Privileged Endpoints

Some endpoints execute commands that modify server state — installing packages, restarting services, changing configurations. Wrapd lets you flag these as privileged so they get additional guardrails.

Flagging an endpoint as privileged

In your wrapd.yaml:

endpoints:
  - name: apt-install
    command: sudo apt-get install -y ${package}
    privileged: true
    args:
      - name: package
        required: true

  - name: disk-usage
    command: df -h
    # privileged defaults to false

Or set it in the dashboard when creating/editing an endpoint — toggle “Privileged” on.

What changes

When an endpoint is flagged as privileged:

Owner-only execution — In team contexts, only API keys belonging to the team owner or admin can execute the endpoint. Team member keys get 403 Forbidden.
Agent verification — The agent refuses to execute a privileged endpoint unless the hub confirms authorization.
Dashboard indicators — Privileged endpoints show a shield icon in the endpoint list. The detail view displays a banner.
Audit trail — Privileged executions are logged with the caller’s identity.

For solo users (not in a team), privileged endpoints work normally — you’re the owner by default.

Destructive command warnings

The dashboard detects potentially destructive commands and shows a warning if they’re not flagged as privileged. Patterns detected include:

rm -rf, mkfs, dd if=
sudo apt, sudo yum, sudo dnf, sudo apk
shutdown, reboot
systemctl stop/restart/disable
chmod 777

This is a hint, not enforcement. The warning suggests you flag the endpoint as privileged.

Best practices

Flag as privileged:

Package installs (apt install, brew install, pip install)
Service management (systemctl restart, docker compose up)
Data mutations (pg_dump, database migrations)
File system changes (anything with rm, mv, or cp on critical paths)

Don’t flag:

Read-only commands (df -h, docker ps, git status)
Monitoring and health checks
Log retrieval