g4borg
97001e1544
Move all 29 workspace members from packages/<name>/ to crates/<name>/. Updates: workspace Cargo.toml (members + path deps), justfile, root CLAUDE.md, scripts/build/CARGO_INSTALL.md, docs/architecture/crates.md (renamed from packages.md), structural references in docs/architecture and docs/configuration, per-crate CLAUDE.md self-references. Historical plans, reports, and building/ docs are left untouched. No behavior change; just check-all stays green and fermata tests pass.
dirigent_fermata
𝄐 fermata — a fast, harness-agnostic guard that blocks AI coding agents from reading, writing, or executing things they shouldn't.
Reads .botignore (gitignore syntax) and an optional botignore.toml for advanced rules. Designed to be called from agent hooks, used as an MCP server (future), or consumed as a library.
Status
v0.1 — first releasable slice:
- Library:
Op,Decision,Policy::check,Policy::check_command, project-root walk-up,.botignorewalker (viaignore),botignore.tomlparsing, path identification heuristics. - CLI:
fermata check <path>...,fermata hook --harness <name>. - Harness: Claude Code (PreToolUse) only.
Out of scope for v0.1: Codex, Gemini, MCP server, audit log, filesystem watcher.
Quick start
# As a CLI
fermata check --op read /path/to/.env
echo $? # 1 if blocked, 0 if allowed
# As a Claude Code hook
fermata hook --harness claude < hook_payload.json
Configuration
.botignore (gitignore syntax, applies to read + write):
.env
.env.*
secrets/**
botignore.toml (per-op rules):
[read]
patterns = [".env*", "secrets/**"]
[write]
patterns = ["vendor/**", "*.lock"]
[bash]
deny = ["rm -rf /", "git push --force*"]
ask = ["rm:*", "mv:*"]
allow_prefixes = ["make test", "git checkout:*"]
See also
docs/tools/fermata.md— Dirigent integration plandocs/workpad/brainstorm/fermata.md— full product spec