prefix_rule(pattern=["openclaw", "daemon"], decision="allow")
prefix_rule(pattern=["curl", "-I", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/"], decision="allow")
prefix_rule(pattern=["openclaw", "config"], decision="allow")
prefix_rule(pattern=["openclaw", "channels"], decision="allow")
prefix_rule(pattern=["node", "-e", "fetch('https://api.telegram.org/file/bot8658426327:AAHFrqQzIfxZhYJHhGmkKC9yXvF6B1aeRCc/photos/file_20.jpg').then(r=>{console.log('status',r.status); return r.arrayBuffer()}).then(b=>console.log('bytes',b.byteLength)).catch(e=>{console.error('ERR',e.name,e.message); console.error(e.cause?.code||''); process.exit(1)})"], decision="allow")
prefix_rule(pattern=["curl", "-I", "--max-time", "15", "https://api.telegram.org/file/bot8658426327:AAHFrqQzIfxZhYJHhGmkKC9yXvF6B1aeRCc/photos/file_20.jpg"], decision="allow")
prefix_rule(pattern=["systemctl", "--user", "show", "openclaw-gateway.service", "-p", "Environment", "-p", "ExecStart", "-p", "FragmentPath"], decision="allow")
prefix_rule(pattern=["env", "-i", "HOME=/home/ubuntu", "TMPDIR=/tmp", "PATH=/home/ubuntu/.local/bin:/home/ubuntu/.npm-global/bin:/home/ubuntu/bin:/home/ubuntu/.volta/bin:/home/ubuntu/.asdf/shims:/home/ubuntu/.bun/bin:/home/ubuntu/.nvm/current/bin:/home/ubuntu/.fnm/current/bin:/home/ubuntu/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin", "NODE_OPTIONS=--dns-result-order=ipv4first", "/usr/bin/node", "-e", "fetch('https://api.telegram.org/file/bot8658426327:AAHFrqQzIfxZhYJHhGmkKC9yXvF6B1aeRCc/photos/file_20.jpg').then(r=>{console.log('status',r.status); return r.arrayBuffer()}).then(b=>console.log('bytes',b.byteLength)).catch(e=>{console.error('ERR',e.name,e.message); console.error(e.cause?.code||''); process.exit(1)})"], decision="allow")
prefix_rule(pattern=["node", "--input-type=module", "-e", "import { t as fetchWithSsrFGuard } from 'file:///usr/lib/node_modules/openclaw/dist/fetch-guard-Bho7inTC.js'; const r = await fetchWithSsrFGuard({ url: 'https://api.telegram.org/file/bot8658426327:AAHFrqQzIfxZhYJHhGmkKC9yXvF6B1aeRCc/photos/file_20.jpg' }); console.log('status', r.response.status); const b = await r.response.arrayBuffer(); console.log('bytes', b.byteLength); await r.release();"], decision="allow")
prefix_rule(pattern=["/usr/bin/node", "--input-type=module", "-e", "import { t as fetchWithSsrFGuard } from 'file:///usr/lib/node_modules/openclaw/dist/fetch-guard-Bho7inTC.js'; const r = await fetchWithSsrFGuard({ url: 'https://api.telegram.org/file/bot8658426327:AAHFrqQzIfxZhYJHhGmkKC9yXvF6B1aeRCc/photos/file_20.jpg' }); console.log('status', r.response.status); const b = await r.response.arrayBuffer(); console.log('bytes', b.byteLength); await r.release();"], decision="allow")
prefix_rule(pattern=["/usr/bin/node", "--input-type=module", "-e", "import { b as resolveTelegramFetch } from 'file:///usr/lib/node_modules/openclaw/dist/send-C9W9_c5v.js'; const f = resolveTelegramFetch(undefined, {}); const r = await f('https://api.telegram.org/file/bot8658426327:AAHFrqQzIfxZhYJHhGmkKC9yXvF6B1aeRCc/photos/file_20.jpg'); console.log('status', r.status); const b = await r.arrayBuffer(); console.log('bytes', b.byteLength);"], decision="allow")
prefix_rule(pattern=["/usr/bin/node", "--input-type=module", "-e", "import net from 'node:net'; import { t as fetchWithSsrFGuard } from 'file:///usr/lib/node_modules/openclaw/dist/fetch-guard-Bho7inTC.js'; net.setDefaultAutoSelectFamily(false); const r = await fetchWithSsrFGuard({ url: 'https://api.telegram.org/file/bot8658426327:AAHFrqQzIfxZhYJHhGmkKC9yXvF6B1aeRCc/photos/file_20.jpg' }); console.log('status', r.response.status); const b = await r.response.arrayBuffer(); console.log('bytes', b.byteLength); await r.release();"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "OPENCLAW_TELEGRAM_DISABLE_AUTO_SELECT_FAMILY=1 /usr/bin/node --input-type=module -e \"import { t as fetchWithSsrFGuard } from 'file:///usr/lib/node_modules/openclaw/dist/fetch-guard-Bho7inTC.js'; const r = await fetchWithSsrFGuard({ url: 'https://api.telegram.org/file/bot8658426327:AAHFrqQzIfxZhYJHhGmkKC9yXvF6B1aeRCc/photos/file_20.jpg' }); console.log('status', r.response.status); const b = await r.response.arrayBuffer(); console.log('bytes', b.byteLength); await r.release();\""], decision="allow")
prefix_rule(pattern=["/home/linuxbrew/.linuxbrew/bin/codex", "exec"], decision="allow")
prefix_rule(pattern=["gemini", "-p"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "GEMINI_API_KEY='AIzaSyBLLhH2h5I9JlQgHciwcqsUsjJ_HBs-wRo' gemini -p \"Reply with exactly OK\""], decision="allow")
prefix_rule(pattern=["deepseek-code", "generate"], decision="allow")
prefix_rule(pattern=["/home/ubuntu/.local/bin/deepseek-code-openclaw"], decision="allow")
prefix_rule(pattern=["/home/ubuntu/.local/bin/gemini-cli-openclaw"], decision="allow")
prefix_rule(pattern=["openclaw", "agent"], decision="allow")
prefix_rule(pattern=["systemctl", "--user", "restart", "openclaw-gateway.service"], decision="allow")
prefix_rule(pattern=["python3", "-m", "http.server"], decision="allow")
prefix_rule(pattern=["/home/ubuntu/.local/bin/pipo-deploy"], decision="allow")
prefix_rule(pattern=["tailscale", "serve", "status", "--json"], decision="allow")
prefix_rule(pattern=["/home/ubuntu/.local/bin/pipo-undeploy"], decision="allow")
prefix_rule(pattern=["curl", "-I", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/codex/emstek/"], decision="allow")
prefix_rule(pattern=["systemctl", "--user", "status", "openclaw-gateway.service"], decision="allow")
prefix_rule(pattern=["journalctl", "-u"], decision="allow")
prefix_rule(pattern=["systemctl", "status"], decision="allow")
prefix_rule(pattern=["systemctl", "list-timers", "--all", "--no-pager"], decision="allow")
prefix_rule(pattern=["systemctl", "cat", "product-promos-fetch.service"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/scripts/fetch_product_promos.js", "--discover-only"], decision="allow")
prefix_rule(pattern=["systemctl", "restart", "product-search-server.service"], decision="allow")
prefix_rule(pattern=["sudo", "systemctl", "restart", "product-search-server.service"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/health"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=yerba&page=0&size=5"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=coca%20cola&page=0&size=5"], decision="allow")
prefix_rule(pattern=["printf", "\\n---\\n"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/scripts/build_coto_ean_map.js"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/product/2000152000000"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/scripts/fetch_product_promos.js"], decision="allow")
prefix_rule(pattern=["sudo", "cp", "/home/ubuntu/.openclaw/workspace/tmp/descuentos.html.edit", "/usr/lib/node_modules/openclaw/dist/control-ui/descuentos.html"], decision="allow")
prefix_rule(pattern=["sudo", "cp", "/home/ubuntu/.openclaw/workspace/tmp/carrito.html.edit", "/usr/lib/node_modules/openclaw/dist/control-ui/carrito.html"], decision="allow")
