> ## Documentation Index
> Fetch the complete documentation index at: https://docs.2501.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Blacklist

> Prevent agents from executing specific commands

The Blacklist feature blocks agents from executing certain commands during task execution. This is useful for preventing problematic operations like calling unstable endpoints, using uninstalled tools, or running destructive commands.

When an agent tries to execute a blacklisted command, 2501 checks it against your defined patterns and rejects it if there's a match, prompting the agent to find another approach.

## Managing Blacklists

Go to **Command Center** → **Blacklist** and click **Create Command** to add a new entry.

<img src="https://mintcdn.com/2501/gMl_w8qww9Zl47hO/images/create_blacklist.png?fit=max&auto=format&n=gMl_w8qww9Zl47hO&q=85&s=b2fdf55516473c30d815bb6d3cc3129e" alt="Blacklist" width="1032" height="1024" data-path="images/create_blacklist.png" />

### Pattern

A regex pattern that defines which commands to block.

Example: `vim` blocks the Vim text editor

### Description

Explains why the command is blocked.

Example: `Vim is interactive and can't be operated by LLMs`

### Organization

By default, blacklists apply to all organizations. Select a specific organization to restrict the blacklist to only that org's agents.

### Pattern Type

How the pattern matching works:

* **Exact match**: Command must exactly match the pattern
* **Prefix match**: Command must start with the pattern
* **Contains**: Pattern can appear anywhere in the command

## Common Use Cases

**Destructive Operations**

Block high-risk commands for additional safety:

* `rm -rf /`
* `awscli terminate-instances`
* `sudo shutdown`

**Interactive Tools**

Agents can't interact with prompts or shells:

* `redis-cli` (exact match) - Use `redis-cli KEYS *` style commands instead
* `vim`, `nano`, `vi`
* `mysql`, `psql`
* `python` (without arguments)

**Missing or Unstable Tools**

Block commands for tools that aren't installed, have known issues, or are deprecated.

## Best Practices

Use the most specific pattern type you can (exact match is better than contains). Document why each command is blocked. Review your blacklist regularly as your infrastructure changes.

For enforcing preferred alternatives instead of just blocking, see [Operational Rules](/0.3.0/configure/operational-rules).
