Configure command deny list patterns in Agents settings

Use command deny lists to restrict which system commands Ona Agent can execute. This guide explains how to configure and test deny lists.
Command deny lists are only available on Core and Enterprise plans. Free tier organizations will not have access to this feature.

What is the command deny list?

The command deny list is a security feature that allows organization administrators to block specific commands from being executed by Ona Agent within their organization’s environments. This provides fine-grained control over what actions Ona Agent can perform, helping maintain security standards and prevent potentially dangerous operations. With command deny lists, you can:
  • Block dangerous system commands like aws *
  • Enforce security policies across all Ona Agent interactions
  • Maintain compliance with organizational security requirements

How command blocking works

The deny list operates at multiple levels to provide comprehensive protection:

Command execution flow

  1. User input: User provides input to Ona Agent (via chat, slash commands, or bash commands)
  2. Ona Agent decision: Ona Agent decides to execute a command using the exec tool
  3. Permission check: The system checks the command against the organization’s deny list
  4. Execution or block: Commands are either executed (if allowed) or blocked with an error message

Pattern matching

The deny list supports flexible pattern matching:
  • Exact matching: shutdown blocks exactly “shutdown”
  • Wildcard patterns: shutdown* blocks “shutdown”, “shutdown -h”, “shutdown now”
  • Command families: rm * blocks all rm commands with arguments
  • Word-based matching: Patterns are matched word by word for precision

Important notes

  • Slash commands (like /clear, /support-bundle) are NOT directly blocked by deny lists. Slash commands are converted to prompts before reaching Ona Agent
  • Bash commands (prefixed with !) are still subject to deny list filtering

Configure command deny lists

Where to configure

  1. Ensure you have selected your organization
  2. Navigate to Settings > Agents

Who can access

Only organization administrators can view and modify command deny lists. Regular members do not have access to these settings.

How changes take effect

  • Changes apply to new Ona Agent sessions
  • Existing Ona Agent sessions must be restarted to apply new policies

Add deny list patterns

Basic configuration

  1. Navigate to Settings > Agents
  2. Locate the “Policies” section
  3. Add command patterns to the “Command Deny List” field, one per line
  4. Save your changes

Configure command deny list patterns in Agents settings

Example deny list patterns

Here are common patterns you might want to include: 
# Block package management (if needed)
apt *
yum *
dnf *

# Block commands that interact with cloud providers
aws *
gcloud *

Effect on users

When commands are blocked

Users will see clear error messages when Ona Agent attempts to execute blocked commands: 
Error: command execution prohibited: Command 'rm -rf /' matches deny pattern 'rm *'. 
Do not attempt to retry this command as it is blocked by security policy.

User experience

  • No impact on manual commands: Users can still run commands directly in their terminals
  • Ona Agent limitations: Only Ona Agent command execution is restricted
  • Clear feedback: Users receive informative error messages explaining why commands were blocked
  • No retry attempts: Ona Agent is instructed not to retry blocked commands

Pattern best practices

  1. Start with broad patterns: Use aws * instead of listing every aws variant
  2. Test thoroughly: Verify patterns work as expected in a test environment
  3. Document your choices: Keep a record of why specific patterns were added
  4. Regular review: Periodically review and update patterns based on usage

Security considerations

What the deny list protects against

  • Accidental destructive commands: Prevents Ona Agent from accidentally running dangerous operations
  • Malicious prompt injection: Blocks attempts to trick Ona Agent into running harmful commands
  • Compliance violations: Ensures Ona Agent doesn’t perform actions that violate organizational policies
  • Resource abuse: Prevents commands that could consume excessive system resources

What the deny list does not protect against

  • Direct user commands: Users can still run any command directly in their terminal
  • Application-level actions: Commands executed within applications (not system commands)
  • Slash command abuse: Slash commands themselves cannot be blocked via deny lists

Test your configuration

To test your deny list configuration:
  1. Create a new environment
  2. Ask Ona Agent to run a command that should be blocked
  3. Verify the command is blocked with an appropriate error message

Getting help

If you need assistance with command deny lists, Enterprise customers can reach out to your account representative.