prefix_rule(pattern=["curl", "-I", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/scripts/sepa-ingest.js", "--day"], decision="allow")
prefix_rule(pattern=["curl", "-I", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/super-ranking/progress.json"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "ps -o pid,etime,%cpu,%mem,stat,cmd -p $(pgrep -f 'node /home/ubuntu/.openclaw/workspace/scripts/sepa-ingest.js --day lunes' | head -n1)"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "-I", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/bank-promos-data.js"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "-I", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/super-ranking/bank-promos-data.js"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/descuentos.html"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/super-ranking/progress.json"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/stores"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/stores"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/product/0000077949677"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/products?q=coca%20cola&page=0&size=10"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/products?q=coca%20cola&page=0&size=10&measure=600%20L"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/products?q=coca%20cola&page=0&size=10&measure=600%20ml&variant=Zero"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "--max-time", "10", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/product/7792798015061"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/product/7792798015061"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7792798015061:2"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=brahma&page=0&size=5"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=brahma&page=0&size=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7792798015061:1"], decision="allow")
prefix_rule(pattern=["node", "-e", "let s='';process.stdin.on('data',d=>s+=d).on('end',()=>{const j=JSON.parse(s);const x=j.items[0];console.log(JSON.stringify({ean:x.ean,bestPrice:x.bestPrice,bestStore:x.bestStore,stores:Object.fromEntries(Object.entries(x.stores).map(([k,v])=>[k,{effectivePrice:v.effectivePrice,compareAtPrice:v.compareAtPrice,productUrl:v.productUrl,loyaltyPrice:v.loyaltyPrice,promoLabels:(v.promoLabels||[]).slice(0,3)}]))},null,2));})"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/validate-price-alignment.js"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/products?q=brahma&page=0&size=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/product/7790895000232"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=7790895000232&page=0&size=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.carrefour.com.ar/api/catalog_system/pub/products/search?ft=7790895000232&_from=0&_to=5&_fields=productId,productName,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.vea.com.ar/api/catalog_system/pub/products/search?ft=7790895000232&_from=0&_to=5&_fields=productId,productName,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.carrefour.com.ar/api/catalog_system/pub/products/search?ft=gaseosa%20coca%20cola%20sabor%20original%20354%20ml&_from=0&_to=5&_fields=productId,productName,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.carrefour.com.ar/api/catalog_system/pub/products/search/Coca-cola%20354?_from=0&_to=5"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7790895000232:1"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7790895000232:6"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.cotodigital.com.ar/sitios/cdigi/productos/gaseosa-coca-cola-sabor-original-354-ml-/_/R-00003750-00003750-200"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.carrefour.com.ar/gaseosa-cola-coca-cola-sabor-original-en-lata-354-ml-6225/p"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.jumbo.com.ar/gaseosa-coca-cola-sabor-original-354-ml/p"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.disco.com.ar/gaseosa-coca-cola-sabor-original-354-ml/p"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.jumbo.com.ar/api/catalog_system/pub/products/search?ft=7790895000232&_from=0&_to=2&_fields=productId,productName,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.disco.com.ar/api/catalog_system/pub/products/search?ft=7790895000232&_from=0&_to=2&_fields=productId,productName,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.jumbo.com.ar/api/catalog_system/pub/products/search?ft=7790895000232&_from=0&_to=2&_fields=productId,productName,brand,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.disco.com.ar/api/catalog_system/pub/products/search?ft=7790895000232&_from=0&_to=2&_fields=productId,productName,brand,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.jumbo.com.ar/api/checkout/pub/orderForms/simulation?sc=32"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.disco.com.ar/api/checkout/pub/orderForms/simulation?sc=33"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "curl -fsS https://www.vea.com.ar/api/catalog_system/pub/products/search?ft=7790895000232&_from=0&_to=5&_fields=productId,productName,brand,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.cotodigital.com.ar/sitios/cdigi/main.65d9b21910efc7b0.js"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "curl -fsS https://www.carrefour.com.ar/api/catalog_system/pub/products/search?ft=7790895000232&_from=0&_to=5&_fields=productId,productName,brand,link,items"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "curl -fsS http://127.0.0.1:3005/products?q=7790895000232&page=0&size=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://api.coto.com.ar/api/v1/ms-digital-sitio-bff-web/api/v1/products/search/7790895000232?key=key_r6xzz4IAoTWcipni&num_results_per_page=24&pre_filter_expression=%7B%22name%22%3A%22store_availability%22%2C%22value%22%3A%22060%22%7D"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://api.coto.com.ar/api/v1/ms-digital-sitio-bff-web/api/v1/products/search/coca-cola?key=key_r6xzz4IAoTWcipni&num_results_per_page=5&pre_filter_expression=%7B%22name%22%3A%22store_availability%22%2C%22value%22%3A%22060%22%7D"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://api.coto.com.ar/api/v1/ms-digital-sitio-bff-web/api/v1/products/search/gaseosa-coca-cola-sabor-original-354-ml?key=key_r6xzz4IAoTWcipni&num_results_per_page=24&pre_filter_expression=%7B%22name%22%3A%22store_availability%22%2C%22value%22%3A%22060%22%7D"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://api.coto.com.ar/api/v1/ms-digital-sitio-bff-web/api/v1/products/offers/todas-las-ofertas?key=key_r6xzz4IAoTWcipni&num_results_per_page=5&pre_filter_expression=%7B%22name%22%3A%22store_availability%22%2C%22value%22%3A%22060%22%7D"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.cotodigital.com.ar/rest/model/atg/actors/cProductoActor/getDescuentosMedioPago?idProducto=3750"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.cotodigital.com.ar/rest/model/atg/actors/cProductoActor/getMetodosEntrega?producto=3750"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.jumbo.com.ar/api/catalog_system/pub/products/search?fq=skuId:31542"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.vea.com.ar/api/catalog_system/pub/products/search?fq=skuId:31542"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.disco.com.ar/api/catalog_system/pub/products/search?fq=skuId:31542"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "-H", "content-type: