From dc1aeeaf8bb119a8cbddca37ddac592d9ad4fc84 Mon Sep 17 00:00:00 2001
From: Xubin Ren <xubinrencs@gmail.com>
Date: Fri, 20 Mar 2026 17:24:40 +0000
Subject: [PATCH] docs: document exec tool enable and denyPatterns

Made-with: Cursor
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 8ac23a0..fec7963 100644
--- a/README.md
+++ b/README.md
@@ -1163,7 +1163,9 @@ MCP tools are automatically discovered and registered on startup. The LLM can us
 | Option | Default | Description |
 |--------|---------|-------------|
 | `tools.restrictToWorkspace` | `false` | When `true`, restricts **all** agent tools (shell, file read/write/edit, list) to the workspace directory. Prevents path traversal and out-of-scope access. |
+| `tools.exec.enable` | `true` | When `false`, the shell `exec` tool is not registered at all. Use this to completely disable shell command execution. |
 | `tools.exec.pathAppend` | `""` | Extra directories to append to `PATH` when running shell commands (e.g. `/usr/sbin` for `ufw`). |
+| `tools.exec.denyPatterns` | `null` | Optional regex blacklist for shell commands. Set this to override the default dangerous-command patterns used by `exec`. |
 | `channels.*.allowFrom` | `[]` (deny all) | Whitelist of user IDs. Empty denies all; use `["*"]` to allow everyone. |