[FEATURE] Subcommand whitelisting

Resolved 💬 3 comments Opened May 5, 2026 by kreare Closed May 8, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Pleeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeese allow whitelisting the "real" subcommand without forcing users to whitelist the full command line, in example, an harmless php -l should be whitelisted as easy as php -l * allowing these forms:

for f in a b c d e ; do php -l $f ; done
cd test ; php -f foo.php
find app database tests -name "*.php" -newer routes/console.php 2>/dev/null | xargs -I{} php -l {} 2>&1 | grep -v "No syntax errors" | head -20

The command is exactly the same, the harmless php -l but has to be approved every single time or whitelisted in each form, that change almost every time.

Probably it's more like a bug than a feature request.

Proposed Solution

Please allow whitelisting the "real" command not shell loops, conditionals, redirects.....

Alternative Solutions

_No response_

Priority

High - Significant impact on productivity

Feature Category

Configuration and settings

Use Case Example

_No response_

Additional Context

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