application/json", "--data", "{\"seller\":\"discoargentinad2439boulogne\",\"skus\":[\"31542\"]}", "https://www.disco.com.ar/_v/search-promotions"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "-H", "content-type: application/json", "--data", "{\"seller\":\"veaargentinav5000\",\"skus\":[\"31542\"]}", "https://www.vea.com.ar/_v/search-promotions"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "-H", "content-type: application/json", "--data", "{\"seller\":\"jumboargentinaj5202martinez\",\"skus\":[\"31542\"]}", "https://www.jumbo.com.ar/_v/search-promotions"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "-H", "content-type: application/json", "--data", "{\"seller\":\"jumboargentinad061\",\"skus\":[\"31542\"]}", "https://www.disco.com.ar/_v/search-promotions"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "-H", "content-type: application/json", "--data", "{\"seller\":\"jumboargentinav700cordoba700\",\"skus\":[\"31542\"]}", "https://www.vea.com.ar/_v/search-promotions"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1450"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.cotodigital.com.ar/sitios/cdigi/productos/cerveza-chopp-brahma-710ml/_/R-00602622-00602622-200?format=json"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7792798015061:1&loyalty=1"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=7792798015061&page=0&size=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1502"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/health"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=coca%20cola&page=0&size=10"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=brahma&page=0&size=10"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.jumbo.com.ar/_v/search-promotions", "-H", "content-type: application/json", "--data", "{\"seller\":\"jumboargentinaj5202martinez\",\"skus\":[\"31542\"]}"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "node /home/ubuntu/.openclaw/workspace/tmp/audit-live-store-alignment.js > /home/ubuntu/.openclaw/workspace/tmp/audit-live-store-alignment.json"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=7790895646348&page=0&size=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=7790895643286&page=0&size=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://diaonline.supermercadosdia.com.ar/api/catalog_system/pub/products/search?ft=7790895643286&_from=0&_to=5&_fields=productId,productName,link,items"], decision="allow")
prefix_rule(pattern=["jq", "{updatedAt, phase, status}"], decision="allow")
prefix_rule(pattern=["set", "-euo", "pipefail"], decision="allow")
prefix_rule(pattern=["sleep", "4"], decision="allow")
prefix_rule(pattern=["printf", "brahma-search\\n"], decision="allow")
prefix_rule(pattern=["printf", "progress\\n"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=7793704000881&page=0&size=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.masonline.com.ar/api/catalog_system/pub/products/search?ft=7793704000881&_from=0&_to=5&_fields=productId,productName,link,items"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.masonline.com.ar/yerba-mate-playadito-sin-palo-x-500g-2/p"], decision="allow")
prefix_rule(pattern=["curl", "--compressed", "-fsSL", "https://www.masonline.com.ar/yerba-mate-playadito-sin-palo-x-500g-2/p"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.masonline.com.ar/api/checkout/pub/orderForms/simulation?sc=1", "-H", "content-type: application/json", "--data", "{\"items\":[{\"id\":\"41403\",\"quantity\":1,\"seller\":\"1\"}],\"country\":\"ARG\"}"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7793704000881:1"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=7793704000881&page=0&size=1"], decision="allow")
prefix_rule(pattern=["perl", "-0pi", "-e", "s/carrito\\.js\\?v=20260309-benefits1/carrito.js?v=20260309-zone1/g", "/usr/lib/node_modules/openclaw/dist/control-ui/carrito.html"], decision="allow")
prefix_rule(pattern=["sudo", "perl", "-0pi", "-e"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=playadito&page=0&size=5"], decision="allow")
prefix_rule(pattern=["jq", "{multiStore: .multiStore.items[0], rankedChains: [.singleStore[].chain]}"], decision="allow")
prefix_rule(pattern=["jq", ".items[] | {ean, bestStore, bestPrice, stores: (.stores|keys)}"], decision="allow")
prefix_rule(pattern=["jq", ".items[0] | {bestStore, bestPrice, stores: (.stores|keys)}"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/super-ranking/carrito.js?v=20260309-zone1"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1727&q=7793704000881"], decision="allow")
prefix_rule(pattern=["chromium-browser", "--headless", "--no-sandbox", "--disable-gpu", "--virtual-time-budget=8000", "--dump-dom", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1727&q=7793704000881"], decision="allow")
prefix_rule(pattern=["chromium-browser", "--headless", "--no-sandbox", "--disable-gpu", "--virtual-time-budget=8000", "--screenshot=/tmp/carrito-ui.png", "--window-size=1440,1400", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1727&q=7793704000881"], decision="allow")
prefix_rule(pattern=["chromium-browser", "--headless", "--no-sandbox", "--disable-gpu", "--virtual-time-budget=8000", "--screenshot=/home/ubuntu/carrito-ui.png", "--window-size=1440,1400", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1727&q=7793704000881"], decision="allow")
prefix_rule(pattern=["chromium-browser", "--headless", "--no-sandbox", "--disable-gpu", "--virtual-time-budget=8000", "--screenshot=/home/ubuntu/carrito-ui-fixed.png", "--window-size=1440,1400", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1750&q=7793704000881"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1750&q=7793704000881"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=7790290101602&page=0&size=1"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://diaonline.supermercadosdia.com.ar/api/catalog_system/pub/products/search?ft=7790290101602&_from=0&_to=10"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://diaonline.supermercadosdia.com.ar/api/catalog_system/pub/products/search?fq=alternateIds_Ean:7790290101602"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://diaonline.supermercadosdia.com.ar/api/catalog_system/pub/products/search?ft=fernet%20branca%20750&_from=0&_to=10"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://diaonline.supermercadosdia.com.ar/api/catalog_system/pub/products/search?ft=7790290101602&_from=0&_to=9"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://diaonline.supermercadosdia.com.ar/api/catalog_system/pub/products/search?ft=fernet%20BRANCA%20BOT%20750%20cc%20BOT-750-ml.&_from=0&_to=9"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/product/7790290101602"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/products?q=7790290101602&page=0&size=1"], decision="allow")
