From 8351d15e635efe5d3ad19206de310d0699557dda Mon Sep 17 00:00:00 2001
From: Arjun <6592213+arkml@users.noreply.github.com>
Date: Tue, 31 Mar 2026 19:53:30 +0530
Subject: [PATCH] added read commands to allowlist

---
 apps/x/packages/core/src/config/security.ts | 27 +++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/apps/x/packages/core/src/config/security.ts b/apps/x/packages/core/src/config/security.ts
index ac1afa58..b081826e 100644
--- a/apps/x/packages/core/src/config/security.ts
+++ b/apps/x/packages/core/src/config/security.ts
@@ -6,15 +6,38 @@ import { WorkDir } from "./config.js";
 export const SECURITY_CONFIG_PATH = path.join(WorkDir, "config", "security.json");
 
 const DEFAULT_ALLOW_LIST = [
+    "awk",
+    "basename",
     "cat",
+    "cut",
     "date",
+    "df",
+    "diff",
+    "dirname",
+    "du",
     "echo",
+    "env",
+    "file",
+    "find",
     "grep",
+    "head",
+    "hostname",
     "jq",
     "ls",
+    "printenv",
     "pwd",
-    "yq",
-    "whoami"
+    "readlink",
+    "realpath",
+    "sort",
+    "stat",
+    "tail",
+    "tree",
+    "uname",
+    "uniq",
+    "wc",
+    "which",
+    "whoami",
+    "yq"
 ]
 
 let cachedAllowList: string[] | null = null;