Your code is never stored. Processing exclusively in EU data centers. GDPR-compliant.
View our security standards
Permission
System
Three Security Levels
Every tool is classified based on its risk level. You always stay in control.
ALLOW
Automatically allowed
Safe operations like reading, searching and analyzing are automatically executed. No user prompt required.
ASK
User confirmation
Potentially dangerous operations require your explicit consent. You see exactly what will happen.
DENY
Blocked
Dangerous operations are automatically blocked. Access to system directories and sensitive files is not possible.
Security Features
Multi-layered security protects your system from unintended changes.
Sandbox Isolation
Workspace boundaries
The AI operates by default only within your project directory. Access to external paths requires explicit approval.
Bash Safety Analyzer
Intelligent command analysis
Every shell command is analyzed before execution. Safe commands are automatically allowed, dangerous ones blocked.
Persistent Permissions
Allow once, allow always
Save permissions per project or globally. "Always Allow" remembers your decisions for future sessions.
Configuration Rules
Declarative permissions
Define permissions in lurus.config.json or LURUS.md. Allow or block tools and paths via patterns.
Safe Commands
These commands are automatically executed without prompting:
ls, cat, head, tail File display
grep, rg, ag, fd Search
git status, log, diff Git (read-only)
npm test, run, ls npm (safe)
node, python, tsc Interpreters
jq, yq, awk, sed Text processing
Dangerous Patterns
These patterns require confirmation or are blocked:
rm -rf Recursive deletion
sudo Root privileges
chmod 777 Insecure permissions
curl | bash Remote code execution
git push --force Force push
npm publish Registry publication
DROP TABLE Database deletion
> /etc/ System file overwrite
Protected Files & Paths
These files and directories are automatically protected from write access.
Sensitive Files
Write access blocked
.env Environment variables .env.* Environment files *.key Private keys *.pem Certificates *.p12 PKCS#12 keystores credentials.json API credentials secrets.* Secret data id_rsa SSH private key .npmrc npm registry token Blocked Directories
No access allowed
~/.ssh SSH keys and configuration ~/.aws AWS credentials ~/.gnupg GPG keys ~/.config/gcloud Google Cloud credentials Confirmation Dialog
For ASK actions, you have three options to choose from.
src/components/Button.tsx Allow once
Executes the action once. You will be asked again for the next similar action.
Always allow
Saves the permission for this session and optionally persistent. Future similar actions will be automatically allowed.
Deny
Blocks the action. The AI receives an error message and can try an alternative approach.
Configuration
Define permissions declaratively in your project configuration.
{
"permissions": {
// Allowed tools and paths
"allow": [
"Write(src/**/*.ts)",
"Edit(src/**/*.tsx)",
"Bash"
],
// Blocked paths
"deny": [
"Write(dist/**)",
"Write(node_modules/**)"
],
// Allowed shell commands
"allowedCommands": [
"npm test",
"npm run build",
"git"
],
// Blocked shell commands
"deniedCommands": [
"rm -rf",
"sudo"
],
// Auto-approve safe bash commands
"bashAutoApprove": true
}
}Permission Modes
Different modes for different use cases.
default
Standard mode with all security checks.
--permission-mode default acceptEdits
Automatically allow file changes.
--permission-mode acceptEdits plan
Read-only - no changes allowed.
--permission-mode plan bypassPermissions
Skip all checks (CI/CD only).
--dangerously-skip-permissions Full control over what the agent can do.
Granular permissions, sandbox isolation, and persistent rules — all GDPR-compliant and hosted in Europe.
Get Started