### Complete Cursor Hooks Configuration Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/cursor-hooks.md An example of a comprehensive `hooks.json` file demonstrating various hook events and their associated commands. ```json { "$schema": "https://unpkg.com/cursor-hooks/schema/hooks.schema.json", "version": 1, "hooks": { "beforeSubmitPrompt": [ { "command": "./hooks/log-prompt.sh" } ], "beforeShellExecution": [ { "command": "./hooks/block-dangerous-commands.sh" } ], "afterShellExecution": [ { "command": "./hooks/audit-commands.sh" } ], "beforeMCPExecution": [ { "command": "./hooks/mcp-governance.sh" } ], "afterMCPExecution": [ { "command": "./hooks/log-mcp.sh" } ], "beforeReadFile": [ { "command": "./hooks/redact-secrets.sh" } ], "afterFileEdit": [ { "command": "./hooks/format.sh" } ], "stop": [ { "command": "./hooks/notify-complete.sh" } ] } } ``` -------------------------------- ### Admin-Enforced Settings Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md Example `requirements.toml` file to enforce allowed approval policies and sandbox modes for administrators. ```toml allowed_approval_policies = ["untrusted", "on-failure"] allowed_sandbox_modes = ["read-only", "workspace-write"] ``` -------------------------------- ### Install Dippy with Homebrew Source: https://github.com/ldayton/dippy/wiki/Home Use Homebrew to install Dippy. This is the recommended installation method. ```bash brew tap ldayton/dippy brew install dippy ``` -------------------------------- ### Complete Dippy Configuration Example Source: https://context7.com/ldayton/dippy/llms.txt A comprehensive example of a Dippy configuration file (~/.dippy/config) demonstrating all features including Git, Docker, Cloud (AWS), package managers, redirects, MCP, afterthoughts, and settings. ```bash # ~/.dippy/config - Complete example # === Git === allow git status allow git log allow git diff allow git show allow git branch -l allow git remote -v allow git fetch ask git deny git push --force "Force push disabled" deny git reset --hard "Hard reset disabled" deny git clean -fd "Clean disabled" # === Docker === allow docker ps allow docker images allow docker inspect allow docker logs ask docker # === Cloud (AWS) === allow aws s3 ls allow aws ec2 describe-* allow aws iam list-* ask aws deny aws s3 rm "S3 deletions need review" # === Package managers === allow pip list allow pip show allow npm list allow npm view ask pip install ask npm install deny pip install --upgrade "Upgrades need review" # === Redirects === allow-redirect /tmp/** allow-redirect ./build/** allow-redirect /dev/null deny-redirect ~/.ssh/** "SSH protected" deny-redirect **/.env* "Secrets protected" # === MCP === allow-mcp mcp__github__get_* allow-mcp mcp__github__list_* deny-mcp mcp__*__delete_* # === Afterthoughts === after git commit "Push your changes" after pytest "Check coverage" after-mcp mcp__github__create_pull_request "Share the PR link" # === Settings === set log ~/.dippy/audit.log ``` -------------------------------- ### Project-Specific Deny Rule Source: https://github.com/ldayton/dippy/wiki/Configuration This example shows a project-specific `.dippy` configuration that overrides a global setting by denying `npm install`. ```shell # Project .dippy deny npm install "Use pnpm install instead" ``` -------------------------------- ### Next Steps Afterthoughts Source: https://github.com/ldayton/dippy/wiki/Extensions/Afterthoughts Guide users on subsequent actions after completing a task. These examples suggest creating a draft PR or testing Docker images locally. ```plaintext after git checkout -b "Create a draft PR early" ``` ```plaintext after docker build "Test locally before pushing" ``` -------------------------------- ### Complete config.toml Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md This example demonstrates a comprehensive TOML configuration file for Codex CLI, including core settings, notification commands, and sandbox fine-tuning. It shows how to set the model, provider, approval policy, sandbox mode, and network access. ```toml # ~/.codex/config.toml # Core settings model = "gpt-5.2-codex" model_provider = "openai" approval_policy = "on-request" sandbox_mode = "workspace-write" model_reasoning_effort = "high" # Notifications notify = ["bash", "-c", "osascript -e \'display notification \"Codex finished\" with title \"Codex\"\'", "]" # Sandbox fine-tuning [sandbox_workspace_write] network_access = true writable_roots = ["/tmp/codex-scratch"] exclude_slash_tmp = false ``` -------------------------------- ### Install Dippy via Homebrew Source: https://context7.com/ldayton/dippy/llms.txt Use Homebrew for the recommended installation of Dippy. This command taps the repository and installs the package. ```bash # Install via Homebrew (recommended) brew tap ldayton/dippy brew install dippy ``` -------------------------------- ### Codex CLI Configuration Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md Example TOML configuration file