rippy-cli 0.1.2

A shell command safety hook for AI coding tools (Claude Code, Cursor, Gemini CLI) — Rust rewrite of Dippy
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

# Recommended rippy config — sensible defaults for common tools
# Copy to ~/.rippy/config or include the rules you want in your project .rippy
#
# rippy's built-in handlers already cover: git, docker, kubectl, aws, gcloud,
# az, npm/yarn/pnpm, pip, cargo, brew, terraform, helm, curl, wget, python,
# bash/sh/zsh, find, psql, mysql, sqlite3, sed, awk, and many more.
#
# These rules cover additional tools that don't have built-in handlers.

# ── macOS system tools ──────────────────────────────────────────────

# defaults: read is safe, write/delete modifies system preferences
allow defaults read
allow defaults read-type
allow defaults domains
allow defaults find
allow defaults help
ask defaults write "modifies system preferences"
ask defaults delete "modifies system preferences"

# diskutil: info/listing is safe, partitioning is not
allow diskutil list
allow diskutil info
allow diskutil information
allow diskutil activity
allow diskutil listFilesystems

# launchctl: listing/info is safe, loading/unloading services is not
allow launchctl list
allow launchctl print
allow launchctl blame
allow launchctl version
allow launchctl help
allow launchctl managerpid

# security: find/show is safe, modifying keychain is not
allow security help
allow security find-generic-password
allow security find-internet-password
allow security find-key
allow security find-certificate
allow security find-identity
allow security show-keychain-info
allow security dump-keychain
allow security verify-cert
allow security error

# xattr: reading is safe, writing/deleting/clearing is not
allow xattr|
ask xattr -w "writes extended attributes"
ask xattr -d "deletes extended attributes"
ask xattr -c "clears all extended attributes"

# codesign: viewing signatures is safe, signing is not
ask codesign -s "signs code"
ask codesign --sign "signs code"

# hdiutil: info/verify is safe, mounting/creating is not
allow hdiutil help
allow hdiutil info
allow hdiutil verify
allow hdiutil checksum

# pkgutil: querying is safe, forgetting packages is not
allow pkgutil --pkgs
allow pkgutil --files
allow pkgutil --pkg-info
allow pkgutil --info
allow pkgutil --payload-files

# tmutil: info is safe, operations are not
allow tmutil destinationinfo
allow tmutil version
allow tmutil help
allow tmutil currentphase
allow tmutil status

# spctl: assessment is safe, adding/removing rules is not
allow spctl --assess
allow spctl -a

# plutil: reading/validating is safe
allow plutil -lint
allow plutil -p

# lipo: info is safe
allow lipo -info
allow lipo -detailed_info
allow lipo -archs

# scutil: read-only flags are safe, interactive mode is not
allow scutil --dns
allow scutil --proxy
allow scutil --nwi
allow scutil --get

# networksetup: get/list/show queries are safe, set/create/remove are not
allow networksetup -getinfo
allow networksetup -getdnsservers
allow networksetup -getwebproxy
allow networksetup -getsearchdomains
allow networksetup -listallhardwareports
allow networksetup -listallnetworkservices
allow networksetup -listnetworkserviceorder
allow networksetup -showorder

# ifconfig: viewing network config is safe
allow ifconfig|

# ── System utilities ────────────────────────────────────────────────

# dmesg: reading is safe, clearing is not
allow dmesg|
ask dmesg -c "clears kernel ring buffer"
ask dmesg -C "clears kernel ring buffer"
ask dmesg --clear "clears kernel ring buffer"

# sysctl: reading is safe, writing is not
allow sysctl|
ask sysctl -w "writes kernel parameters"

# Process management
ask kill "terminates processes"
ask killall "terminates processes by name"
ask pkill "terminates processes by pattern"

# Disk operations
ask dd "raw disk/file operations"

# Network listeners
ask nc "network utility — can open listeners"
ask netcat "network utility — can open listeners"
ask ncat "network utility — can open listeners"
ask socat "network utility — can open listeners"

# Scheduled tasks
ask crontab "modifies scheduled tasks"
ask at "schedules future commands"

# Service management
ask systemctl "manages system services"
ask service "manages system services"

# journalctl: reading is safe, maintenance operations are not
allow journalctl|
ask journalctl --rotate "rotates journal files"
ask journalctl --vacuum-size "deletes old journal entries"
ask journalctl --vacuum-time "deletes old journal entries"
ask journalctl --vacuum-files "deletes old journal entries"
ask journalctl --flush "flushes journal to persistent storage"

# Firewall
ask iptables "modifies firewall rules"
ask ufw "modifies firewall rules"

# ── DevOps tools ────────────────────────────────────────────────────

# ansible: docs and linting are safe
allow ansible-doc
allow ansible-lint

# packer: validate/inspect are safe
allow packer validate
allow packer inspect
allow packer --help
allow packer --version

# prometheus: only help/version are safe (everything else starts the server)
allow prometheus --help
allow prometheus --version

# ── Code formatters / linters ───────────────────────────────────────

# isort: check mode is safe, formatting is not
allow isort --check-only
allow isort --diff
allow isort --check

# pre-commit: validation is safe
allow pre-commit validate-config
allow pre-commit validate-manifest
allow pre-commit help