◆

Auto-Approve Rules

// PATTERNS THAT BYPASS THE APPROVAL QUEUE

No auto-approve rules. Every destructive action requires manual approval.

KNOWN DESTRUCTIVE PATTERNS

git_mutation/\bgit\s+(push|reset\s+--hard|rebase|force|commit)\b/

forced_operation/\b--force\b|\b-f\s/

recursive_delete/\brm\s+-rf?\b/

disk_write/\bdd\s+if=/

truncate/\btruncate\b/

db_destructive/\b(DROP|TRUNCATE|DELETE)\s+(TABLE|DATABASE|SCHEMA)\b/

prisma_migration/\bprisma\s+migrate\s+(reset|deploy)\b/

db_backup_restore/\bpg_dump\b|\bpg_restore\b/

brew_mutation/\bbrew\s+(uninstall|services\s+stop)\b/

npm_mutation/\bnpm\s+(uninstall|publish)\b/

privilege_escalation/\bsudo\b/

cloud_deploy/\b(doctl|vercel|heroku)\s+.*?(deploy|create|delete)\b/

service_stop/\blaunchctl\s+(stop|unload|remove)\b/

process_kill/\bkill(all)?\s+-9\b/

external_send/\b(mail|sendmail|curl.*--data.*slack|postmessage|twilio)\b/

financial/\bstripe\s+.*?(charge|payout|transfer|refund)\b/