prefix_rule(pattern=["jq", ".items[0] | {bestStore,bestPrice,dia: .stores.DIA}"], decision="allow")
prefix_rule(pattern=["jq", "{ean,name,currentDIA: .currentPrices.DIA.online}"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/products?q=7790895005312&page=0&size=1"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.carrefour.com.ar/api/catalog_system/pub/products/search?fq=alternateIds_Ean:7790895005312"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/product/7790895005312"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://www.cotodigital.com.ar/rest/model/atg/actors/cProductoActor/getDescuentosMedioPago?idProducto=14450"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1750&q=7790895005312"], decision="allow")
prefix_rule(pattern=["jq", "{currentCarrefour: .currentPrices.Carrefour.online,currentCoto: .currentPrices.Coto.online}"], decision="allow")
prefix_rule(pattern=["jq", ".items[0] | {bestStore,bestPrice,carrefour: .stores.Carrefour,coto: .stores.Coto}"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7790895005312:2"], decision="allow")
prefix_rule(pattern=["chromium-browser", "--headless", "--no-sandbox", "--disable-gpu", "--virtual-time-budget=8000", "--dump-dom", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1813&q=7790895005312"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7790895005312:2&benefitChains=Carrefour"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/carrito.html?ts=20260309-1813&q=7790895005312"], decision="allow")
prefix_rule(pattern=["curl", "-I", "-sS", "https://webk.telegram.org/#@yapa_arg_bot"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/inspect_telegram_relay.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/open_yapa_relay.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/click_yapa_button.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/watch_yapa_relay.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/inspect_yapa_iframe.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/inspect_yapa_frame_world.js"], decision="allow")
prefix_rule(pattern=["curl", "-fsSL", "https://yapa.ar/webapp"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "tmpf=$(mktemp); curl -fsSL 'https://yapa.ar/webapp' > \"$tmpf\"; rg -n \"fetch\\(|axios|XMLHttpRequest|https?://|api/|graphql|supabase|firebase|telegram|open\\(|window\\.open|location\\.href|BarcodeDetector|compare|search|price|prices|supermarket|jumbo|carrefour|dia|disco|vea|coto|changomas\" \"$tmpf\" | sed -n '1,260p'; rm -f \"$tmpf\""], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/user/profile"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7790895000232:1&mode=any&maxStores=3"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "http://127.0.0.1:3005/cart/cheapest?items=7790895000232:1&mode=online&maxStores=0"], decision="allow")
prefix_rule(pattern=["ps", "-p", "186799", "-o", "lstart,cmd"], decision="allow")
prefix_rule(pattern=["sudo", "-n", "systemctl", "restart", "product-search-server.service"], decision="allow")
prefix_rule(pattern=["sudo", "-n", "journalctl", "-u", "product-search-server.service"], decision="allow")
prefix_rule(pattern=["jq", "{mode,maxStores,bestPlan,singleStore:(.singleStore|map({routeKey,grandTotal,shippingTotal,itemTotal})[:4])}"], decision="allow")
prefix_rule(pattern=["jq", "{keys:(keys), singleStoreSample:(.singleStore[0]), comboCount:(.comboPlans|length), bestPlan:(.bestPlan|{routeCount,total,shippingTotal,shippingIncomplete})}"], decision="allow")
prefix_rule(pattern=["jq", "{mode,maxStores,bestPlan:(.bestPlan|{routeCount,total,shippingTotal,shippingIncomplete,routesUsed}), comboCount:(.comboPlans|length), firstCombo:(.comboPlans[0]|{routeCount,total,shippingTotal,shippingIncomplete})}"], decision="allow")
prefix_rule(pattern=["jq", "{channelMode,maxStores,shipping:{DIA:.shipping.DIA},paymentMethods,cards,sessionStatus:{DIA:.sessionStatus.DIA,Carrefour:.sessionStatus.Carrefour}}"], decision="allow")
prefix_rule(pattern=["sudo", "-n", "perl", "-0pi", "-e"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/user/profile"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/super-ranking/carrito.js?v=20260309-planner1"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "https://miopenclaw-vnic.tail9799d2.ts.net/preview/products-api/cart/cheapest?items=7790895000232:1,7793704000881:1&mode=online&maxStores=0"], decision="allow")
prefix_rule(pattern=["jq", "{updatedAt,phase,status,urls:{carrito:.urls.carrito,apiUserProfile:.urls.apiUserProfile}}"], decision="allow")
prefix_rule(pattern=["jq", "{channelMode,maxStores,paymentMethods,cards,shipping}"], decision="allow")
prefix_rule(pattern=["bw", "status"], decision="allow")
prefix_rule(pattern=["bw", "list", "items", "--nointeraction"], decision="allow")
prefix_rule(pattern=["sudo", "-n", "systemctl", "cat", "product-search-server.service"], decision="allow")
prefix_rule(pattern=["jq", "{channelMode,maxStores,credentialStatus,storeAccounts}"], decision="allow")
prefix_rule(pattern=["curl", "-fsS", "-X", "POST", "http://127.0.0.1:3005/user/profile/sync-bitwarden", "-H", "Content-Type: application/json"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "-X", "POST", "http://127.0.0.1:3005/user/profile/sync-bitwarden"], decision="allow")
prefix_rule(pattern=["jq", "{linkedChains, readyChains:[(.profile.credentialStatus // {}) | to_entries[] | select(.value.ready) | .key], labels:[(.profile.storeAccounts // {}) | to_entries[] | select(.value.credentialProvider == \"bitwarden\") | {chain:.key,label:.value.credentialLabel,loginUser:.value.loginUser}]}"], decision="allow")
prefix_rule(pattern=["jq", "{credentialReady:[(.credentialStatus // {}) | to_entries[] | select(.value.ready) | .key], providers:[(.storeAccounts // {}) | to_entries[] | select(.value.credentialProvider != \"\") | {chain:.key,provider:.value.credentialProvider,label:.value.credentialLabel}]}"], decision="allow")
prefix_rule(pattern=["jq", "{updatedAt,phase,status,urls:{carrito:.urls.carrito,apiBitwardenSync:.urls.apiBitwardenSync}}"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "-X", "POST", "http://127.0.0.1:3005/user/session-refresh", "-H", "Content-Type: application/json", "-d", "{\"chain\":\"Jumbo\"}"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "-X", "POST", "http://127.0.0.1:3005/user/session-refresh", "-H", "Content-Type: application/json", "-d", "{\"chain\":\"DIA\"}"], decision="allow")
prefix_rule(pattern=["sleep", "2"], decision="allow")
