fix(manifest): allow missing safe diagnostic flags

README.md

@@ -11,12 +11,6 @@ Commands are restricted to a curated set of read-only tools. Destructive operati
 - `sed` -> `"Stream editing can modify files -- read-only access only. Use grep for searching."`
 - `$HOME/file` -> `"Variable expansion will not expand. Use absolute paths."`
 
-## Demo
-
-Here's a demo of ShellGuard with [OpenCode](https://opencode.ai) against a simulated server. It works extremely well against real servers too.
-
-<video src="https://raw.githubusercontent.com/jonchun/shellguard/refs/heads/main/docs/videos/shellguard-demo.mp4" controls width="100%"></video>
-
 ## Quick Start
 
 ### Install

manifest/manifests/journalctl.yaml

@@ -11,6 +11,26 @@ flags:
     takes_value: true
   - flag: "--until"
     takes_value: true
+  - flag: "-p"
+    takes_value: true
+  - flag: "--priority"
+    takes_value: true
+  - flag: "--no-pager"
+  - flag: "-t"
+    takes_value: true
+  - flag: "--identifier"
+    takes_value: true
+  - flag: "-k"
+  - flag: "--dmesg"
+  - flag: "-b"
+  - flag: "-o"
+    takes_value: true
+  - flag: "--output"
+    takes_value: true
+  - flag: "-r"
+  - flag: "--reverse"
+  - flag: "-x"
+  - flag: "--catalog"
   - flag: "-f"
     deny: true
     reason: "Follow mode hangs until timeout. Use --since/--until for bounded queries."

manifest/manifests/ps.yaml

@@ -6,5 +6,14 @@ flags:
   - flag: "-f"
   - flag: "-o"
     takes_value: true
+  - flag: "--sort"
+    takes_value: true
+  - flag: "-p"
+    takes_value: true
+  - flag: "-u"
+    takes_value: true
+  - flag: "-C"
+    takes_value: true
+  - flag: "--no-headers"
 stdin: false
 stdout: true

manifest/manifests/systemctl_list-units.yaml

@@ -4,5 +4,6 @@ category: services
 flags:
   - flag: "--type"
     takes_value: true
+  - flag: "--failed"
 stdin: false
 stdout: true

manifest/manifests/top.yaml

@@ -5,6 +5,14 @@ flags:
   - flag: "-b"
   - flag: "-n"
     takes_value: true
+  - flag: "-o"
+    takes_value: true
+  - flag: "-p"
+    takes_value: true
+  - flag: "-u"
+    takes_value: true
+  - flag: "-w"
+    takes_value: true
   - flag: "-d"
     deny: true
     reason: "Only batch mode with fixed iteration count is allowed"