fermata/README.md

# dirigent_fermata

`𝄐 fermata` — a fast, harness-agnostic guard that blocks AI coding agents from reading, writing, or executing things they shouldn't.

Reads `.botignore` (gitignore syntax) and an optional `botignore.toml` for advanced rules. Designed to be called from agent hooks, used as an MCP server (future), or consumed as a library.

## Status

v0.1 — first releasable slice:
- Library: `Op`, `Decision`, `Policy::check`, `Policy::check_command`, project-root walk-up, `.botignore` walker (via `ignore`), `botignore.toml` parsing, path identification heuristics.
- CLI: `fermata check <path>...`, `fermata hook --harness <name>`.
- Harness: Claude Code (PreToolUse) only.

Out of scope for v0.1: Codex, Gemini, MCP server, audit log, filesystem watcher.

## Install

From a published release (after `cargo publish`):

```bash
cargo install dirigent_fermata
```

From source (this monorepo):

```bash
cargo install --path crates/dirigent_fermata --features cli
```

This installs the `fermata` binary into `~/.cargo/bin/`.

## Quick start

```bash
# As a CLI
fermata check --op read /path/to/.env
echo $?  # 1 if blocked, 0 if allowed

# As a Claude Code hook
fermata hook --harness claude < hook_payload.json
```

## Configuration

`.botignore` (gitignore syntax, applies to read + write):
```
.env
.env.*
secrets/**
```

`botignore.toml` (per-op rules):
```toml
[read]
patterns = [".env*", "secrets/**"]

[write]
patterns = ["vendor/**", "*.lock"]

[bash]
deny = ["rm -rf /", "git push --force*"]
ask = ["rm:*", "mv:*"]
allow_prefixes = ["make test", "git checkout:*"]
```

## See also

- `docs/tools/fermata.md` — Dirigent integration plan
- `docs/workpad/brainstorm/fermata.md` — full product spec