rippy-cli 0.1.2

A shell command safety hook for AI coding tools (Claude Code, Cursor, Gemini CLI) — Rust rewrite of Dippy
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

use crate::condition::Condition;
use crate::pattern::Pattern;
use crate::verdict::Decision;

use std::path::PathBuf;

/// What kind of entity a rule targets.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum RuleTarget {
    Command,
    Redirect,
    Mcp,
    FileRead,
    FileWrite,
    FileEdit,
    After,
}

/// A single rule: target + decision + pattern + optional message + conditions.
///
/// Rules can use glob-pattern matching (the `pattern` field), structured matching
/// (command/subcommand/flags fields), or both. When both are present, all must match (AND).
#[derive(Debug, Clone)]
pub struct Rule {
    pub target: RuleTarget,
    pub decision: Decision,
    pub pattern: Pattern,
    pub message: Option<String>,
    pub conditions: Vec<Condition>,
    // Structured matching fields (all optional, combined with AND).
    pub command: Option<String>,
    pub subcommand: Option<String>,
    pub subcommands: Option<Vec<String>>,
    pub flags: Option<Vec<String>>,
    pub args_contain: Option<String>,
}

impl Rule {
    #[must_use]
    pub fn new(target: RuleTarget, decision: Decision, pattern: &str) -> Self {
        Self {
            target,
            decision,
            pattern: Pattern::new(pattern),
            message: None,
            conditions: vec![],
            command: None,
            subcommand: None,
            subcommands: None,
            flags: None,
            args_contain: None,
        }
    }

    #[must_use]
    pub fn with_message(mut self, msg: impl Into<String>) -> Self {
        self.message = Some(msg.into());
        self
    }

    #[must_use]
    pub fn with_conditions(mut self, c: Vec<Condition>) -> Self {
        self.conditions = c;
        self
    }

    /// Format structured fields as a human-readable description.
    #[must_use]
    pub fn structured_description(&self) -> String {
        let mut parts = Vec::new();
        if let Some(c) = &self.command {
            parts.push(format!("command={c}"));
        }
        if let Some(s) = &self.subcommand {
            parts.push(format!("subcommand={s}"));
        }
        if let Some(list) = &self.subcommands {
            parts.push(format!("subcommands=[{}]", list.join(",")));
        }
        if let Some(f) = &self.flags {
            parts.push(format!("flags=[{}]", f.join(",")));
        }
        if let Some(a) = &self.args_contain {
            parts.push(format!("args-contain={a}"));
        }
        parts.join(" ")
    }

    /// Returns `true` if this rule has any structured matching fields set.
    #[must_use]
    pub const fn has_structured_fields(&self) -> bool {
        self.command.is_some()
            || self.subcommand.is_some()
            || self.subcommands.is_some()
            || self.flags.is_some()
            || self.args_contain.is_some()
    }

    /// Return the action string for this rule (e.g. "allow", "deny-redirect", "ask-read").
    #[must_use]
    pub fn action_str(&self) -> String {
        let base = self.decision.as_str();
        match self.target {
            RuleTarget::Command => base.to_string(),
            RuleTarget::Redirect => format!("{base}-redirect"),
            RuleTarget::Mcp => format!("{base}-mcp"),
            RuleTarget::FileRead => format!("{base}-read"),
            RuleTarget::FileWrite => format!("{base}-write"),
            RuleTarget::FileEdit => format!("{base}-edit"),
            RuleTarget::After => "after".to_string(),
        }
    }
}

/// A parsed config directive — either a Rule, a Set key/value, or an Alias.
#[derive(Debug, Clone)]
pub enum ConfigDirective {
    Rule(Rule),
    Set {
        key: String,
        value: String,
    },
    Alias {
        source: String,
        target: String,
    },
    CdAllow(PathBuf),
    /// Marker separating baseline (stdlib + global) from project rules.
    ProjectBoundary,
}