diff --git a/nanobot/agent/tools/shell.py b/nanobot/agent/tools/shell.py
index 729afa60b..aa8ca67b1 100644
--- a/nanobot/agent/tools/shell.py
+++ b/nanobot/agent/tools/shell.py
@@ -66,7 +66,7 @@ class ExecTool(Tool):
             # direct writes corrupt the cursor format and crash /dream.
             r">>?\s*\S*(?:history\.jsonl|\.dream_cursor)",            # > / >> redirect
             r"\btee\b[^|;&<>]*(?:history\.jsonl|\.dream_cursor)",     # tee / tee -a
-            r"\b(?:cp|mv)\b[^|;&<>]*(?:history\.jsonl|\.dream_cursor)",  # cp/mv target
+            r"\b(?:cp|mv)\b(?:\s+[^\s|;&<>]+)+\s+\S*(?:history\.jsonl|\.dream_cursor)",  # cp/mv target
             r"\bdd\b[^|;&<>]*\bof=\S*(?:history\.jsonl|\.dream_cursor)",  # dd of=
             r"\bsed\s+-i[^|;&<>]*(?:history\.jsonl|\.dream_cursor)",  # sed -i
         ]
diff --git a/tests/tools/test_exec_security.py b/tests/tools/test_exec_security.py
index 9f001aaff..20687dcbf 100644
--- a/tests/tools/test_exec_security.py
+++ b/tests/tools/test_exec_security.py
@@ -104,6 +104,7 @@ def test_exec_blocks_writes_to_history_jsonl(command):
         "wc -l history.jsonl",
         "tail -n 5 history.jsonl",
         "grep foo history.jsonl",
+        "cp history.jsonl /tmp/history.backup",
         "ls memory/",
         "echo history.jsonl",
     ],