$ shellfirm
Context-Aware Protection

How Context-Aware Protection Works

shellfirm detects your runtime environment and adjusts protection accordingly

shellfirm does not treat every command invocation equally. Before evaluating a command, it inspects your runtime environment for signals that indicate elevated risk. These context signals directly influence the challenge difficulty and the computed risk level, so the same command can require a simple math problem on a feature branch but demand explicit "yes" confirmation on a production server.

Context detection flow

When you run a command, shellfirm performs context detection in the following order:

  1. SSH session -- checks for SSH_CONNECTION or SSH_TTY environment variables
  2. Root user -- checks whether EUID equals 0
  3. Git branch -- runs git rev-parse --abbrev-ref HEAD to get the current branch
  4. Kubernetes context -- runs kubectl config current-context to read the active cluster
  5. Environment variables -- checks NODE_ENV, RAILS_ENV, ENVIRONMENT, and any custom-configured variables for production values
  6. Risk level computation -- aggregates all detected signals into a single risk level

Signal reference

SignalDetection methodRisk levelDefault effect
SSH sessionSSH_CONNECTION or SSH_TTY env var presentElevatedChallenge escalated to Enter
Root user (uid 0)EUID=0 env varCriticalChallenge escalated to Yes
Protected git branchgit rev-parse --abbrev-ref HEAD matches main, master, production, or release/*CriticalChallenge escalated to Yes
Production k8s contextkubectl config current-context contains prod, production, prd, or liveCriticalChallenge escalated to Yes
NODE_ENV=productionEnvironment variable checkCriticalChallenge escalated to Yes
RAILS_ENV=productionEnvironment variable checkCriticalChallenge escalated to Yes
ENVIRONMENT=productionEnvironment variable checkCriticalChallenge escalated to Yes
Custom env varsConfigured in settings.yaml under context.production_env_varsCriticalChallenge escalated to Yes

Risk levels

shellfirm computes one of three risk levels from the detected signals:

  • Normal -- no risk signals detected. Challenges use the default type configured in your settings.
  • Elevated -- moderate signals detected (SSH session). Challenges are escalated to at least Enter.
  • Critical -- high-risk signals detected (root user, protected branch, production k8s context, production env vars). Challenges are escalated to at least Yes.

Context labels

Each detected signal produces a human-readable label that appears in the challenge banner:

Context Labels
ssh=true
root=true
branch=main
k8s=prod-us-east-1

These labels help you understand why shellfirm is being more cautious.

Configuration

All context detection is configurable in ~/.shellfirm/settings.yaml under the context key:

context:
  protected_branches:
    - main
    - master
    - production
    - "release/*"
  production_k8s_patterns:
    - prod
    - production
    - prd
    - live
  production_env_vars:
    NODE_ENV: production
    RAILS_ENV: production
    ENVIRONMENT: production
  escalation:
    elevated: Enter
    critical: Yes

Context detection is one of several escalation layers. Severity-based escalation, group/check-id overrides, and project policies also contribute. See Escalation Logic for the complete pipeline.

See individual pages in this section for detailed configuration of each signal type.

Context-Aware Protection

How shellfirm detects your environment and escalates protection automatically

SSH & Root Detection

How shellfirm detects SSH sessions and root users to increase protection

On this page

Context detection flowSignal referenceRisk levelsContext labelsConfiguration