Dippy

🚫 What gets blocked

• Subshell injection: git $(echo rm) foo.txt, echo $(rm -rf /)
• Subtle file writes: curl https://example.com > script.sh, tee output.log
• Hidden mutations: git stash drop, npm unpublish, brew unlink
• Cloud danger: aws s3 rm s3://bucket --recursive, kubectl delete pod
• Destructive chains: rm -rf node_modules && npm install (blocks the whole thing)

Installation

Homebrew (recommended)

brew tap ldayton/dippy
brew install dippy

Manual

git clone https://github.com/ldayton/Dippy.git

Configure

Add to ~/.claude/settings.json (or use /hooks interactively):

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [{ "type": "command", "command": "dippy" }]
      }
    ]
  }
}

If you installed manually, use the full path instead: /path/to/Dippy/bin/dippy-hook

Configuration

Dippy is highly customizable. Beyond simple allow/deny rules, you can attach messages that steer the AI back on track when it goes astray—no wasted turns.

deny python "Use uv run python, which runs in project environment"
deny rm -rf "Use trash instead"
deny-redirect **/.env* "Never write secrets, ask me to do it"

Dippy reads config from ~/.dippy/config (global) and .dippy in your project root.

Full documentation: Dippy Wiki

Extensions

Dippy can do more than filter shell commands. See the wiki for additional capabilities.

Uninstall

Remove the hook entry from ~/.claude/settings.json, then:

brew uninstall dippy  # if installed via Homebrew