prefix_rule(pattern=["sudo", "systemctl", "status"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/inspect_dia_auth_flow.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/open_fresh_dia_login_popup.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/dump_fresh_dia_login_page.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/find_fresh_dia_cta.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/open_fresh_dia_login_popup2.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/open_fresh_dia_login_popup3.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/open_fresh_dia_login_popup4.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/click_fresh_dia_button_js.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/trace_dia_click_side_effects.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/capture_dia_startlogin.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/capture_dia_providers.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/dia_relay_login_and_export.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/scripts/dia_export_cookies.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/scripts/dia_fetch_orders_http.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/dia_fill_auth_popup.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/list_dia_targets.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/tmp/dia_watch_session.js"], decision="allow")
prefix_rule(pattern=["node", "/home/ubuntu/.openclaw/workspace/scripts/refresh_linked_store_session.js"], decision="allow")
prefix_rule(pattern=["sudo", "tailscale", "status"], decision="allow")
prefix_rule(pattern=["sudo", "tailscale", "exit-node"], decision="allow")
prefix_rule(pattern=["sudo", "tailscale", "set"], decision="allow")
prefix_rule(pattern=["openclaw", "update"], decision="allow")
prefix_rule(pattern=["sudo", "/usr/bin/node", "/usr/lib/node_modules/npm/bin/npm-cli.js", "install", "-g", "--prefix", "/usr", "openclaw@latest"], decision="allow")
prefix_rule(pattern=["openclaw", "plugins", "update", "--all"], decision="allow")
prefix_rule(pattern=["openclaw", "doctor", "--non-interactive"], decision="allow")
prefix_rule(pattern=["systemctl", "--user", "daemon-reload"], decision="allow")
prefix_rule(pattern=["openclaw", "gateway", "status", "--no-probe", "--json"], decision="allow")
prefix_rule(pattern=["openclaw", "gateway", "health", "--json"], decision="allow")
prefix_rule(pattern=["openclaw", "gateway", "status", "--json"], decision="allow")
prefix_rule(pattern=["openclaw", "plugins", "install", "@blockrun/clawrouter@latest"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "KEY=$(jq -r '.auth.OPENAI_API_KEY' /home/ubuntu/.openclaw/openclaw.json); curl -sS https://api.openai.com/v1/models -H \"Authorization: Bearer $KEY\" -H 'Content-Type: application/json' | jq -r '.data[].id' | rg '^(gpt-5|chatgpt|codex)' | sort -u"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "KEY=$(jq -r '.auth.OPENAI_API_KEY' /home/ubuntu/.openclaw/openclaw.json); curl -sS https://api.openai.com/v1/models -H \"Authorization: Bearer $KEY\" -H 'Content-Type: application/json' | jq '{error, data_count:(.data|length?)}'"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "KEY=$(jq -r '.auth[\"OPENAI_API_KEY\"]' /home/ubuntu/.openclaw/openclaw.json); curl -sS https://api.openai.com/v1/models -H \"Authorization: Bearer $KEY\" -H 'Content-Type: application/json' | jq -r 'if .error then \"ERROR: \" + (.error.message // \"unknown\") else .data[].id end' | rg '^(gpt-5|chatgpt|codex)|^ERROR:' | sort -u"], decision="allow")
prefix_rule(pattern=["openclaw", "models", "auth", "login", "--provider", "openai-codex"], decision="allow")
prefix_rule(pattern=["sudo", "python3", "/home/ubuntu/.openclaw/workspace/scripts/reapply_subagent_transcript_fix.py"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n --hidden -S \"openclaw|browser relay|gateway.auth.token|OPENCLAW_GATEWAY_TOKEN|hermes\" /home/ubuntu 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"browser relay|relay|gateway|openclaw|chrome|playwright|browser\" /home/ubuntu/hermes-workspace /home/ubuntu/.openclaw /home/ubuntu/openclaw-workspace 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg --files /home/ubuntu/hermes-workspace /home/ubuntu/.openclaw /home/ubuntu/openclaw-workspace 2>/dev/null | rg \"(README|readme|config|env|gateway|relay|browser|chrome|playwright|server|docker-compose|compose)\""], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "which openclaw hermes oc 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S --glob '!**/node_modules/**' --glob '!**/dist/**' --glob '!**/.git/**' \"gateway.auth.token|OPENCLAW_GATEWAY_TOKEN|browser relay|relayServer|browser_relay|browserRelay|gateway token|remote gateway|playwright|chrome-extension|18792|127.0.0.1:18792|browser\" /home/ubuntu/hermes-workspace /home/ubuntu/.openclaw /home/ubuntu/openclaw-workspace 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "find /home/ubuntu -maxdepth 4 \\( -name \"openclaw*.json\" -o -name \"*hermes*.json\" -o -name \".env*\" -o -name \"config*.json\" -o -name \"*.yaml\" -o -name \"*.yml\" \\) 2>/dev/null | rg \"(openclaw|hermes|gateway|relay|browser|env)\""], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S --glob '!**/node_modules/**' --glob '!**/dist/**' --glob '!**/.git/**' \"browser relay|relay not reachable|gateway.auth.token|OPENCLAW_GATEWAY_TOKEN|18792|chrome-extension|toolbar button|relay connection|remote gateway|gateway.remote|browser_relay|browser relay actually\" /home/ubuntu/openclaw-src-v2026.3.22 /home/ubuntu/.openclaw.pre-migration 2>/dev/null"], decision="allow")
prefix_rule(pattern=["openclaw", "browser", "profiles"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S --glob '!**/node_modules/**' --glob '!**/dist/**' --glob '!**/.git/**' \"toolsets:|browser:|playwright|mcp|websocket|gateway|profile|extension|allowHostControl|target=\\\"host\\\"|browser tool|browser_navigate|browser server\" /home/ubuntu/hermes-agent /home/ubuntu/.hermes/hermes-agent /home/ubuntu/hermes-workspace 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S --glob '!**/node_modules/**' --glob '!**/dist/**' --glob '!**/.git/**' \"connect_over_cdp|connectOverCDP|cdp_url|cdp-url|browser profile|existing-session|chromium.connect|playwright.*connect|browser_navigate|browser_snapshot|browser tool\" /home/ubuntu/.hermes/hermes-agent /home/ubuntu/hermes-agent 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S --glob '!**/node_modules/**' --glob '!**/dist/**' --glob '!**/.git/**' \"json/version|webSocketDebuggerUrl|/cdp|x-openclaw-relay-token|browser extension|relayBindHost|gateway \\+ 3|18792|chrome.debugger|/extension\" /home/ubuntu/openclaw-src-v2026.3.22 2>/dev/null"], decision="allow")
prefix_rule(pattern=["openclaw", "browser", "--help"], decision="allow")