for Codex CLI. Customize model, policies, and sandbox modes. Includes shell environment policy and MCP server setup. ```toml # ~/.codex/config.toml model = "gpt-5.2-codex" approval_policy = "on-request" sandbox_mode = "workspace-write" model_reasoning_effort = "high" [shell_environment_policy] include_only = ["PATH", "HOME", "USER"] [mcp_servers.github] command = "npx" args = ["-y", "@modelcontextprotocol/server-github"] env = { GITHUB_PERSONAL_ACCESS_TOKEN = "..." } ``` -------------------------------- ### Minimal Handler Example ('mytool.py') Source: https://github.com/ldayton/dippy/wiki/Reference/Handler-Model A basic example of a custom handler for 'mytool', classifying actions as 'allow' or 'ask' based on predefined safe actions. ```python from dippy.cli import Classification, HandlerContext COMMANDS = ["mytool"] SAFE_ACTIONS = frozenset({"list", "show", "status", "info"}) def classify(ctx: HandlerContext) -> Classification: tokens = ctx.tokens if len(tokens) < 2: return Classification("ask", description="mytool") action = tokens[1] if action in SAFE_ACTIONS: return Classification("allow", description=f"mytool {action}") return Classification("ask", description=f"mytool {action}") ``` -------------------------------- ### Dippy Configuration Rules Example Source: https://github.com/ldayton/dippy/wiki/Reference/Security-Model Example of user-defined configuration rules for Dippy, demonstrating how to broadly allow a command and then deny a specific variation. ```plaintext allow git deny git push --force ``` -------------------------------- ### Write Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The Write tool creates or overwrites files. It requires 'file_path' and 'content'. ```json { "tool_name": "Write", "parameters": { "file_path": "output.txt", "content": "This is the content to write." } } ``` -------------------------------- ### Delegate Action Example for 'uv run' Source: https://github.com/ldayton/dippy/wiki/Reference/Handler-Model Example of a handler using the 'delegate' action to analyze an inner command, such as 'uv run pytest tests/'. ```python # uv.py def classify(ctx: HandlerContext) -> Classification: tokens = ctx.tokens if tokens[1] == "run": inner = " ".join(tokens[3:]) # e.g., "pytest tests/" return Classification("delegate", inner_command=inner) # ... ``` -------------------------------- ### Allow All 'get' Actions on GitHub Source: https://github.com/ldayton/dippy/wiki/Extensions/MCP-Tools This rule allows all MCP tools on the GitHub server that start with 'get_'. It demonstrates using wildcards for broader permissions. ```bash allow-mcp mcp__github__get_* ``` -------------------------------- ### SessionStart Hook Input JSON Schema Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Includes the type of agent that has started. ```json { "agent_type": "custom-agent" } ``` -------------------------------- ### Settings File Format Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Defines hooks for 'PreToolUse' and 'Stop' events, specifying command and prompt hook types with timeouts. ```json { "hooks": { "PreToolUse": [ { "matcher": "Write|Edit", "hooks": [ { "type": "command", "command": "/path/to/script.sh", "timeout": 60 } ] } ], "Stop": [ { "hooks": [ { "type": "prompt", "prompt": "Verify all tasks are complete: $ARGUMENTS", "timeout": 30 } ] } ] } } ``` -------------------------------- ### hookSpecificOutput for SessionStart, BeforeAgent, AfterTool Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md Example structure for 'hookSpecificOutput' in 'SessionStart', 'BeforeAgent', and 'AfterTool' events, allowing for additional context. ```json { "hookSpecificOutput": { "hookEventName": "AfterTool", "additionalContext": "Extra context appended to agent" } } ``` -------------------------------- ### Dippy Prefix Matching Source: https://github.com/ldayton/dippy/wiki/Configuration By default, patterns match the command and any additional arguments. This example allows `git status` and any command starting with it. ```shell allow git status ``` -------------------------------- ### WebFetch Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The WebFetch tool retrieves and analyzes content from a given URL. It requires both 'url' and 'prompt' parameters. ```json { "tool_name": "WebFetch", "parameters": { "url": "https://example.com", "prompt": "Summarize the content of the page." } } ``` -------------------------------- ### ExitPlanMode Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The ExitPlanMode tool exits planning mode. It requires a 'plan' parameter. ```json { "tool_name": "ExitPlanMode", "parameters": { "plan": "Completed the task." } } ``` -------------------------------- ### Install Codex CLI via Homebrew Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md Install the Codex CLI using Homebrew. Ensure you have Homebrew installed on your system. ```bash brew install openai/tap/codex ``` -------------------------------- ### Install a Plugin Hook