rippy-cli 0.1.2

A shell command safety hook for AI coding tools (Claude Code, Cursor, Gemini CLI) — Rust rewrite of Dippy
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

---
title: Rules
description: The complete rule grammar for rippy config files.
---

Every line in a `.rippy` file is either a comment (`#`), a blank line, or
a **rule**. The TOML form wraps the same rules into `[[rules]]` tables —
the semantics are identical.

## Command rules

```
allow|ask|deny PATTERN ["message"]
```

- `allow` — auto-approve. rippy exits with code `0` and lets the command run.
- `ask` — prompt the AI tool to confirm with the user.
- `deny` — block and (optionally) return a guidance message explaining
  what the model should do instead.

Example:

```
allow git status
deny  git push --force "Use --force-with-lease instead"
ask   npm install "Double-check the package name before installing"
```

## Redirect rules

Guard writes to sensitive paths, independent of the command doing the
writing:

```
allow-redirect|ask-redirect|deny-redirect PATH ["message"]
```

Any command that writes to a matching path — `>`, `>>`, `tee`, `cp`, `mv`
— is caught:

```
deny-redirect **/.env*   "Do not write to environment files"
deny-redirect /etc/*     "Do not modify system config"
```

## MCP tool rules

For AI tools that use MCP (Model Context Protocol) servers, gate individual
MCP tools by name:

```
allow-mcp mcp__github__*
deny-mcp  dangerous_mcp_tool
```

## Post-execution feedback

`after` rules inject a message back to the AI tool after a command runs —
useful for reminders and workflow nudges:

```
after git commit "Changes committed locally. Don't forget to push when ready."
```

## Aliases

Rewrite a command to something rippy already knows how to analyze:

```
alias ~/bin/custom-git git
```

Now rules targeting `git` apply to `~/bin/custom-git` too.

## Settings

```
set default ask         # default action for unknown commands (allow | ask | deny)
set log ~/.rippy/audit  # path to the audit log
set log-full true       # include full command strings in the log
```

## Putting it together

A minimal but effective config:

```
# Block the really dangerous stuff
deny rm -rf /     "Never delete the root filesystem"
deny rm -rf ~     "Never delete the home directory"
deny git push --force "Use --force-with-lease instead"

# Auto-allow read-only git
allow git status
allow git log
allow git diff

# Keep secrets out of writes
deny-redirect **/.env*
deny-redirect **/*.pem

# Default everything else to ask
set default ask
```

See [Examples](/configuration/examples/) for a longer, annotated starter.