🔧

Ripperdoc

Permissions

Understanding and configuring the permission system

Ripperdoc includes a permission system to protect against unintended operations.

How Permissions Work

By default, Ripperdoc prompts for approval before:

  • Executing shell commands
  • Editing or writing files
  • Running potentially destructive operations

When a permission prompt appears, you can:

  • y/yes: Allow the operation
  • n/no: Deny the operation
  • a/always: Always allow this type of operation
  • Esc: Deny the operation

YOLO Mode

Skip all permission prompts with YOLO mode:

ripperdoc --yolo

Warning: Use YOLO mode only in trusted environments where you're comfortable with the AI making changes without confirmation.

Permission Configuration

Permissions are configured in project-level files:

  1. .ripperdoc/config.json - Main project configuration
  2. .ripperdoc/config.local.json - Local overrides (gitignored)

Configuration Schema

{
  "allowed_tools": ["Read", "Glob", "Grep", "LS", "Edit", "Bash"],
  "working_directories": ["/path/to/allowed/dir"],
  "bash_allow_rules": [
    {
      "pattern": "npm test",
      "description": "Allow running tests"
    },
    {
      "pattern": "git status",
      "description": "Allow git status"
    }
  ],
  "bash_ask_rules": [
    {
      "pattern": "terraform *",
      "description": "Always ask before terraform"
    }
  ],
  "bash_deny_rules": [
    {
      "pattern": "rm -rf /",
      "description": "Prevent destructive commands"
    }
  ]
}

Configuration Fields

FieldDescription
allowed_toolsList of tools the AI can use
working_directoriesDirectories where operations are allowed
bash_allow_rulesRules to auto-approve bash commands
bash_ask_rulesRules to always prompt before bash commands
bash_deny_rulesRules to auto-deny bash commands

Rule Pattern Syntax

Rules use glob-style patterns:

  • npm test - Exact match
  • npm * - Prefix match
  • *test* - Contains match
  • git @(status|diff|log) - Multiple alternatives

Rule Precedence

When multiple rules match, precedence is:

  1. deny
  2. ask
  3. allow

Example Configurations

Development Project

{
  "allowed_tools": ["Read", "Glob", "Grep", "LS", "Edit", "Write", "Bash"],
  "working_directories": ["."],
  "bash_allow_rules": [
    {"pattern": "npm *", "description": "Allow npm commands"},
    {"pattern": "git *", "description": "Allow git commands"},
    {"pattern": "python *", "description": "Allow python commands"}
  ],
  "bash_deny_rules": [
    {"pattern": "rm -rf /*", "description": "Prevent recursive delete from root"}
  ]
}

Read-Only Analysis

{
  "allowed_tools": ["Read", "Glob", "Grep", "LS"],
  "bash_allow_rules": [
    {"pattern": "ls *", "description": "Allow listing"},
    {"pattern": "cat *", "description": "Allow reading"}
  ]
}

Read-Only Operations

Some operations are automatically allowed as read-only:

  • Glob - Finding files
  • Grep - Searching content
  • Read - Reading files
  • LS - Listing directories
  • Shell commands: ls, cat, head, tail, grep, find (without redirects)

Sandbox Mode

The Bash tool supports sandbox mode for read-only shell operations:

{
  "command": "ls -la",
  "sandbox": true
}

Sandbox mode:

  • Prevents filesystem writes
  • Blocks network access
  • Runs without permission prompts

Working with Sensitive Directories

Ripperdoc will prompt for confirmation when accessing sensitive directories:

  • /usr, /etc, /bin, /sbin
  • System configuration directories
  • Other user home directories

Managing Permissions

Use the /permissions command to view and manage permissions (interactive UI when available):

> /permissions
> /permissions tui
> /permissions list
> /permissions add allow Bash "npm *"
> /permissions add ask Bash "terraform *"
> /permissions remove local ask "terraform *"

Local Configuration Override

Use .ripperdoc/config.local.json for local-only settings that shouldn't be committed:

{
  "bash_allow_rules": [
    {"pattern": "docker *", "description": "Local docker access"}
  ],
  "bash_ask_rules": [
    {"pattern": "kubectl *", "description": "Always ask before kubectl"}
  ]
}

Add .ripperdoc/config.local.json to your .gitignore.

Best Practices

  1. Start with defaults: Use the default permission system until you understand your workflow
  2. Allow specific commands: Create allow rules for frequently used safe commands
  3. Deny dangerous patterns: Explicitly deny patterns like rm -rf /
  4. Use ask rules for risky tools: Require confirmation for sensitive commands
  5. Use sandbox for exploration: Use sandbox mode when exploring unfamiliar codebases
  6. Review before YOLO: Only use YOLO mode after reviewing what Ripperdoc will do
  7. Use local config: Put personal/machine-specific rules in config.local.json

Tools

Built-in tools available in Ripperdoc

Sessions

Managing conversation sessions and history

On this page

How Permissions WorkYOLO ModePermission ConfigurationConfiguration SchemaConfiguration FieldsRule Pattern SyntaxRule PrecedenceExample ConfigurationsDevelopment ProjectRead-Only AnalysisRead-Only OperationsSandbox ModeWorking with Sensitive DirectoriesManaging PermissionsLocal Configuration OverrideBest Practices