Action Allowlist
Most terminal commands, code execution, and execution of MCP tools are considered to be sensitive actions, and Junie by default requires explicit approval from the user for executing them. With Action Allowlist, you can specify the actions and commands that Junie is allowed to always execute without user approval.
Brave Mode
You can authorize Junie to execute all potentially sensitive actions without user approval by switching to Brave Mode. However, using brave mode is not recommended. Opt for adding actions to the Action Allowlist whenever possible.
Types of Action Allowlist rules
For all sensitive actions, you can add a rule to the Action Allowlist. This will allow Junie to execute the action without user confirmation. Junie determines the following types of sensitive actions and the rules that correspond to them:
Type | Description |
|---|---|
Terminal | Allows Junie to run the specified terminal commands without user confirmation. |
RunTest | For JetBrains IDEs and languages where Junie can use the IDE’s functionality to run tests (namely, JVM in Intellij IDEA and C# in Rider), allows Junie to run tests from the current project without user confirmation. |
Build | For JetBrains IDEs and languages where Junie can use the IDE’s functionality to build the current project (namely, JVM in Intellij IDEA and C# in Rider), allows Junie to build the current project without user confirmation. |
Preview | For Android Studio and JetBrains IDEs that support Android and Compose development, allows Junie to use the IDE’s functionality to run the build or execute custom code without user confirmation. |
MCP | Allows Junie to execute MCP tools without user confirmation. |
Read outside project | Allows Junie to read files outside the configured project directory without user confirmation. |
Write outside project | Allows Junie to modify files outside the configured project directory without user confirmation. |
Edit build scripts | Allows Junie to edit build scripts for the current project without user confirmation. |
Regex syntax in terminal rules
Terminal rules can be added as:
Exact commands, for example
git status.Java regular expressions (Regex) covering multiple commands at a time, for example
^\Qgit diff \E\S+$.Standard regular expressions (Regex) covering multiple commands at a time, for example
^git diff \S+$.
You can add as many Terminal rules as you need to cover all commands that you want to be executed without confirmation.
Example 1: Allowing commands with a fixed number of arguments (one argument)
To match git show <argument>, use the following Java Regex:
where:
^\Qgit show \Ematchesgit showliterally, including the whitespace at the end.[^\s;&|<>@$]+matches exactly one argument (one or more characters), excluding whitespaces or special characters.Excluding whitespaces ensures that the expression doesn't match spaces between arguments.
Excluding
;,|, and&, ensures that multiple commands cannot be chained together, and excluding<,>,@, and$ensures that dangerous operations (redirects, variable expansion, etc.) cannot be enabled.+indicates that the expression must match at least once, sogit showwithout an argument won't match.
$matches the end of the line.
Example 2: Allowing commands with a fixed number of arguments (two arguments)
To match git cat-file <argument1> <argument2>, use the following Java Regex:
It's similar to the previous example, but with exactly two arguments allowed for git cat-file.
Example 3: Allowing commands with either one or none arguments
To match both git diff and git diff <argument>, use the following Java Regex:
It's similar to the previous two examples, except for the * quantifier instead of + at the end of the expression. This matches either zero or more characters for the argument.