shellfirm config

The config command manages shellfirm's user configuration. Running it with no subcommand opens an interactive menu.

Usage

shellfirm config [SUBCOMMAND]

Without a subcommand, opens an interactive menu showing all configurable sections with their current values.

Subcommands

show

Display a human-readable summary of the current configuration, including the config file path:

shellfirm config show

challenge

Set the default challenge type:

shellfirm config challenge [Math|Enter|Yes]

Without an argument, shows an interactive select prompt.

Examples:

shellfirm config challenge Yes      # Set directly
shellfirm config challenge          # Interactive select

severity

Set the minimum severity threshold:

shellfirm config severity [all|Info|Low|Medium|High|Critical]

Use all to clear the threshold (trigger on everything). Without an argument, shows an interactive select prompt.

Examples:

shellfirm config severity Medium    # Only Medium and above trigger
shellfirm config severity all       # Everything triggers
shellfirm config severity           # Interactive select

groups

Manage check groups:

shellfirm config groups [--enable <group>] [--disable <group>]

Flag	Description
`--enable <group>`	Enable a check group (repeatable)
`--disable <group>`	Disable a check group (repeatable)

Without flags, shows an interactive multi-select of all groups with their current state.

Examples:

shellfirm config groups --enable aws --disable heroku
shellfirm config groups --disable fs-strict --disable git-strict
shellfirm config groups             # Interactive multi-select

ignore

Manage ignored pattern IDs (patterns that never trigger):

shellfirm config ignore <pattern-id>
shellfirm config ignore --remove <pattern-id>
shellfirm config ignore --list

Flag	Description
`--remove`	Remove a pattern from the ignore list
`--list`	Show all currently ignored patterns

Examples:

shellfirm config ignore git:interactive_rebase
shellfirm config ignore --remove git:interactive_rebase
shellfirm config ignore --list

deny

Manage denied pattern IDs (patterns blocked without a challenge):

shellfirm config deny <pattern-id>
shellfirm config deny --remove <pattern-id>
shellfirm config deny --list

Flag	Description
`--remove`	Remove a pattern from the deny list
`--list`	Show all currently denied patterns

Examples:

shellfirm config deny kubernetes:delete_namespace
shellfirm config deny --remove kubernetes:delete_namespace
shellfirm config deny --list

llm

Configure LLM analysis settings:

shellfirm config llm [OPTIONS]

Flag	Description
`--provider <provider>`	LLM provider (`anthropic` or `openai-compatible`)
`--model <model>`	Model ID
`--base-url <url>`	Custom API base URL
`--timeout <ms>`	Request timeout in milliseconds

Without flags, shows interactive prompts for each field.

Examples:

shellfirm config llm --provider anthropic --model claude-sonnet-4-20250514
shellfirm config llm --timeout 10000
shellfirm config llm               # Interactive prompts

escalation

Manage challenge escalation settings (severity-based, per-group, per-check-id):

shellfirm config escalation [SUBCOMMAND]

Without a subcommand, shows the current escalation configuration.

escalation severity

Configure severity-based challenge escalation:

shellfirm config escalation severity [OPTIONS]

Flag	Description
`--enabled <true\|false>`	Enable or disable severity escalation
`--critical <challenge>`	Challenge floor for Critical severity
`--high <challenge>`	Challenge floor for High severity
`--medium <challenge>`	Challenge floor for Medium severity
`--low <challenge>`	Challenge floor for Low severity
`--info <challenge>`	Challenge floor for Info severity

Examples:

shellfirm config escalation severity --high Yes        # High severity → Yes
shellfirm config escalation severity --enabled false   # Disable severity escalation

escalation group

Manage per-group challenge overrides:

shellfirm config escalation group [<name> <challenge>] [--remove <name>] [--list]

Argument/Flag	Description
`<name> <challenge>`	Set a minimum challenge for all checks in the named group
`--remove <name>`	Remove the override for the named group
`--list`	Show all group overrides

Examples:

shellfirm config escalation group fs Yes              # All fs checks → Yes
shellfirm config escalation group --remove fs         # Remove fs override
shellfirm config escalation group --list              # Show all overrides

escalation check

Manage per-check-id challenge overrides:

shellfirm config escalation check [<id> <challenge>] [--remove <id>] [--list]

Argument/Flag	Description
`<id> <challenge>`	Set a minimum challenge for a specific check ID
`--remove <id>`	Remove the override for the named check
`--list`	Show all check overrides

Examples:

shellfirm config escalation check git:force_push Yes  # Specific check → Yes
shellfirm config escalation check --remove git:force_push
shellfirm config escalation check --list

context

Configure context-aware protection settings (protected branches, production k8s patterns, sensitive paths, escalation levels):

shellfirm config context

Opens an interactive sub-menu for managing context settings.

edit

Open the settings file in your $EDITOR:

shellfirm config edit

reset

Reset configuration to defaults:

shellfirm config reset

This offers two options interactively:

Replace -- overwrite the current settings with defaults
Backup and replace -- save the current settings to a .bak file, then create fresh defaults

Error handling

Invalid values for themed subcommands produce helpful error messages:

shellfirm config challenge Foo
# Error: invalid challenge type: 'Foo'
#
# Valid options: Math, Enter, Yes

Usage

Subcommands

show

challenge

severity

groups

ignore

deny

llm

escalation

escalation severity

escalation group

escalation check

context

edit

reset

Error handling

On this page