Package Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md Use this command to install a new plugin hook package. Ensure the package name is correct. ```bash gemini hooks install ``` -------------------------------- ### Install Dippy VS Code Extension Source: https://github.com/ldayton/dippy/wiki/Extras/VSCode Run this command to build and install the Dippy extension locally for VS Code. Ensure you have 'just' installed. ```bash just vscode ``` -------------------------------- ### Install Codex CLI via npm Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md Use npm to install the Codex CLI globally. This is one of the available installation methods. ```bash npm i -g @openai/codex ``` -------------------------------- ### Task Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The Task tool is used to launch subagents. It requires 'subagent_type', 'prompt', and 'description'. ```json { "tool_name": "Task", "parameters": { "subagent_type": "CodeReviewer", "prompt": "Review the code for potential bugs.", "description": "Code review task" } } ``` -------------------------------- ### Command Matching Example Source: https://github.com/ldayton/dippy/wiki/Reference/Security-Model Demonstrates how a command is matched against a pattern. The 'ask rm' pattern matches 'rm -rf /tmp/build' due to prefix matching. ```bash Command: rm -rf /tmp/build Pattern: ask rm Result: MATCH → ask for approval (prefix match) ``` -------------------------------- ### Skill Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The Skill tool executes user-defined skills. It requires 'skill' and optionally accepts 'args'. ```json { "tool_name": "Skill", "parameters": { "skill": "my_custom_skill", "args": { "input_data": "some value" } } } ``` -------------------------------- ### Statusline Output Format Example Source: https://context7.com/ldayton/dippy/llms.txt An example of the output format for the Dippy statusline integration, showing model, directory, branch, changes, context usage, and MCP servers. ```bash # Output format: model | directory | branch | changes | context | MCP servers # Example: 🐤 Claude 3.5 Sonnet | myproject | ⎇ main | Δ +42,-15 | ctx: 60% left | MCP: github, filesystem ``` -------------------------------- ### Conditional Activation with Flag File Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Provides a bash script example for conditionally activating a process based on the existence of a flag file. ```bash # Conditionally activate based on flag file if [ ! -f ".enable-strict-validation" ]; then exit 0 fi ``` -------------------------------- ### LS Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The LS tool lists directory contents. It requires a 'path' and optionally accepts an 'ignore' parameter. ```json { "tool_name": "LS", "parameters": { "path": "/app/src", "ignore": [ "*.test.js" ] } } ``` -------------------------------- ### Plugin File Format Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md A basic structure for a plugin's hook configuration, including an optional description and hook definitions. ```json { "description": "Brief explanation (optional)", "hooks": { "PreToolUse": [...], "Stop": [...] } } ``` -------------------------------- ### Notification Payload Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md Example of the JSON payload sent to the notification command via stdin. It includes event details, session ID, and timestamp. ```json { "event": "agent-turn-complete", "session_id": "abc123", "timestamp": "2026-01-14T10:30:00Z" } ``` -------------------------------- ### SubagentStart Hook Input JSON Schema Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Provides details about a newly started subagent, including its ID, type, and description. ```json { "agent_id": "agent_xyz", "parent_agent_id": "agent_abc", "subagent_type": "general-purpose", "description": "Research task" } ``` -------------------------------- ### Read Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The Read tool reads files, including images, PDFs, and notebooks. It requires 'file_path' and optionally accepts 'offset' and 'limit'. ```json { "tool_name": "Read", "parameters": { "file_path": "data.csv", "offset": 100, "limit": 50 } } ``` -------------------------------- ### Matcher Case Sensitivity Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Demonstrates the correct and incorrect usage of the 'matcher' field for case-sensitive matching. ```json "matcher": "bash" // WRONG - won't match "Bash" "matcher": "Bash" // CORRECT ``` -------------------------------- ### Redirect Matching Example Source: https://github.com/ldayton/dippy/wiki/Reference/Security-Model Shows how redirects are extracted and matched separately. A redirect to '~/.ssh/*' triggers an 'ask-redirect' rule, even if the command itself is allowed. ```bash Command: echo "data" > ~/.ssh/authorized_keys Redirect: ~/.ssh/authorized_keys Pattern: ask-redirect ~/.ssh/* Result: MATCH → ask for approval ``` -------------------------------- ### Glob Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The Glob tool performs file pattern matching. It requires a 'pattern' and optionally accepts a 'path'. ```json { "tool_name": "Glob", "parameters": { "pattern": "*.py", "path": "/app/src" } } ``` -------------------------------- ### Extension Hooks Configuration Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md Example of how to define extension hooks using a `hooks.json` file within an extension. ```APIDOC ## Extension Hooks (v0.21.0+) ### Description Extensions can include a `hooks/hooks.json` file to define custom hooks. ### Request Example ```json { "hooks": { "PostToolUse": [ { "matcher": "WriteFile", "hooks": [ { "type": "command", "command": "${extensionPath}/scripts/lint.sh" } ] } ] } } ``` ### Notes Extension hooks support `${extensionPath}` variable substitution. ``` -------------------------------- ### Component-Scoped Hooks Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Demonstrates defining hooks within a component's frontmatter for lifecycle-specific execution. ```yaml --- hooks: PreToolUse: - matcher: "Write" hooks: - type: command command: "./validate.sh" --- ``` -------------------------------- ### SlashCommand Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The SlashCommand tool executes slash commands. It requires a 'command' parameter. ```json { "tool_name": "SlashCommand", "parameters": { "command": "/help" } } ``` -------------------------------- ### MCP Tool Naming Convention Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Illustrates the naming convention for MCP tools, which follows the pattern mcp____. ```json "matcher": "mcp__memory__.*" // All tools from memory server ``` ```json "matcher": "mcp__.*" // All MCP tools ``` ```json "matcher": "mcp__github__create_issue" // Specific tool ``` -------------------------------- ### Bash Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The Bash tool allows execution of shell commands. It requires a 'command' parameter and optionally accepts 'description', 'timeout', and 'run_in_background'. ```json { "tool_name": "Bash", "parameters": { "command": "ls -l", "description": "List directory contents" } } ``` -------------------------------- ### Manual Dippy Installation Source: https://context7.com/ldayton/dippy/llms.txt Clone the Dippy repository manually and use the hook directly from the cloned path. This method is useful if Homebrew is not available. ```bash # Clone the repository git clone https://github.com/ldayton/Dippy.git # Use the hook directly from the cloned path /path/to/Dippy/bin/dippy-hook ``` -------------------------------- ### Redirect Targets Example for 'export -o' Source: https://github.com/ldayton/dippy/wiki/Reference/Handler-Model Demonstrates a handler identifying output file paths for redirect analysis when a command like 'export -o ' is used. ```python def classify(ctx: HandlerContext) -> Classification: tokens = ctx.tokens if tokens[1] == "export" and "-o" in tokens: output_file = tokens[tokens.index("-o") + 1] return Classification( "allow", redirect_targets=(output_file,) ) ``` -------------------------------- ### Gemini CLI Hooks Configuration Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md Example JSON configuration for defining BeforeTool and AfterTool hooks. Specify matchers and commands to execute. ```json { "hooks": { "BeforeTool": [ { "matcher": "write_file|replace", "hooks": [ { "name": "secret-scanner", "type": "command", "command": "$GEMINI_PROJECT_DIR/.gemini/hooks/scan-secrets.sh", "description": "Scans for secrets before file writes", "timeout": 5000 } ] } ], "AfterTool": [ { "matcher": "write_file", "hooks": [ { "name": "auto-format", "type": "command", "command": "$GEMINI_PROJECT_DIR/.gemini/hooks/format.sh", "timeout": 10000 } ] } ] } } ``` -------------------------------- ### Permission Decision with updatedInput Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Demonstrates combining a permission decision with updated input. 'allow' with 'updatedInput' modifies and auto-approves, while 'ask' modifies and prompts the user for confirmation. ```json { "hookSpecificOutput": { "permissionDecision": "allow", "updatedInput": { "command": "safe-command" } } } ``` -------------------------------- ### TodoWrite Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The TodoWrite tool manages task lists. It accepts an array of 'todos', where each todo object can include 'content', 'status', and 'activeForm'. ```json { "tool_name": "TodoWrite", "parameters": { "todos": [ { "content": "Implement feature X", "status": "pending", "activeForm": true } ] } } ``` -------------------------------- ### Set Sandbox Mode via CLI Flag Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md Example of setting the sandbox mode directly using a CLI flag. This overrides configuration file settings. ```bash # CLI flag codex --sandbox workspace-write ``` -------------------------------- ### WebSearch Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The