SLB — Simultaneous Launch Button
A Go CLI that implements a two-person rule for running potentially destructive commands from AI coding agents. When an agent wants to run something risky (e.g., rm -rf, git push --force, kubectl delete, DROP TABLE), SLB requires peer review and explicit approval before execution.
Why This Exists
Coding agents can get tunnel vision, hallucinate, or misunderstand context. A second reviewer (ideally with a different model/tooling) catches mistakes before they become irreversible.
SLB is built for multi-agent workflows where many agent terminals run in parallel and a single bad command could destroy work, data, or infrastructure.
Critical Design: Client-Side Execution
Commands run in YOUR shell environment, not on a server. The daemon is a NOTARY (verifies approvals), not an executor. This means commands inherit:
- AWS_PROFILE, AWS_ACCESS_KEY_ID
- KUBECONFIG
- Activated virtualenvs
- SSH_AUTH_SOCK
- Database connection strings
Risk Tiers
| Tier | Approvals | Auto-approve | Examples |
|---|---|---|---|
| CRITICAL | 2+ | Never | rm -rf /, DROP DATABASE, terraform destroy, git push --force |
| DANGEROUS | 1 | Never | rm -rf ./build, git reset --hard, kubectl delete, DROP TABLE |
| CAUTION | 0 | After 30s | rm file.txt, git branch -d, npm uninstall |
| SAFE | 0 | Immediately | rm *.log, git stash, kubectl delete pod |
Quick Start
Installation
# One-liner
curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/slb/main/scripts/install.sh | bash
# Or with go install
go install github.com/Dicklesworthstone/slb/cmd/slb@latest
Initialize a Project
cd /path/to/project
slb init
Creates .slb/ directory with:
state.db- SQLite database (source of truth)config.toml- Project configurationpending/- JSON files for pending requestslogs/- Execution logs
Basic Workflow
# 1. Start a session (as an AI agent)
slb session start --agent "GreenLake" --program "claude-code" --model "opus"
# Returns: session_id and session_key
# 2. Run a dangerous command (blocks until approved)
slb run "rm -rf ./build" --reason "Clean build artifacts" --session-id <id>
# 3. Another agent reviews and approves
slb pending # See what's waiting
slb review <request-id> # View full details
slb approve <request-id> --session-id <reviewer-id> --comment "Looks safe"
# 4. Original command executes automatically after approval
Commands Reference
Session Management
slb session start --agent <name> --program <prog> --model <model>
slb session end --session-id <id>
slb session resume --agent <name> --create-if-missing # Resume after crash
slb session list # Show active sessions
slb session heartbeat --session-id <id> # Keep session alive
slb session gc --threshold 2h # Clean stale sessions
Request & Run
# Primary command (atomic: check, request, wait, execute)
slb run "<command>" --reason "..." --session-id <id>
# Plumbing commands
slb request "<command>" --reason "..." # Create request only
slb status <request-id> --wait # Check/wait for status
slb pending --all-projects # List pending requests
slb cancel <request-id> # Cancel own request
Review & Approve
slb review <request-id> # Show full details
slb approve <request-id> --session-id <id> --comment "..."
slb reject <request-id> --session-id <id> --reason "..."
Execution
slb execute <request-id> # Execute approved request
slb emergency-execute "<cmd>" --reason "..." # Human override (logged)
slb rollback <request-id> # Rollback if captured
Pattern Management
slb patterns list --tier critical # List patterns by tier
slb patterns test "<command>" # Check what tier a command gets
slb patterns add --tier dangerous "<pattern>" # Add runtime pattern
Daemon & TUI
slb daemon start --foreground # Start background daemon
slb daemon stop # Stop daemon
slb daemon status # Check daemon status
slb tui # Launch interactive TUI
slb watch --session-id <id> --json # Stream events (NDJSON)
Claude Code Hook
slb hook install # Install PreToolUse hook
slb hook status # Check installation
slb hook test "<command>" # Test classification
slb hook uninstall # Remove hook
History & Audit
slb history --tier critical --status executed # Filter history
slb history -q "rm -rf" # Full-text search
slb show <request-id> --with-reviews # Detailed view
slb outcome record <request-id> --problems # Record feedback
slb outcome stats # Execution statistics
Pattern Matching Engine
Classification Algorithm
-
Normalization: Commands are parsed with shell-aware tokenization
- Strips wrapper prefixes:
sudo,doas,env,time,nohup - Extracts inner commands from
bash -c 'command' - Resolves paths:
./foo→/absolute/path/foo
- Strips wrapper prefixes:
-
Compound Command Handling: Commands with
;,&&,||,|are split and each segment classified. Highest risk segment wins:echo "done" && rm -rf /etc → CRITICAL (rm -rf /etc wins) ls && git status → SAFE (no dangerous patterns) -
Shell-Aware Splitting: Separators inside quotes preserved:
psql -c "DELETE FROM users; DROP TABLE x;" → Single segment (SQL) echo "foo" && rm -rf /tmp → Two segments -
Pattern Precedence: SAFE → CRITICAL → DANGEROUS → CAUTION (first match wins)
-
Fail-Safe Parse Handling: If parsing fails, tier is upgraded by one level:
- SAFE → CAUTION
- CAUTION → DANGEROUS
- DANGEROUS → CRITICAL
Default Patterns
CRITICAL (2+ approvals):
rm -rf /..., DROP DATABASE/SCHEMA, TRUNCATE TABLE, terraform destroy, kubectl delete node/namespace/pv/pvc, git push --force, aws terminate-instances, dd ... of=/dev/
DANGEROUS (1 approval):
rm -rf, git reset --hard, git clean -fd, kubectl delete, terraform destroy -target, DROP TABLE, chmod -R, chown -R
CAUTION (auto-approved after 30s):
rm <file>, git stash drop, git branch -d, npm/pip uninstall
SAFE (skip review):
rm *.log, rm *.tmp, git stash, kubectl delete pod, npm cache clean
Request Lifecycle
State Machine
┌─────────────┐
│ PENDING │
└──────┬──────┘
┌───────────────┼───────────────┐───────────────┐
▼ ▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ APPROVED │ │ REJECTED │ │ CANCELLED│ │ TIMEOUT │
└────┬─────┘ └──────────┘ └──────────┘ └────┬─────┘
│ (terminal) (terminal) │
▼ ▼
┌──────────┐ ┌──────────┐
│EXECUTING │ │ESCALATED │
└────┬─────┘ └──────────┘
│
┌──────┴──────┬──────────┐
▼ ▼ ▼
┌────────┐ ┌─────────┐ ┌────────┐
│EXECUTED│ │EXEC_FAIL│ │TIMED_OUT│
└────────┘ └─────────┘ └────────┘
(terminal) (terminal) (terminal)
Approval TTL
- Standard requests: 30 minutes (configurable)
- CRITICAL requests: 10 minutes (s