prefix_rule(pattern=["openclaw", "browser", "extension", "--help"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"x-openclaw-relay-token|/extension|/cdp|relay token|browser extension relay|Extension Relay|extension origin|chrome.debugger\" /home/ubuntu/openclaw-src-v2026.3.22/src /home/ubuntu/openclaw-src-v2026.3.22/apps /home/ubuntu/openclaw-src-v2026.3.22/docs 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"BROWSER_CDP_URL|_get_cdp_override|connect_over_cdp|connect_over_cdp|chromium.connect_over_cdp|webSocketDebuggerUrl\" /home/ubuntu/.hermes/hermes-agent/tools/browser_tool.py 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"connect_over_cdp|connect_over_cdp|cdp_url\" /home/ubuntu/.hermes/hermes-agent/tools /home/ubuntu/.hermes/hermes-agent 2>/dev/null"], decision="allow")
prefix_rule(pattern=["openclaw", "browser", "create-profile", "--help"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"relay-token|openclaw-relay-token|query.*token|searchParams.*token|/cdp\\?token|token=abc|authorize.*cdp|authorization.*cdp\" /home/ubuntu/openclaw-src-v2026.3.22/src/browser /home/ubuntu/openclaw-src-v2026.3.22/src 2>/dev/null"], decision="allow")
prefix_rule(pattern=["ps", "-ef"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"installBrowserAuthMiddleware|req.query.*token|x-openclaw-relay-token|authorization.*Bearer|query token\" /home/ubuntu/openclaw-src-v2026.3.22/src/browser 2>/dev/null"], decision="allow")
prefix_rule(pattern=["sort"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"x-openclaw-relay-token|chrome\\.debugger|relay.*token|browser relay|Chrome extension|/extension|/cdp\" /home/ubuntu/openclaw-src-v2026.3.22/src/browser /home/ubuntu/openclaw-src-v2026.3.22/apps /home/ubuntu/openclaw-src-v2026.3.22/docs/tools /home/ubuntu/openclaw-src-v2026.3.22/docs 2>/dev/null"], decision="allow")
prefix_rule(pattern=["openclaw", "doctor", "--help"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"browser\\.cdp_url|cdp_url\" /home/ubuntu/.hermes/hermes-agent /home/ubuntu/hermes-agent 2>/dev/null | rg \"config|yaml|browser|migration|cli\""], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S \"driver: \\\"extension\\\"|existing-session|relayBindHost|browser\\.profiles\\.|Chrome MCP\" /home/ubuntu/.openclaw.pre-migration /home/ubuntu/openclaw-src-v2026.3.22 /home/ubuntu 2>/dev/null"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S '\"driver\"\\s*:\\s*\"extension\"|relayBindHost|browser|profiles|cdpUrl' /home/ubuntu/.openclaw.pre-migration/openclaw.json 2>/dev/null"], decision="allow")
prefix_rule(pattern=["hostname", "-I"], decision="allow")
prefix_rule(pattern=["hermes", "gateway", "--help"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "which tailscale 2>/dev/null && tailscale ip -4 || true"], decision="allow")
prefix_rule(pattern=["hostname", "-f"], decision="allow")
prefix_rule(pattern=["ss", "-tln"], decision="allow")
prefix_rule(pattern=["hermes", "gateway", "status"], decision="allow")
prefix_rule(pattern=["systemctl", "--user", "status", "hermes-gateway", "--no-pager"], decision="allow")
prefix_rule(pattern=["hermes", "gateway", "restart"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "--max-time", "5", "http://127.0.0.1:9223/json/version"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n -S '\"hermes-cli\"|\"browser\"|hermes-cli|browser_navigate' /home/ubuntu/.hermes/hermes-agent/toolsets.py /home/ubuntu/.hermes/hermes-agent/toolset_distributions.py 2>/dev/null"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "--max-time", "8", "http://127.0.0.1:9223/json/new?https://www.lanacion.com.ar/"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "--max-time", "8", "http://127.0.0.1:9223/json/list"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "-X", "PUT", "--max-time", "8", "http://127.0.0.1:9223/json/new?https://www.lanacion.com.ar/"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "--max-time"], decision="allow")
prefix_rule(pattern=["bash", "-lc", "command -v node; command -v python3; command -v websocat; node -v 2>/dev/null || true"], decision="allow")
prefix_rule(pattern=["node", "-e", "const ws = new WebSocket(\"ws://127.0.0.1:9223/devtools/page/41B7B6907E65F0A5378C964DE649F946\"); const expr = `(() => { const before = window.scrollY; window.scrollBy(0, 1200); return JSON.stringify({ before, after: window.scrollY, h: document.documentElement.scrollHeight, ih: window.innerHeight, title: document.title }); })()`; ws.addEventListener(\"open\", () => { ws.send(JSON.stringify({ id: 1, method: \"Runtime.evaluate\", params: { expression: expr, returnByValue: true, userGesture: true } })); }); ws.addEventListener(\"message\", (ev) => { console.log(ev.data.toString()); ws.close(); process.exit(0); }); ws.addEventListener(\"error\", (err) => { console.error(String(err.message || err)); process.exit(1); }); setTimeout(() => { console.error(\"timeout\"); process.exit(2); }, 5000);"], decision="allow")
prefix_rule(pattern=["systemctl", "--user", "status"], decision="allow")
prefix_rule(pattern=["journalctl", "--user", "-u"], decision="allow")
prefix_rule(pattern=["systemctl", "--user", "restart"], decision="allow")
prefix_rule(pattern=["node", "-e", "const ws = new WebSocket(\"ws://127.0.0.1:9223/devtools/page/41B7B6907E65F0A5378C964DE649F946\"); const expr = `JSON.stringify({title: document.title, href: location.href, y: window.scrollY})`; ws.addEventListener(\"open\", () => { ws.send(JSON.stringify({ id: 1, method: \"Runtime.evaluate\", params: { expression: expr, returnByValue: true } })); }); ws.addEventListener(\"message\", (ev) => { console.log(ev.data.toString()); ws.close(); process.exit(0); }); ws.addEventListener(\"error\", (err) => { console.error(String(err.message || err)); process.exit(1); }); setTimeout(() => { console.error(\"timeout\"); process.exit(2); }, 5000);"], decision="allow")
prefix_rule(pattern=["node", "-e", "const ws = new WebSocket(\"ws://127.0.0.1:9223/devtools/page/41B7B6907E65F0A5378C964DE649F946\"); const expr = `(async () => { const sleep = ms => new Promise(r => setTimeout(r, ms)); let stable = 0; let loops = 0; let lastY = -1; while (loops < 40 && stable < 4) { window.scrollTo(0, document.documentElement.scrollHeight); await sleep(700); const y = window.scrollY; if (y === lastY) stable++; else stable = 0; lastY = y; loops++; } return JSON.stringify({ title: document.title, href: location.href, y: window.scrollY, h: document.documentElement.scrollHeight, ih: window.innerHeight, loops, stable }); })()`; ws.addEventListener(\"open\", () => { ws.send(JSON.stringify({ id: 1, method: \"Runtime.evaluate\", params: { expression: expr, returnByValue: true, awaitPromise: true, userGesture: true } })); }); ws.addEventListener(\"message\", ev => { console.log(ev.data.toString()); ws.close(); process.exit(0); }); ws.addEventListener(\"error\", err => { console.error(String(err.message || err)); process.exit(1); }); setTimeout(() => { console.error(\"timeout\"); process.exit(2); }, 35000);"], decision="allow")
prefix_rule(pattern=["lscpu"], decision="allow")
prefix_rule(pattern=["lsblk", "-o", "NAME,SIZE,TYPE,MOUNTPOINT,FSTYPE"], decision="allow")
prefix_rule(pattern=["df", "-h"], decision="allow")
prefix_rule(pattern=["free", "-h"], decision="allow")
prefix_rule(pattern=["uptime"], decision="allow")
