dirigent_fermata

𝄐 fermata — a fast, harness-agnostic guard that blocks AI coding agents from reading, writing, or executing things they shouldn't.

Reads .botignore (gitignore syntax) and an optional botignore.toml for advanced rules. Designed to be called from agent hooks, used as an MCP server (future), or consumed as a library.

Status

v0.1 — first releasable slice:

• Library: Op, Decision, Policy::check, Policy::check_command, project-root walk-up, .botignore walker (via ignore), botignore.toml parsing, path identification heuristics.
• CLI: fermata check <path>..., fermata hook --harness <name>.
• Harness: Claude Code (PreToolUse) only.

Out of scope for v0.1: Codex, Gemini, MCP server, audit log, filesystem watcher.

Install

From a published release (after cargo publish):

cargo install dirigent_fermata

From source (this monorepo):

cargo install --path crates/dirigent_fermata --features cli

This installs the fermata binary into ~/.cargo/bin/.

Quick start

# As a CLI
fermata check --op read /path/to/.env
echo $?  # 1 if blocked, 0 if allowed

# As a Claude Code hook
fermata hook --harness claude < hook_payload.json

Configuration

.botignore (gitignore syntax, applies to read + write):

.env
.env.*
secrets/**

botignore.toml (per-op rules):

[read]
patterns = [".env*", "secrets/**"]

[write]
patterns = ["vendor/**", "*.lock"]

[bash]
deny = ["rm -rf /", "git push --force*"]
ask = ["rm:*", "mv:*"]
allow_prefixes = ["make test", "git checkout:*"]

See also

• docs/tools/fermata.md — Dirigent integration plan
• docs/workpad/brainstorm/fermata.md — full product spec