Rule Syntax Reference

SigmaShake rules use a declarative DSL designed for readability and safety. Each rule defines a condition that matches tool calls and a decision to apply.

Basic structure

rule <rule_id> {
  priority <number>
  severity <error|warning|info>
  <DECISION> <target>
  IF <condition>
  MESSAGE "<text>"
}

Minimal example

rule no-rm-rf {
  DENY execution
  IF command CONTAINS "rm -rf"
  MESSAGE "Destructive command blocked."
}

Default values when omitted:

priority → 50
severity → warning
enabled → true

Rule ID

Must be a valid identifier: letters, numbers, hyphens, underscores. Used in audit logs and API responses.

rule my-rule-123 { ... }
rule ts_write_safety { ... }

Decision types

DSL Keyword	Runtime Decision	Behavior
`DENY`	`block`	Reject the tool call
`ALLOW`	`allow`	Permit explicitly (overrides lower-priority DENY)
`LOG`	`log`	Allow but record in audit log
`SHADOW`	`shadow`	Allow silently, log for monitoring
`ASK`	`ask`	Pause execution, require human approval via dashboard
`FORCE`	`force`	Block with a suggested substitute command

ASK decisions

Require a PROMPT field:

rule ask-before-deploy {
  ASK execution
  IF command CONTAINS "npm publish"
  MESSAGE "Publishing requires approval."
  PROMPT "Allow npm publish to registry?"
}

FORCE decisions

Require a SUBSTITUTE field:

rule force-exact-pins {
  FORCE execution
  IF command REGEX "npm install\\s+\\S+@\\^"
  MESSAGE "Use exact version pins."
  SUBSTITUTE "npm install package@1.2.3"
}

Targets

Targets determine which tool capability a rule applies to:

Target	Matches tools with capability
`execution`	Shell commands (Bash, terminal)
`read`	File reading (Read, cat)
`write`	File writing/editing (Write, Edit)
`edit`	Edit only (subset of write)
`search`	File/content search (Glob, Grep)
`agent`	Sub-agent spawning (Agent)
`network`	HTTP requests (WebFetch, WebSearch)
`any`	All tools

Conditions

Syntax

IF <field> [NOT] <operator> "<value>"

Fields

Field	Resolves to
`command`	`input.command` (Bash commands)
`path`	`input.file_path` or `input.path`
`content`	`input.content` or `input.new_string`
`tool`	Tool name (e.g., "Bash", "Read")
`input.<key>`	Any key in the tool input object

Operators

Operator	Description
`CONTAINS`	Substring match
`EQUALS`	Exact string match
`STARTS_WITH`	Prefix match
`ENDS_WITH`	Suffix match
`GLOB`	Glob pattern (``, `*`, `?`)
`REGEX`	Regular expression
`WORD`	Word-boundary match (no regex, O(n))
`LINE_CONTAINS`	Per-line substring, strips `//` comments
`LINE_REGEX`	Per-line regex, strips `//` comments

All operators support NOT for negation:

IF command NOT CONTAINS "echo"

AND / OR logic

Within a block, conditions are AND-ed. Use OR to start a new group:

rule block-secret-writes {
  DENY write
  IF path ENDS_WITH ".env"
  AND content CONTAINS "API_KEY"
  OR path ENDS_WITH ".env.local"
  AND content CONTAINS "SECRET"
  MESSAGE "Cannot write secrets to env files."
}

This means: (path ends with .env AND content contains API_KEY) OR (path ends with .env.local AND content contains SECRET).

Priority

Higher priority rules are evaluated first. First match wins (short-circuit).

rule allow-echo {
  priority 100
  ALLOW execution
  IF command STARTS_WITH "echo"
  MESSAGE "Echo commands are always allowed."
}

rule block-all-bash {
  priority 50
  DENY execution
  IF tool EQUALS "Bash"
  MESSAGE "Bash commands require approval."
}

With priority 100 > 50, echo hello matches allow-echo first and is allowed.

Generic input fields

Access any key in the tool input object using input.<key>:

rule log-explore-agents {
  LOG agent
  IF input.subagent_type EQUALS "Explore"
  MESSAGE "Explore agent activity logged."
}

rule block-background-agents {
  DENY agent
  IF input.run_in_background EQUALS "true"
  AND input.subagent_type NOT EQUALS "general-purpose"
  MESSAGE "Only general-purpose agents may run in background."
}

Non-string values are JSON-stringified before matching. Missing fields resolve to empty string (no match for positive conditions).

Enabling/disabling

rule temporarily-disabled {
  enabled false
  DENY execution
  IF command CONTAINS "test"
  MESSAGE "This rule is off."
}

File naming convention

Follow the Sigma-style convention: {technology}_{capability}_{description}.rules

Examples:

ts_write_safety.rules
git_exec_trunk_workflow.rules
bash_exec_destructive_ops.rules
agent_exec_oracle_redirect.rules

Basic structure​

Minimal example​

Rule ID​

Decision types​

ASK decisions​

FORCE decisions​

Targets​

Conditions​

Syntax​

Fields​

Operators​

AND / OR logic​

Priority​

Generic input fields​

Enabling/disabling​

File naming convention​