64 lines
1.6 KiB
Markdown
64 lines
1.6 KiB
Markdown
# dirigent_fermata
|
|
|
|
`𝄐 fermata` — a fast, harness-agnostic guard that blocks AI coding agents from reading, writing, or executing things they shouldn't.
|
|
|
|
Reads `.botignore` (gitignore syntax) and an optional `botignore.toml` for advanced rules. Designed to be called from agent hooks, used as an MCP server (future), or consumed as a library.
|
|
|
|
## Status
|
|
|
|
v0.1 — first releasable slice:
|
|
- Library: `Op`, `Decision`, `Policy::check`, `Policy::check_command`, project-root walk-up, `.botignore` walker (via `ignore`), `botignore.toml` parsing, path identification heuristics.
|
|
- CLI: `fermata check <path>...`, `fermata hook --harness <name>`.
|
|
- Harness: Claude Code (PreToolUse) only.
|
|
|
|
Out of scope for v0.1: Codex, Gemini, MCP server, audit log, filesystem watcher.
|
|
|
|
## Install
|
|
|
|
From source (this monorepo):
|
|
|
|
```bash
|
|
cargo install --path crates/dirigent_fermata --features cli
|
|
```
|
|
|
|
This installs the `fermata` binary into `~/.cargo/bin/`.
|
|
|
|
## Quick start
|
|
|
|
```bash
|
|
# As a CLI
|
|
fermata check --op read /path/to/.env
|
|
echo $? # 1 if blocked, 0 if allowed
|
|
|
|
# As a Claude Code hook
|
|
fermata hook --harness claude < hook_payload.json
|
|
```
|
|
|
|
## Configuration
|
|
|
|
`.botignore` (gitignore syntax, applies to read + write):
|
|
```
|
|
.env
|
|
.env.*
|
|
secrets/**
|
|
```
|
|
|
|
`botignore.toml` (per-op rules):
|
|
```toml
|
|
[read]
|
|
patterns = [".env*", "secrets/**"]
|
|
|
|
[write]
|
|
patterns = ["vendor/**", "*.lock"]
|
|
|
|
[bash]
|
|
deny = ["rm -rf /", "git push --force*"]
|
|
ask = ["rm:*", "mv:*"]
|
|
allow_prefixes = ["make test", "git checkout:*"]
|
|
```
|
|
|
|
## See also
|
|
|
|
- `docs/tools/fermata.md` — Dirigent integration plan
|
|
- `docs/workpad/brainstorm/fermata.md` — full product spec
|