Example configs

Three package-specific starter configs ship in the repo’s examples/ directory. Each corresponds to a package and is meant to be copied as-is and then customized. Pick the one that matches how much friction you want.

All three are imported verbatim from the checked-in files in this repo, so the snippets below can never drift from what you actually get by running rippy init --package <name>.

review

Full supervision. Every command asks by default. The starter adds hard denies for force-push, hard reset, recursive delete, and a few other footguns so they can’t be accidentally approved away.

Copy as .rippy.toml or ~/.rippy/config.toml:

examples/review.rippy.toml

# Review package — full supervision
#
# Starts from the "review" package (every command asks) and adds
# strict rules for security-sensitive environments.
#
# Usage:  rippy init --package review
#         Then customize this file as needed.
#
# See: https://github.com/mpecan/rippy/wiki/Packages

[settings]
default = "ask"
package = "review"

# --- Extra restrictions for review mode ---

# Block force operations outright
[[rules]]
action = "deny"
pattern = "git push --force"
message = "Force push is not allowed in review mode — use --force-with-lease if you must"

[[rules]]
action = "deny"
pattern = "git reset --hard"
message = "Hard reset discards changes — use `git stash` or `git reset --soft` instead"

[[rules]]
action = "deny"
pattern = "git clean -f"
message = "This permanently deletes untracked files — review them manually first"

# Block destructive filesystem operations
[[rules]]
action = "deny"
pattern = "rm -rf"
message = "Recursive force delete is not allowed in review mode"

[[rules]]
action = "deny"
pattern = "chmod 777"
message = "World-writable permissions are a security risk"

# Block network commands that could exfiltrate data
[[rules]]
action = "deny"
pattern = "curl -X POST"
message = "Outbound POST requests require manual review"

[[rules]]
action = "deny"
pattern = "wget"
message = "Downloads require manual review in review mode"

# Protect sensitive paths
[[rules]]
action = "deny-redirect"
pattern = "**/.env*"
message = "Do not write to environment files — they may contain secrets"

[[rules]]
action = "deny-redirect"
pattern = "**/*.pem"
message = "Do not write to PEM files — they contain private keys"

[[rules]]
action = "deny-redirect"
pattern = "**/credentials*"
message = "Do not write to credential files"

develop

Balanced default. Auto-approves builds, tests, and read-only VCS; asks for destructive or network-altering operations. Good starting point if you’re not sure which package to pick.

examples/recommended.rippy.toml

# Recommended rippy TOML configuration
#
# This file demonstrates the .rippy.toml format with effective rejection
# messages that guide AI tools toward safe alternatives.
#
# Place as .rippy.toml in your project root, or ~/.rippy/config.toml for global.

[settings]
default = "ask"
package = "develop"    # safety package: review, develop, or autopilot

# --- Git safety ---

[[rules]]
action = "deny"
pattern = "git push --force"
message = "Use `git push --force-with-lease` instead — it checks for upstream changes before overwriting"

[[rules]]
action = "deny"
pattern = "git reset --hard"
message = "Use `git stash` to save changes, or `git reset --soft` to keep changes staged"

[[rules]]
action = "deny"
pattern = "git checkout -- ."
message = "This discards all unstaged changes. Use `git stash` to save them first"

[[rules]]
action = "allow"
pattern = "git status"

[[rules]]
action = "allow"
pattern = "git log"

[[rules]]
action = "allow"
pattern = "git diff"

[[rules]]
action = "allow"
pattern = "git branch"

# --- File safety ---

[[rules]]
action = "deny-redirect"
pattern = "**/.env*"
message = "Do not write to environment files — they may contain secrets"

[[rules]]
action = "deny-redirect"
pattern = "**/*.pem"
message = "Do not write to PEM files — they contain private keys"

# --- Package management ---

[[rules]]
action = "ask"
pattern = "npm install"
message = "Verify the package name is correct and from a trusted source"

[[rules]]
action = "ask"
pattern = "pip install"
message = "Verify the package name and consider using a virtual environment"

# --- Destructive operations ---

[[rules]]
action = "deny"
pattern = "rm -rf /"
message = "Never delete the root filesystem. Use specific paths like `rm -rf ./build/`"

[[rules]]
action = "deny"
pattern = "rm -rf ~"
message = "Never delete the home directory. Use specific paths"

# --- Container safety ---

[[rules]]
action = "ask"
pattern = "docker run *"
risk = "high"
message = "Verify the image source and any volume mounts before running containers"

# --- MCP tools ---

[[rules]]
action = "allow-mcp"
pattern = "mcp__github__*"

# --- Post-execution feedback ---

[[rules]]
action = "after"
pattern = "git commit"
message = "Changes committed locally. Don't forget to push when ready."

# --- Aliases ---

# [[aliases]]
# source = "~/custom-git"
# target = "git"

autopilot

Maximum AI autonomy. Default is allow; only catastrophic operations (root filesystem ops, secret file writes, force-push) are blocked. Use with guardrails elsewhere (branch protection, sandboxed environments).

examples/autopilot.rippy.toml

# Autopilot package — maximum AI autonomy
#
# Starts from the "autopilot" package (default = allow, only catastrophic
# ops are blocked) and adds a few safety nets for common mistakes.
#
# Usage:  rippy init --package autopilot
#         Then customize this file as needed.
#
# See: https://github.com/mpecan/rippy/wiki/Packages

[settings]
default = "allow"
package = "autopilot"

# --- Additional safety nets ---

# Protect sensitive paths even in autopilot mode
[[rules]]
action = "deny-redirect"
pattern = "**/.env*"
message = "Do not write to environment files — they may contain secrets"

[[rules]]
action = "deny-redirect"
pattern = "**/*.pem"
message = "Do not write to PEM files — they contain private keys"

# Ask before publishing or deploying
[[rules]]
action = "ask"
pattern = "cargo publish"
message = "Publishing to crates.io — are you sure?"

[[rules]]
action = "ask"
pattern = "npm publish"
message = "Publishing to npm — are you sure?"

[[rules]]
action = "ask"
pattern = "docker push"
message = "Pushing a container image — verify the tag and registry"

# Post-execution feedback
[[rules]]
action = "after"
pattern = "git commit"
message = "Committed locally. Don't forget to push when ready."

[[rules]]
action = "after"
pattern = "git push"
message = "Pushed to remote."

Legacy flat format

The original Dippy-compatible flat format is still loaded so existing configs keep working, but new configs should use .rippy.toml. Run rippy migrate to convert a flat file to TOML. For reference, the flat grammar is one rule per line, no tables:

# Block dangerous commands with guidance
deny rm -rf        "use trash instead"
deny python        "use uv run python"

# Allow specific safe patterns
allow git status
allow uv run python -c

# Redirect rules (block writes to sensitive paths)
deny-redirect **/.env*
deny-redirect /etc/*

# Settings
set default ask

See Rules for the full flat grammar.