filesystem restrictions using macOS Seatbelt or Linux Landlock/Bubblewrap:

runok.yml
defaults:
  sandbox:
    fs:
      deny:
        - '~/.ssh'
        - '~/.gnupg'

Preset system — Share rule configurations via local files or remote GitHub repositories using extends:

runok.yml
extends:
  - 'github:owner/repo'
  - './local-preset.yml'

Claude Code integration — runok works as a Claude Code PreToolUse hook, automatically evaluating commands before execution. Configure .claude/settings.json to register runok as a hook.

CLI subcommandsrunok exec runs a command with rule evaluation, runok check validates a command without executing it. Both support JSON and plaintext input formats.