CLI reference for `zirkabot approvals` (exec approvals for gateway or node hosts)

Read when…
  • You want to edit exec approvals from the CLI
  • You need to manage allowlists on gateway or node hosts

zirkabot approvals

Manage exec approvals for the local host, gateway host, or a node host. By default, commands target the local approvals file on disk. Use --gateway to target the gateway, or --node to target a specific node.

Related:

Common commands

zirkabot approvals get
zirkabot approvals get --node <id|name|ip>
zirkabot approvals get --gateway

Replace approvals from a file

zirkabot approvals set --file ./exec-approvals.json
zirkabot approvals set --node <id|name|ip> --file ./exec-approvals.json
zirkabot approvals set --gateway --file ./exec-approvals.json

Allowlist helpers

zirkabot approvals allowlist add "~/Projects/**/bin/rg"
zirkabot approvals allowlist add --agent main --node <id|name|ip> "/usr/bin/uptime"
zirkabot approvals allowlist add --agent "*" "/usr/bin/uname"

zirkabot approvals allowlist remove "~/Projects/**/bin/rg"

Notes

  • --node uses the same resolver as zirkabot nodes (id, name, ip, or id prefix).
  • --agent defaults to "*", which applies to all agents.
  • The node host must advertise system.execApprovals.get/set (macOS app or headless node host).
  • Approvals files are stored per host at ~/.zirkabot/exec-approvals.json.