traseai approvals

Manage exec approvals for the local host, gateway host, or a node host. By default, commands target the local approvals file on disk. Use --gateway to target the gateway, or --node to target a specific node. Related:

Common commands

traseai approvals get
traseai approvals get --node <id|name|ip>
traseai approvals get --gateway

Replace approvals from a file

traseai approvals set --file ./exec-approvals.json
traseai approvals set --node <id|name|ip> --file ./exec-approvals.json
traseai approvals set --gateway --file ./exec-approvals.json

Allowlist helpers

traseai approvals allowlist add "~/Projects/**/bin/rg"
traseai approvals allowlist add --agent main --node <id|name|ip> "/usr/bin/uptime"
traseai approvals allowlist add --agent "*" "/usr/bin/uname"

traseai approvals allowlist remove "~/Projects/**/bin/rg"

Notes

  • --node uses the same resolver as traseai nodes (id, name, ip, or id prefix).
  • --agent defaults to "*", which applies to all agents.
  • The node host must advertise system.execApprovals.get/set (macOS app or headless node host).
  • Approvals files are stored per host at ~/.traseai/exec-approvals.json.