prefix_rule(pattern=["curl", "-s", "-H", "Authorization: Bearer Oracle", "http://169.254.169.254/opc/v2/instance/"], decision="allow")
prefix_rule(pattern=["systemd-detect-virt"], decision="allow")
prefix_rule(pattern=["ps", "-eo", "pid,comm,%cpu,%mem,rss", "--sort=-%mem"], decision="allow")
prefix_rule(pattern=["swapon", "--show"], decision="allow")
prefix_rule(pattern=["ollama", "--version"], decision="allow")
prefix_rule(pattern=["readlink", "-f", "/sys/class/drm/card0/device/driver"], decision="allow")
prefix_rule(pattern=["ss", "-tlnp"], decision="allow")
prefix_rule(pattern=["jq", "{session_id,last_updated,keys:(keys)}", "/home/ubuntu/.hermes/sessions/session_5edbfabe-0314-420f-9a55-178578669529.json"], decision="allow")
prefix_rule(pattern=["jq", "-r", ".. | objects | select(has(\"role\") and has(\"content\")) | [.role, (.status // \"\"), (.content|tostring)] | @tsv", "/home/ubuntu/.hermes/sessions/session_5edbfabe-0314-420f-9a55-178578669529.json"], decision="allow")
prefix_rule(pattern=["sqlite3", "/home/ubuntu/.hermes/hermes_state.db", "select id,title,updated_at from sessions where title='hi' order by updated_at desc limit 20;"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "sed -n '1,180p' /home/ubuntu/hermes-workspace/src/routes/chat/$sessionKey.tsx"], decision="allow")
prefix_rule(pattern=["sqlite3", "/home/ubuntu/.hermes/hermes_state.db", ".tables"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "grep -R \"hermes_pending_msg_\\|hermes-last-session\" -n /home/ubuntu/.config /home/ubuntu/.cache /home/ubuntu 2>/dev/null | head -n 80"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "for f in /home/ubuntu/.hermes/sessions/session_{f53f2b14-de5c-4f83-9e38-633ccc94fe8a,ebe3f5ed-f4b1-4822-91eb-ef3b74b10eb9,ea1acab8-ed97-4f62-86c0-15b7a2f6211d,ed69df4d-e638-4671-ad77-e9052c7782c2}.json; do echo \"FILE:$f\"; jq -r '[.session_id, .last_updated, (.messages[0].content // \"\"), (.messages[1].content // \"\")] | @tsv' \"$f\"; done"], decision="allow")
prefix_rule(pattern=["jq", "-r", ".messages | length, (.messages[] | [.role, (.content|tostring)] | @tsv)", "/home/ubuntu/.hermes/sessions/session_ea1acab8-ed97-4f62-86c0-15b7a2f6211d.json"], decision="allow")
prefix_rule(pattern=["jq", "-r", ".messages | length, (.messages[] | [.role, (.content|tostring)] | @tsv)", "/home/ubuntu/.hermes/sessions/session_f53f2b14-de5c-4f83-9e38-633ccc94fe8a.json"], decision="allow")
prefix_rule(pattern=["curl", "-i", "-s", "http://127.0.0.1:3000/api/gateway-status"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "for f in /home/ubuntu/.hermes/sessions/session_{231c1b87-ddad-45ec-8f4f-22c045ac720f,6ff4e5b4-ad77-4d2b-9fa2-36c150838f14,509f82f2-9106-4ec5-b2de-bc2f536f1da1}.json; do echo \"FILE:$f\"; jq -r '[.session_id, .last_updated, (.messages[0].content // \"\"), (.messages[1].content // \"\")] | @tsv' \"$f\"; done"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "http://127.0.0.1:3001/health"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "http://127.0.0.1:3001/"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "http://127.0.0.1:3010/health"], decision="allow")
prefix_rule(pattern=["curl", "-sS", "http://127.0.0.1:3001/api/models"], decision="allow")
prefix_rule(pattern=["/home/ubuntu/.hermes/hermes-agent/venv/bin/python", "-m", "pytest"], decision="allow")
prefix_rule(pattern=["node", "--check", "/home/ubuntu/hermes-webui/static/ui.js"], decision="allow")
prefix_rule(pattern=["node", "--check", "/home/ubuntu/hermes-webui/static/panels.js"], decision="allow")
prefix_rule(pattern=["node", "--check", "/home/ubuntu/hermes-webui/static/boot.js"], decision="allow")
prefix_rule(pattern=["systemctl", "restart"], decision="allow")
prefix_rule(pattern=["sudo", "systemctl", "restart", "hermes-webui"], decision="allow")
prefix_rule(pattern=["systemctl", "cat", "hermes-webui"], decision="allow")
prefix_rule(pattern=["awk", "NR>=20&&NR<=30{line=$0; sub(/=.*/,\"=<redacted>\",line); print NR \":\" line}", "/home/ubuntu/.hermes/.env"], decision="allow")
prefix_rule(pattern=["sed", "s/=.*$/=<redacted>/"], decision="allow")
prefix_rule(pattern=["node", "--check", "/home/ubuntu/hermes-webui/static/messages.js"], decision="allow")
prefix_rule(pattern=["/home/ubuntu/.hermes/hermes-agent/venv/bin/python"], decision="allow")
prefix_rule(pattern=["node", "--check"], decision="allow")
prefix_rule(pattern=["curl", "-sS"], decision="allow")
prefix_rule(pattern=["python3", "-m", "py_compile"], decision="allow")
prefix_rule(pattern=["sleep", "3"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "rg -n \"smart_model_routing|cheap_model|fallback_model|fallback_providers\" /home/ubuntu/.hermes/hermes-agent /home/ubuntu/hermes-webui 2>/dev/null"], decision="allow")
prefix_rule(pattern=["kill", "1817837"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "cd /home/ubuntu/hermes-webui && HERMES_WEBUI_HOST=0.0.0.0 HERMES_WEBUI_PORT=3010 /home/ubuntu/.hermes/hermes-agent/venv/bin/python server.py > /tmp/webui.log 2>&1 &"], decision="allow")
prefix_rule(pattern=["pytest", "-q", "tests/test_sprint12.py"], decision="allow")
prefix_rule(pattern=["npm", "run", "build"], decision="allow")
prefix_rule(pattern=["npm", "test"], decision="allow")
prefix_rule(pattern=["python3", "-m", "pytest", "-q", "tests/test_sprint12.py"], decision="allow")
prefix_rule(pattern=["npm", "run", "dev"], decision="allow")
prefix_rule(pattern=["git", "remote", "-v"], decision="allow")
prefix_rule(pattern=["git", "remote", "get-url", "origin"], decision="allow")
prefix_rule(pattern=["test", "-x", "/home/ubuntu/hermes-agent/venv/bin/python"], decision="allow")
prefix_rule(pattern=["git", "remote", "add", "workspace"], decision="allow")
prefix_rule(pattern=["git", "fetch"], decision="allow")
prefix_rule(pattern=["git", "grep", "-n", "/api/sessions\\|/api/skills\\|/api/memory\\|/api/config", "workspace/main", "--", "gateway/platforms/api_server.py"], decision="allow")
prefix_rule(pattern=["git", "grep", "-n", "/api/sessions\\|/api/skills\\|/api/memory\\|/api/config", "workspace/pr/api-server-endpoints", "--", "gateway/platforms/api_server.py"], decision="allow")
prefix_rule(pattern=["git", "switch", "-C", "workspace-main", "--track", "workspace/main"], decision="allow")
prefix_rule(pattern=["./venv/bin/pip", "install", "-e", "."], decision="allow")
prefix_rule(pattern=["python3", "-m", "venv", "venv"], decision="allow")
prefix_rule(pattern=["/home/ubuntu/hermes-agent/venv/bin/python", "cli.py", "--gateway"], decision="allow")
prefix_rule(pattern=["test", "-f", "/home/ubuntu/.hermes/auth-profiles.json"], decision="allow")
prefix_rule(pattern=["curl", "-i", "-sS"], decision="allow")
prefix_rule(pattern=["codex", "--version"], decision="allow")
prefix_rule(pattern=["readlink", "-f", "/home/ubuntu/.local/bin/codex"], decision="allow")
prefix_rule(pattern=["npm", "list", "-g", "@openai/codex", "--depth=0"], decision="allow")
prefix_rule(pattern=["npm", "view", "@openai/codex", "version"], decision="allow")
