rippy-cli 0.2.0

A shell command safety hook for AI coding tools (Claude Code, Cursor, Gemini CLI) — Rust rewrite of Dippy
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

# Example: Data-driven handler replacements using structured matching
#
# These rules demonstrate how to replicate handler behavior declaratively,
# making the safety policy transparent and customizable without code changes.

# ── Git ────────────────────────────────────────────────────────────────

# Allow safe read-only git subcommands
[[rules]]
action = "allow"
command = "git"
subcommands = ["status", "log", "diff", "show", "branch", "stash", "tag", "remote"]

# Deny force-push to main
[[rules]]
action = "deny"
command = "git"
subcommand = "push"
flags = ["--force", "--force-with-lease", "-f"]
message = "Use --force-with-lease on feature branches only"

[rules.when]
branch = { eq = "main" }

# Ask before any push
[[rules]]
action = "ask"
command = "git"
subcommand = "push"

# ── Docker ─────────────────────────────────────────────────────────────

# Allow read-only docker subcommands
[[rules]]
action = "allow"
command = "docker"
subcommands = ["ps", "images", "inspect", "logs", "version"]

# Ask before running containers
[[rules]]
action = "ask"
command = "docker"
subcommand = "run"
message = "Review the container image and flags"

# ── Curl ───────────────────────────────────────────────────────────────

# Deny insecure curl flags
[[rules]]
action = "deny"
command = "curl"
flags = ["-k", "--insecure"]
message = "Do not disable certificate verification"

# ── npm ────────────────────────────────────────────────────────────────

# Ask before installing packages
[[rules]]
action = "ask"
command = "npm"
subcommand = "install"
message = "Verify package name and source"