Blacklist - 2501.ai

Subdirectory: blacklist/ · Body: must be empty Blacklist entries carry no body — the pattern is in frontmatter.

Frontmatter

Field	Type	Required	Default	Description
`org`	string \| null	No	tenant	Organization name. Omit (or `null`) for tenant-wide blocks applied to every org.
`pattern`	string	Yes	—	The pattern that blocks matching commands. Substring match by default; `*` and `?` glob wildcards supported.
`description`	string \| null	No	`null`	Why this command is blocked. Surfaces in the matching error.

Body must be empty — putting anything in it fails validation.

blacklist/rm-rf-root.mdx

---
org: platform-team
pattern: rm -rf /
description: Catastrophic. Always block — agents must scope deletes to a specific directory.
---

blacklist/interactive-editors.mdx

---
pattern: vim
description: Interactive editor — LLMs cannot drive its TUI. Use `sed` or write the file directly with `cat <<EOF`.
---

Substring match by default. pattern: vim blocks vim file.txt, git --paginate=vim, anywhere vim appears. Use globs for precise patterns: pattern: rm -rf *.
No regex. Only * and ? are interpreted; everything else is literal.
Tenant blacklist beats org. Tenant-scoped entries can’t be overridden by an org-scoped allowlist (there is no allowlist concept).
Body must be empty. Common mistake: putting an explanation in the body. Move it to description in frontmatter.

See Blacklists in Practice for what to block and why.