prefix_rule(pattern=["npm", "install", "-g", "@openai/codex@latest"], decision="allow")
prefix_rule(pattern=["systemctl", "--failed"], decision="allow")
prefix_rule(pattern=["systemctl", "list-units"], decision="allow")
prefix_rule(pattern=["docker", "ps"], decision="allow")
prefix_rule(pattern=["pm2", "list"], decision="allow")
prefix_rule(pattern=["docker", "compose", "ls"], decision="allow")
prefix_rule(pattern=["journalctl", "-xe"], decision="allow")
prefix_rule(pattern=["docker", "logs"], decision="allow")
prefix_rule(pattern=["tailscale", "status"], decision="allow")
prefix_rule(pattern=["systemctl", "cat"], decision="allow")
prefix_rule(pattern=["journalctl", "--user"], decision="allow")
prefix_rule(pattern=["systemctl", "--user"], decision="allow")
prefix_rule(pattern=["awk", "NR>=430 && NR<=520 { line=$0; if (line ~ /(token|key|secret|password|api_key)/i) sub(/:.*/, \": <redacted>\", line); print NR \":\" line }", "/home/ubuntu/.hermes/config.yaml"], decision="allow")
prefix_rule(pattern=["awk", "BEGIN{IGNORECASE=1} /API_SERVER|MESSAGING_CWD|TELEGRAM|DISCORD/ { line=$0; if (line ~ /(TOKEN|KEY|SECRET|PASSWORD)/) sub(/=.*/, \"=<redacted>\", line); print line }", "/home/ubuntu/.hermes/.env"], decision="allow")
prefix_rule(pattern=["getent", "hosts"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/.hermes"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/.openclaw"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/.config/systemd/user"], decision="allow")
prefix_rule(pattern=["sed", "-n"], decision="allow")
prefix_rule(pattern=["perl", "-0pi"], decision="allow")
prefix_rule(pattern=["kill", "2931124"], decision="allow")
prefix_rule(pattern=["rg", "-n"], decision="allow")
prefix_rule(pattern=["kill", "2934071"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "XDG_RUNTIME_DIR=/run/user/1001 systemctl --user start hermes-gateway.service"], decision="allow")
prefix_rule(pattern=["sleep", "8"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/hermes-webui"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/hermes-workspace/src", "-maxdepth", "4", "-type", "f"], decision="allow")
prefix_rule(pattern=["git", "-C", "/home/ubuntu/hermes-workspace", "status", "--short"], decision="allow")
prefix_rule(pattern=["stat", "/home/ubuntu/.hermes/.env", "/home/ubuntu/.hermes/config.yaml"], decision="allow")
prefix_rule(pattern=["git", "-C", "/home/ubuntu/.hermes/hermes-agent", "status", "--short"], decision="allow")
prefix_rule(pattern=["curl", "-N"], decision="allow")
prefix_rule(pattern=["kill", "2942208"], decision="allow")
prefix_rule(pattern=["tail", "-120", "/home/ubuntu/.hermes/logs/agent.log"], decision="allow")
prefix_rule(pattern=["tail", "-120", "/home/ubuntu/.hermes/logs/errors.log"], decision="allow")
prefix_rule(pattern=["tail", "-120", "/home/ubuntu/.hermes/logs/gateway.log"], decision="allow")
prefix_rule(pattern=["tail", "-120", "/home/ubuntu/.hermes/logs/mcp-stderr.log"], decision="allow")
prefix_rule(pattern=["kill", "2942826", "2942832", "2942844", "2942845"], decision="allow")
prefix_rule(pattern=["kill", "2937657"], decision="allow")
prefix_rule(pattern=["kill", "-9", "2937657"], decision="allow")
prefix_rule(pattern=["kill", "-9", "2946267"], decision="allow")
prefix_rule(pattern=["printf", "/quit\\n"], decision="allow")
prefix_rule(pattern=["/home/ubuntu/.local/bin/hermes"], decision="allow")
prefix_rule(pattern=["command", "-v"], decision="allow")
prefix_rule(pattern=["rg", "--files"], decision="allow")
prefix_rule(pattern=["ls", "-lah"], decision="allow")
prefix_rule(pattern=["unzip", "-l"], decision="allow")
prefix_rule(pattern=["mkdir", "-p"], decision="allow")
prefix_rule(pattern=["unzip", "-q"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/assets/index.android.bundle"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/fitbit-hevy-spike/path-a-companion/app", "-maxdepth", "2", "-type", "f", "-print"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/hevy-sense2-companion-pr2/path-a-companion/companion", "-maxdepth", "2", "-type", "f", "-print"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/hevy-sense2-companion-pr2/path-a-companion/app", "-maxdepth", "2", "-type", "f", "-print"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/fitbit-hevy-spike/path-a-companion/companion", "-maxdepth", "2", "-type", "f", "-print"], decision="allow")
prefix_rule(pattern=["find", "/home/ubuntu/fitbit-hevy-spike/path-a-companion/resources", "-maxdepth", "2", "-type", "f", "-print"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/classes.dex"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/classes3.dex"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/classes2.dex"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/AndroidManifest.xml"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/classes4.dex"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/classes6.dex"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/classes7.dex"], decision="allow")
prefix_rule(pattern=["strings", "/tmp/hevy_apk_base/classes5.dex"], decision="allow")
prefix_rule(pattern=["git", "status"], decision="allow")
prefix_rule(pattern=["cp"], decision="allow")
prefix_rule(pattern=["unzip", "-p"], decision="allow")
prefix_rule(pattern=["npm", "run", "lint"], decision="allow")
prefix_rule(pattern=["unshare", "-Ur"], decision="allow")
prefix_rule(pattern=["sysctl"], decision="allow")
prefix_rule(pattern=["bwrap", "--unshare-user"], decision="allow")
prefix_rule(pattern=["aa-status"], decision="allow")
prefix_rule(pattern=["sudo", "-n"], decision="allow")
prefix_rule(pattern=["sudo", "-n", "aa-status"], decision="allow")
prefix_rule(pattern=["sudo", "apparmor_parser"], decision="allow")
prefix_rule(pattern=["kill", "84896"], decision="allow")
prefix_rule(pattern=["/bin/bash", "-lc", "nohup /home/linuxbrew/.linuxbrew/bin/python3 -m http.server 3002 --bind 0.0.0.0 > /tmp/hevy-download-3002.log 2>&1 &"], decision="allow")
prefix_rule(pattern=["sudo", "cp", "/home/ubuntu/hevy-download.nginx.conf", "/etc/nginx/sites-available/hevy-download"], decision="allow")
prefix_rule(pattern=["sudo", "ln", "-sf", "/etc/nginx/sites-available/hevy-download", "/etc/nginx/sites-enabled/hevy-download"], decision="allow")
prefix_rule(pattern=["sudo", "mkdir", "-p", "/var/www/hevy-download"], decision="allow")
prefix_rule(pattern=["sudo", "cp", "/home/ubuntu/hevy-download/index.html", "/home/ubuntu/hevy-download/hevy-companion-local-first-v0.3.1.fba", "/home/ubuntu/hevy-download/hevy-companion-icon-v0.3.1.png", "/home/ubuntu/hevy-download/hevy-companion-icon-v0.3.1.svg", "/home/ubuntu/hevy-download/hevy-companion-screenshot-336.png", "/home/ubuntu/hevy-download/hevy-companion-screenshot-336.svg", "/home/ubuntu/hevy-download/hevy-companion-source-v0.3.1.tar.gz", "/var/www/hevy-download/"], decision="allow")
prefix_rule(pattern=["sudo", "cp", "/home/ubuntu/hevy-download/CODEX_HANDOFF.md", "/var/www/hevy-download/CODEX_HANDOFF.md"], decision="allow")