diff --git a/apps/cli/src/application/lib/agent.ts b/apps/cli/src/application/lib/agent.ts
index 823ad3b3..d4aa737d 100644
--- a/apps/cli/src/application/lib/agent.ts
+++ b/apps/cli/src/application/lib/agent.ts
@@ -13,6 +13,7 @@ import { execTool } from "./exec-tool.js";
 import { AskHumanRequestEvent, RunEvent, ToolPermissionRequestEvent, ToolPermissionResponseEvent } from "../entities/run-events.js";
 import { BuiltinTools } from "./builtin-tools.js";
 import { CopilotAgent } from "../assistant/agent.js";
+import { isBlocked } from "./command-executor.js";
 
 export async function mapAgentTool(t: z.infer<typeof ToolAttachment>): Promise<Tool> {
     switch (t.type) {
@@ -552,11 +553,14 @@ export async function* streamAgent(state: AgentState): AsyncGenerator<z.infer<ty
                         });
                     }
                     if (underlyingTool.type === "builtin" && underlyingTool.name === "executeCommand") {
-                        yield *state.ingestAndLogAndYield({
-                            type: "tool-permission-request",
-                            toolCall: part,
-                            subflow: [],
-                        });
+                        // if command is blocked, then seek permission
+                        if (isBlocked(part.arguments.command)) {
+                            yield *state.ingestAndLogAndYield({
+                                type: "tool-permission-request",
+                                toolCall: part,
+                                subflow: [],
+                            });
+                        }
                     }
                     if (underlyingTool.type === "agent" && underlyingTool.name) {
                         yield* state.ingestAndLogAndYield({
diff --git a/apps/cli/src/application/lib/command-executor.ts b/apps/cli/src/application/lib/command-executor.ts
index 369dca0a..db030542 100644
--- a/apps/cli/src/application/lib/command-executor.ts
+++ b/apps/cli/src/application/lib/command-executor.ts
@@ -55,18 +55,15 @@ function findBlockedCommands(command: string): string[] {
   return invoked.filter((cmd) => !allowSet.has(cmd));
 }
 
-function enforceSecurity(command: string): CommandResult | null {
+// export const BlockedResult = {
+//   stdout: '',
+//   stderr: `Command blocked by security policy. Update ${SECURITY_CONFIG_PATH} to allow them before retrying.`,
+//   exitCode: 126,
+// };
+
+export function isBlocked(command: string): boolean {
   const blocked = findBlockedCommands(command);
-
-  if (!blocked.length) {
-    return null;
-  }
-
-  return {
-    stdout: '',
-    stderr: `Command blocked by security policy. Blocked command(s): ${blocked.join(', ')}. Update ${SECURITY_CONFIG_PATH} to allow them before retrying.`,
-    exitCode: 126,
-  };
+  return blocked.length > 0;
 }
 
 export interface CommandResult {
@@ -89,11 +86,6 @@ export async function executeCommand(
     maxBuffer?: number; // max buffer size in bytes
   }
 ): Promise<CommandResult> {
-  const securityResult = enforceSecurity(command);
-  if (securityResult) {
-    return securityResult;
-  }
-
   try {
     const { stdout, stderr } = await execPromise(command, {
       cwd: options?.cwd,
@@ -128,11 +120,6 @@ export function executeCommandSync(
     timeout?: number;
   }
 ): CommandResult {
-  const securityResult = enforceSecurity(command);
-  if (securityResult) {
-    return securityResult;
-  }
-
   try {
     const stdout = execSync(command, {
       cwd: options?.cwd,