WebSearch tool performs a web search. It requires a 'query' and can optionally filter results using 'allowed_domains' and 'blocked_domains'. ```json { "tool_name": "WebSearch", "parameters": { "query": "Claude Code documentation", "allowed_domains": [ "claude.ai" ] } } ``` -------------------------------- ### getDiagnostics Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The getDiagnostics tool retrieves VS Code diagnostics. It optionally accepts a 'uri' parameter. ```json { "tool_name": "getDiagnostics", "parameters": { "uri": "file:///path/to/your/file.js" } } ``` -------------------------------- ### ExecuteCode Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The executeCode tool is used for Jupyter kernel execution. It takes a 'code' parameter containing the code to be executed. ```json { "tool_name": "executeCode", "parameters": { "code": "print('Hello, world!')" } } ``` -------------------------------- ### BashOutput Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The BashOutput tool retrieves output from a background shell command. It requires 'bash_id' and optionally accepts a 'filter'. ```json { "tool_name": "BashOutput", "parameters": { "bash_id": "12345", "filter": "*.log" } } ``` -------------------------------- ### Configure Dippy Statusline in Claude Settings Source: https://github.com/ldayton/dippy/wiki/Extras/Statusline Add this JSON configuration to your `~/.claude/settings.json` file to enable the Dippy statusline command. If installed manually, use the full path to the executable. ```json "statusLine": { "type": "command", "command": "dippy-statusline" } ``` -------------------------------- ### Persist Project Type in SessionStart Hook Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Use the SessionStart hook to export environment variables that persist throughout the session. This example sets the PROJECT_TYPE to nodejs. ```bash # In SessionStart hook echo "export PROJECT_TYPE=nodejs" >> "$CLAUDE_ENV_FILE" # Variable persists across session ``` -------------------------------- ### Grep Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The Grep tool performs content searches within files using a specified pattern. It supports various optional parameters for fine-tuning the search, such as path, output mode, and context lines. ```json { "tool_name": "Grep", "parameters": { "pattern": "error", "path": "/var/log/app.log", "output_mode": "match_count", "type": "text" } } ``` -------------------------------- ### Dippy Hook Input/Output Formats Source: https://context7.com/ldayton/dippy/llms.txt JSON formats for Dippy's interaction with AI assistants. Shows input and output examples for Claude Code, Gemini CLI, and Cursor. ```json # Claude Code input format { "hook_event_name": "PreToolUse", "tool_name": "Bash", "tool_input": { "command": "git status", "cwd": "/path/to/project" } } ``` ```json # Claude Code output format (approve) { "hookSpecificOutput": { "hookEventName": "PreToolUse", "permissionDecision": "allow", "permissionDecisionReason": "🐤 git status" } } ``` ```json # Claude Code output format (deny) { "hookSpecificOutput": { "hookEventName": "PreToolUse", "permissionDecision": "deny", "permissionDecisionReason": "🐤 Force push is disabled" } } ``` ```json # Gemini CLI output format { "decision": "allow", "reason": "🐤 git status" } ``` ```json # Cursor output format { "permission": "allow", "user_message": "🐤 git status", "agent_message": "🐤 git status" } ``` -------------------------------- ### Convention Enforcement Afterthoughts Source: https://github.com/ldayton/dippy/wiki/Extensions/Afterthoughts Enforce coding conventions by displaying reminders after relevant commands. Examples include Python script execution, pip installs, and Brewfile updates. ```plaintext after python "Remember: use uv run python for project scripts" ``` ```plaintext after pip install "Add to requirements.txt" ``` ```plaintext after brew install "Update Brewfile" ``` -------------------------------- ### Dippy Pattern Matching Examples Source: https://context7.com/ldayton/dippy/llms.txt Utilize prefix matching, exact matching with `|`, and wildcards (`*`, `?`, `[abc]`) for flexible rule definition in Dippy. Rules are evaluated in order, with the last match taking precedence. ```bash # Prefix matching (default) - matches command with any additional args allow git status # Matches: git status, git status -s, git status --porcelain # Exact matching with | anchor - no additional arguments allowed allow git status| # Matches only: git status (not git status -s) # Wildcard patterns allow git * # Any git command allow docker image * # Any docker image subcommand deny * *.pem # Block any command targeting .pem files # Override pattern - last match wins allow docker # Allow all docker commands deny docker run # But block docker run deny docker exec # And block docker exec ``` -------------------------------- ### Afterthought with Prefix