> ## Documentation Index
> Fetch the complete documentation index at: https://docs.2501.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Blacklist

> MDX frontmatter reference for blacklist entries

**Subdirectory:** `blacklist/` · **Body:** must be empty

Blacklist entries carry no body — the pattern is in frontmatter.

## Frontmatter

| Field         | Type           | Required | Default | Description                                                                                                  |
| ------------- | -------------- | -------- | ------- | ------------------------------------------------------------------------------------------------------------ |
| `org`         | string \| null | No       | tenant  | Organization name. Omit (or `null`) for tenant-wide blocks applied to every org.                             |
| `pattern`     | string         | **Yes**  | —       | The pattern that blocks matching commands. Substring match by default; `*` and `?` glob wildcards supported. |
| `description` | string \| null | No       | `null`  | Why this command is blocked. Surfaces in the matching error.                                                 |

## Fields NOT supported

* `id`, `tenant_id`, `created_at`, `updated_at` — system-set

Body must be empty — putting anything in it fails validation.

## Example

```mdx blacklist/rm-rf-root.mdx theme={null}
---
org: platform-team
pattern: rm -rf /
description: Catastrophic. Always block — agents must scope deletes to a specific directory.
---
```

```mdx blacklist/interactive-editors.mdx theme={null}
---
pattern: vim
description: Interactive editor — LLMs cannot drive its TUI. Use `sed` or write the file directly with `cat <<EOF`.
---
```

## Gotchas

* **Substring match by default.** `pattern: vim` blocks `vim file.txt`, `git --paginate=vim`, anywhere `vim` appears. Use globs for precise patterns: `pattern: rm -rf *`.
* **No regex.** Only `*` and `?` are interpreted; everything else is literal.
* **Tenant blacklist beats org.** Tenant-scoped entries can't be overridden by an org-scoped allowlist (there is no allowlist concept).
* **Body must be empty.** Common mistake: putting an explanation in the body. Move it to `description` in frontmatter.

See [Blacklists in Practice](/0.8/risk/blacklists) for what to block and why.
