Static binary, sub-millisecond startup
No Python, no virtualenv, no pip install. A single Rust binary launches
in under a millisecond — fast enough to run on every single Bash hook
without your AI tool noticing.
rippy
A fast shell command safety hook for Claude Code, Cursor, Gemini CLI, and Codex — written in Rust.
Why rippy?
Section titled “Why rippy?”Real bash AST parsing
Commands are parsed into a proper AST by rable, a pure-Rust bash parser with 100% Parable compatibility. No regex hacks, no string-split guesses.
100+ commands understood in depth
Built-in handlers for git, docker, cargo, kubectl, psql, gh,
ansible, and 80+ more — each one knows which subcommands are safe and
which need a human in the loop.
Transparent, predictable rules
Structured .rippy.toml config files with a simple rule grammar
(allow, ask, deny, redirects, MCP gating, structured matching).
Unknown commands default to ask — nothing dangerous slips through
silently.
Install
Section titled “Install”brew install mpecan/tools/rippycargo install rippy-clicargo binstall rippy-cli# macOS (Apple Silicon / Intel), Linux (x86_64 / aarch64)# Download from https://github.com/mpecan/rippy/releasesThen run rippy init to pick a safety package
and wire rippy into your AI tool — rippy setup claude-code,
rippy setup cursor, or rippy setup gemini does the hook-config editing
for you. Full walkthrough in the Claude Code guide.
Pick a safety package
Section titled “Pick a safety package”rippy ships three preconfigured packages so you don’t have to start from a blank config:
review [===] Full supervision. Every command asks. develop [==.] Auto-approves builds, tests, VCS. Asks for destructive ops. autopilot [=..] Maximum AI autonomy. Only catastrophic ops are blocked.Pick one with rippy init, then layer your own allow / ask / deny
rules on top. See the Packages guide for
details.
What gets auto-approved?
Section titled “What gets auto-approved?”rippy ships with 130+ commands in its safe allowlist (read-only tools
like cat, ls, grep, jq, rg) plus 40+ CLI-specific handlers that
understand subcommand safety:
| Command | Safe | Needs approval |
|---|---|---|
git | status, log, diff, branch | push, reset, rebase |
docker | ps, images, logs | run, exec, rm |
cargo | test, build, check, clippy | run, publish, install |
python | -c 'print(1)', safe scripts | -c 'import os', unknown scripts |
kubectl | get, describe, logs | apply, delete, exec |
psql | read-only SELECT queries | write SQL, interactive |
gh | pr view, issue list | pr create, pr merge |
ansible | --check, --syntax-check, ansible-doc | playbook runs, vault encrypt |
Everything else defaults to ask — fail-safe by design.
A Rust rewrite of Dippy
Section titled “A Rust rewrite of Dippy”rippy is fully inspired by and config-compatible with
Dippy by
@ldayton. The rewrite trades Python for Rust,
a 200ms cold start for sub-millisecond, and adds file analysis and Claude
Code permission integration. Your existing .dippy files keep working.
See the comparison page for the full breakdown.