Match Source: https://github.com/ldayton/dippy/wiki/Extensions/Afterthoughts This afterthoughts rule uses a prefix match for `npm`. It will trigger for any command starting with `npm`, such as `npm install` or `npm test`, reminding the user to check `package-lock.json`. ```plaintext after npm "Check package-lock.json for changes" ``` -------------------------------- ### Define a Simple Afterthought for Git Commit Source: https://github.com/ldayton/dippy/wiki/Extensions/Afterthoughts This example configures Dippy to display 'Now push with git push' after any `git commit` command is successfully run. ```plaintext after git commit "Now push with git push" ``` -------------------------------- ### Python Hook for Tool Use Permission Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md A Python script template for creating hooks. This example demonstrates how to deny permission for a tool use based on input conditions, providing a reason. ```python #!/usr/bin/env python3 import json import sys def main(): input_data = json.load(sys.stdin) tool_name = input_data.get('tool_name', '') tool_input = input_data.get('tool_input', {}) # Your logic here if should_block(tool_input): output = { "hookSpecificOutput": { "hookEventName": "PreToolUse", "permissionDecision": "deny", "permissionDecisionReason": "Blocked: reason here" } } print(json.dumps(output)) sys.exit(0) # Allow sys.exit(0) if __name__ == "__main__": main() ``` -------------------------------- ### Gemini CLI Input JSON Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md This JSON structure represents the input format for hooks in the Gemini CLI, including event name, tool name, and tool input. ```json { "hook_event_name": "BeforeTool", "tool_name": "write_file", "tool_input": { } } ``` -------------------------------- ### Extension Hooks Configuration Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md Define extension hooks in a hooks.json file within your extension. This example shows how to configure a hook for the 'PostToolUse' event that matches 'WriteFile' and executes a 'lint.sh' script. ```json { "hooks": { "PostToolUse": [ { "matcher": "WriteFile", "hooks": [ { "type": "command", "command": "${extensionPath}/scripts/lint.sh" } ] } ] } } ``` -------------------------------- ### Configure MCP GitHub Server Integration Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md Set up integration with a GitHub MCP server. This involves specifying the command to run the server and any necessary environment variables, like a personal access token. ```toml [mcp_servers.github] command = "npx" args = ["-y", "@modelcontextprotocol/server-github"] env = { GITHUB_PERSONAL_ACCESS_TOKEN = "..." } ``` -------------------------------- ### Command and Redirect Rule Interaction Example Source: https://github.com/ldayton/dippy/wiki/Proposals/File-Editing Illustrates how Dippy's command rules and redirect rules interact. A command must satisfy both sets of rules. In this example, writing to `/tmp/out` is allowed because it passes both the `allow git log` command rule and the `deny-redirect /etc/**` rule. However, writing to `/etc/foo` would be denied. ```shell allow git log deny-redirect /etc/** ``` -------------------------------- ### Uninstall Dippy via Homebrew Source: https://github.com/ldayton/dippy/blob/main/README.md If Dippy was installed using Homebrew, use this command to uninstall it. ```bash brew uninstall dippy ``` -------------------------------- ### Allow Temporary and Build Output Directories Source: https://github.com/ldayton/dippy/wiki/Proposals/File-Editing These `allow-redirect` rules permit writes to common temporary directories and build output locations, facilitating development workflows. ```shell allow-redirect /tmp/** ``` ```shell allow-redirect ./dist/** ``` ```shell allow-redirect ./build/** ``` ```shell allow-redirect ./target/** ``` -------------------------------- ### KillShell Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The KillShell tool terminates a background shell process. It requires 'shell_id'. ```json { "tool_name": "KillShell", "parameters": { "shell_id": "12345" } } ``` -------------------------------- ### Dippy Comment Syntax Source: https://github.com/ldayton/dippy/wiki/Configuration Dippy supports full-line comments starting with `#` and inline comments following a command. ```shell # Full line comment allow git status # Inline comment ``` -------------------------------- ### Configure SessionStart Hook to Read Context Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md This SessionStart hook executes a command to read the context file '.claude/context.md' when a new session begins. ```json { "hooks": { "SessionStart": [ { "hooks": [ { "type": "command", "command": "cat .claude/context.md" } ] } ] } } ``` -------------------------------- ### Environment Variable Substitution in Command Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md Demonstrates using environment variables like $GEMINI_PROJECT_DIR within a command string for dynamic path resolution. ```json { "command": "$GEMINI_PROJECT_DIR/.gemini/hooks/my-hook.sh" } ``` -------------------------------- ### Event Details: SessionStart and SessionEnd Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md Details for the SessionStart and SessionEnd hook events, including when they trigger and their capabilities. ```APIDOC ## SessionStart / SessionEnd Event Details - **When:** Session lifecycle boundaries - **SessionStart special:** Can persist variables via `$CLAUDE_ENV_FILE` - **SessionEnd:** Supports `systemMessage` (v2.1.0+) ``` -------------------------------- ### NotebookEdit Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The NotebookEdit tool modifies Jupyter cells. It requires 'notebook_path' and 'new_source', and optionally accepts 'cell_id', 'cell_type', and 'edit_mode'. ```json { "tool_name": "NotebookEdit", "parameters": { "notebook_path": "my_notebook.ipynb", "new_source": "print('Updated cell')", "cell_id": "12345", "edit_mode": "replace" } } ``` -------------------------------- ### SessionStart Event JSON Schema Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md Schema for the 'SessionStart' event, indicating the source of the session initiation. Possible values for 'source' are 'startup', 'resume', or 'clear'. ```json { "hook_event_name": "SessionStart", "source": "startup" } ``` -------------------------------- ### Cursor Multiple Hooks Bug Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/cursor-hooks.md When multiple hooks are defined in the same trigger array, only the first hook in the list will execute. This is a known issue. ```json { "hooks": { "beforeShellExecution": [ { "command": "./hook1.sh" }, { "command": "./hook2.sh" } ] } } ``` -------------------------------- ### Enable Full Auto Mode via CLI Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/codex-cli.md A shortcut flag `--full-auto` that enables `on-request` approval policy and `workspace-write` sandbox mode. ```bash # Shortcut for on-request + workspace-write codex --full-auto ``` -------------------------------- ### Basic Dippy Configuration Rules Source: https://context7.com/ldayton/dippy/llms.txt Define basic configuration rules in `~/.dippy/config` or `.dippy` to control command execution. Use `allow`, `ask`, and `deny` directives for auto-approval, user prompts, or blocking commands. ```bash # ~/.dippy/config - Global configuration # Safe read-only git operations allow git status allow git log allow git diff allow git show allow git branch -l # Prompt for all other git commands ask git # Block dangerous operations with guidance deny git push --force "Force push is disabled - use regular push" deny git reset --hard "Hard reset is disabled - use git stash instead" deny rm -rf "Use trash instead of rm -rf" # Protect sensitive paths deny * /etc/* "Don't modify system config" deny * ~/.ssh/* "Don't touch SSH keys" # Project-specific override (in .dippy file) deny npm install "Use pnpm install instead" deny python "Use uv run python for project environment" ``` -------------------------------- ### Limitations of Dippy Patterns Source: https://github.com/ldayton/dippy/wiki/Reference/Security-Model These examples show what Dippy patterns cannot catch due to limitations in inspecting script contents, variable expansions, or shell aliases. ```bash # Can't see inside scripts ./malicious-script.sh # Pattern "ask rm" won't help ``` ```bash # Can't see after variable expansion rm -rf $DANGEROUS_PATH # We see literal "$DANGEROUS_PATH" ``` ```bash # Can't resolve shell aliases ll # If aliased to "ls -la", we see "ll" ``` -------------------------------- ### MCP Tools Configuration Source: https://github.com/ldayton/dippy/wiki/Configuration Configure access for MCP tools using `allow-mcp` and `deny-mcp`. Wildcards can be used to match multiple tool actions. ```shell allow-mcp mcp__github__get_* allow-mcp mcp__github__list_* deny-mcp mcp__*__delete_* "Deletions need manual approval" ``` -------------------------------- ### Customize Dippy Statusline Colors Source: https://github.com/ldayton/dippy/wiki/Extras/Statusline Edit the `STYLES` dictionary in the Dippy statusline script to customize the color scheme. This example uses a Molokai-inspired theme. ```python STYLES = { "model": ("white", None), "directory": ("white", None), "branch": ("white", None), "branch_detached": ("bgYellow", None), "changes_clean": ("white", None), "changes_dirty": ("yellow", None), "context": ("white", None), "mcp_title": ("white", None), "mcp_connected": ("green", None), "mcp_disconnected": ("red", None), } ``` -------------------------------- ### Basic hooks.json Configuration Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/cursor-hooks.md Defines which scripts to run for specific hook events like beforeShellExecution and afterFileEdit. Relative paths resolve from the hooks.json file's directory. ```json { "version": 1, "hooks": { "beforeShellExecution": [ { "command": "./hooks/script.sh" } ], "afterFileEdit": [ { "command": "bun run hooks/format.ts" } ] } } ``` -------------------------------- ### Edit Tool Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/claude-code-hooks.md The Edit tool performs a single find-and-replace operation within a file. It requires 'file_path', 'old_string', and 'new_string'. The 'replace_all' parameter is optional. ```json { "tool_name": "Edit", "parameters": { "file_path": "my_file.txt", "old_string": "foo", "new_string": "bar", "replace_all": true } } ``` -------------------------------- ### Default Setting Directives Source: https://github.com/ldayton/dippy/wiki/Configuration Directives for setting default behaviors. ```APIDOC ## Default Setting Directives ### Description Sets the default behavior for access control. ### Directives - **set default allow** (`set default allow`): Sets the default action to allow. - **set default ask** (`set default ask`): Sets the default action to ask for confirmation. ``` -------------------------------- ### Claude Code Output JSON Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md This JSON structure represents the output format for hooks in Claude Code, including decision, reason, and permission decision. ```json { "decision": "deny", "reason": "...", "permissionDecision": "deny" } ``` -------------------------------- ### Gemini CLI Output JSON Example Source: https://github.com/ldayton/dippy/blob/main/docs/hook-systems/gemini-cli-hooks.md This JSON structure represents the output format for hooks in the Gemini CLI, including decision, reason, and hook-specific output. ```json { "decision": "deny", "reason": "...", "hookSpecificOutput": { "additionalContext": "..." } } ``` -------------------------------- ### Default to Asking for Unknown Servers Source: https://github.com/ldayton/dippy/wiki/Extensions/MCP-Tools This configuration allows specific known MCP servers (GitHub reads, Filesystem reads) and then prompts the user for any other MCP tool usage. It's a secure default. ```bash # Allow known servers allow-mcp mcp__github__get_* allow-mcp mcp__filesystem__read_* # Ask for everything else ask-mcp mcp__* ``` -------------------------------- ### Filesystem: Allow Reads, Deny Writes/Edits Source: https://github.com/ldayton/dippy/wiki/Extensions/MCP-Tools This configuration prioritizes using Claude's native tools for filesystem operations. It allows read operations via MCP but denies write and edit actions. ```bash allow-mcp mcp__filesystem__read_* allow-mcp mcp__filesystem__list_* allow-mcp mcp__filesystem__search_* allow-mcp mcp__filesystem__get_* deny-mcp mcp__filesystem__write_* "Use Claude's Write tool instead" deny-mcp mcp__filesystem__edit_* "Use Claude's Edit tool instead" ``` -------------------------------- ### Dippy Rule Overriding Example Source: https://github.com/ldayton/dippy/wiki/Configuration Rules are evaluated in order, with the last match winning. This allows all `git` commands broadly, then specifically blocks dangerous operations. ```shell # Allow all git commands (prefix match) allow git # But block the dangerous ones deny git push --force deny git push * --force deny git reset --hard deny git clean -fd ``` -------------------------------- ### Allow Specific GitHub Tool Source: https://github.com/ldayton/dippy/wiki/Extensions/MCP-Tools This rule explicitly allows the 'get_me' tool on the GitHub MCP server. It's an example of a highly specific allow rule. ```bash allow-mcp mcp__github__get_me ``` -------------------------------- ### Allowing Redirects Source: https://github.com/ldayton/dippy/wiki/Configuration Use `allow-redirect` to permit commands that redirect output to specified paths. Patterns use `**` for recursive matching and `*` for single directory levels. ```shell allow-redirect /tmp/** allow-redirect ./dist/** ``` -------------------------------- ### Configure PostToolUse Hook for Dippy Source: https://github.com/ldayton/dippy/wiki/Extensions/Afterthoughts Add this to your `~/.claude/settings.json` to enable Dippy's afterthoughts. Without this hook, afterthoughts are ignored. Use the full path if installed manually. ```json "PostToolUse": [ { "matcher": "Bash", "hooks": [{ "type": "command", "command": "dippy" }] } ] ``` -------------------------------- ### Dippy Directives: Allow, Ask, Deny Source: https://github.com/ldayton/dippy/wiki/Configuration Use `allow`, `ask`, and `deny` directives to control AI command execution. `allow` lets commands run, `ask` prompts for approval, and `deny` blocks them with a message. ```shell allow git status # Safe, let it through ask docker run # I want to see what it's running deny rm -rf "Use trash" # Block with guidance ``` -------------------------------- ### Basic Dippy Configuration Source: https://github.com/ldayton/dippy/wiki/Configuration This is the simplest configuration. It blocks `rm -rf` commands and displays a custom message. ```shell deny rm -rf "Use trash instead of rm -rf" ```