{
  "permissions": {
    "allow": [
      "Bash",
      "Bash(cmake *)",
      "Bash(apt-cache *)",
      "Bash(cargo build *)",
      "Bash(cargo clippy *)",
      "Bash(cargo check *)"
    ],
    "deny": [
      "Bash(git push*)",
      "Bash(git push -f*)",
      "Bash(git commit --no-verify*)",
      "Bash(git commit -n*)",
      "Bash(git config --global*)",
      "Bash(sudo)",
      "Bash(sudo *)",
      "Bash(su)",
      "Bash(su *)",
      "Bash(doas *)",
      "Bash(curl *)",
      "Bash(wget *)",
      "Bash(ssh *)",
      "Bash(scp *)",
      "Bash(rsync *)",
      "Bash(nc *)",
      "Bash(ncat *)",
      "Bash(telnet *)",
      "Bash(ftp *)",
      "Bash(sftp *)",
      "Bash(ping *)",
      "Bash(rm -rf /)",
      "Bash(rm -rf /*)",
      "Bash(rm -rf ~)",
      "Bash(rm -rf ~/*)",
      "Bash(rm -rf $HOME*)",
      "Bash(rm -rf .)",
      "Bash(rm -rf ..)",
      "Bash(rm -rf *)",
      "Bash(dd *)",
      "Bash(mkfs*)",
      "Bash(fdisk *)",
      "Bash(parted *)",
      "Bash(mount *)",
      "Bash(umount *)",
      "Bash(shutdown*)",
      "Bash(reboot*)",
      "Bash(poweroff*)",
      "Bash(halt*)",
      "Bash(systemctl *)",
      "Bash(service *)",
      "Bash(crontab *)",
      "Bash(iptables *)",
      "Bash(chmod -R 777 *)",
      "Bash(chown -R *)"
    ]
  },
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "n=0; for name in xenia_canary xenia-rs; do pids=$(pgrep -x \"$name\" 2>/dev/null || true); if [ -n \"$pids\" ]; then cnt=$(echo \"$pids\" | wc -l); n=$((n + cnt)); kill $pids 2>/dev/null; sleep 0.2; kill -9 $pids 2>/dev/null || true; fi; done; if [ \"$n\" -gt 0 ]; then printf '{\"systemMessage\":\"Stop hook killed %d stale xenia process(es)\"}' \"$n\"; fi",
            "timeout": 5
          }
        ]
      }
    ]
  }
}