Before any AI agent action touches your filesystem, executes a shell command, or reaches out to the web, Shob checks it against a permission ruleset. Every rule maps an action category and a file/command pattern to one of three outcomes:Documentation Index
Fetch the complete documentation index at: https://mintlify.com/shobcoder/shob/llms.txt
Use this file to discover all available pages before exploring further.
allow (proceed silently), deny (block immediately), or ask (pause and prompt you for approval). This gives you precise, auditable control over what the agent is allowed to do — without having to babysit every keystroke.
How It Works
When an agent wants to call a tool, Shob evaluates the request against a chain of rulesets in order:- Built-in defaults — sensible safe defaults (e.g.,
bash ls *→allow) - Agent ruleset — the permission rules baked into the agent’s configuration
- Session-approved rules — any patterns the user approved with “always allow” during the current session
ask.
When you respond to a permission prompt with “always allow”, Shob records the pattern in the session’s approved ruleset for the rest of that session. It does not permanently modify your config file.
Permission Categories
read
Controls which files the agent may read. Supports glob patterns per path. Sensitive files like
.env and .env.* default to ask.edit
Controls write operations: creating, editing, patching, or overwriting files. Also covers
write, apply_patch, and multiedit tool calls.bash
Controls shell command execution. Patterns match the full command string (e.g.,
"git status *", "npm run *"). Common safe read-only commands like ls, cat, grep, git diff are pre-allowed by the built-in defaults.external_directory
Controls access to directories outside the current project worktree. Defaults to
ask for most paths; skill directories are pre-allowed.webfetch / websearch
Controls whether the agent can fetch URLs or run web searches.
plan_enter / plan_exit
Controls entering and exiting plan mode. The
build agent enables plan_enter; the plan agent enables plan_exit.question
Controls whether the agent can ask you clarifying questions mid-task. Enabled in
build, disabled by default in other agents.doom_loop
Guards against runaway agent loops. Defaults to
ask.glob, grep, list, task, todowrite, codesearch, lsp, skill.
Permission Rule Syntax
Permission rules are expressed as a nested object inshob.json (or per-agent config). Each key is a permission category and the value is either a single action string or an object mapping glob patterns to actions.
shob.json
- A plain string (e.g.,
"bash": "allow") is shorthand for{ "*": "allow" }— it matches all patterns for that category. - Object form allows per-path granularity. Patterns are matched using wildcard (
*) and glob semantics. - Rules are evaluated in the order they are declared. The last matching rule wins.
Glob pattern examples
Agent-Level vs Global Permissions
Permissions can be set at two scopes: Global — applies to all agents as a baseline. Set in yourshob.json:
shob.json
shob.json
Permission Auto-Respond
If you trust specific patterns and never want to be asked about them, add them to the globalpermission config with "allow":
shob.json
Built-in Default Rules
Shob ships with sensible defaults that pre-allow common read-only shell operations so you are not interrupted for routine commands:| Category | Pattern | Action |
|---|---|---|
bash | ls * | allow |
bash | cat * | allow |
bash | pwd * | allow |
bash | echo * | allow |
bash | git status * | allow |
bash | git diff * | allow |
bash | git log * | allow |
bash | git show * | allow |
bash | git branch * | allow |
bash | grep * | allow |
bash | which * | allow |
bash | type * | allow |
read | *.env.example | allow |
read | *.env, *.env.* | ask |
Skipping Permissions (Dangerous)
For automated pipelines, CI environments, or situations where you fully trust the agent and the environment, you can bypass all non-denied permission prompts:Permission Replies
When Shob pauses to ask you about a tool call, you have three choices:| Reply | Effect |
|---|---|
| Once | Allow this specific call, but ask again next time |
| Always | Allow this pattern for the rest of the session |
| Reject | Deny this call and cancel all pending requests for this session |