🐤 Dippy

Because ls shouldn't need approval

---

Stop the permission fatigue. Claude Code asks for approval on every ls, git status, and cat - destroying your flow state. You check Slack, come back, and your assistant's just sitting there waiting.

Dippy is a shell command hook that auto-approves safe commands while still prompting for anything destructive. When it blocks, your custom deny messages can steer Claude back on track—no wasted turns. Get up to 40% faster development without disabling permissions entirely.

Built on Parable, our own hand-written bash parser—no external dependencies, just pure Python. 14,000+ tests between the two.

Example: rejecting unsafe operation in a chain

Example: rejecting a command with advice, so Claude can keep going

✅ What gets approved

• Complex pipelines: ps aux | grep python | awk '{print $2}' | head -10
• Chained reads: git status && git log --oneline -5 && git diff --stat
• Cloud inspection: aws ec2 describe-instances --filters "Name=tag:Environment,Values=prod"
• Container debugging: docker logs --tail 100 api-server 2>&1 | grep ERROR
• Safe redirects: grep -r "TODO" src/ 2>/dev/null, ls &>/dev/null
• Command substitution: ls $(pwd), git diff foo-$(date).txt

🚫 What gets blocked

• Subshell injection: git $(echo rm) foo.txt, echo $(rm -rf /)
• Subtle file writes: curl https://example.com > script.sh, tee output.log
• Hidden mutations: git stash drop, npm unpublish, brew unlink
• Cloud danger: aws s3 rm s3://bucket --recursive, kubectl delete pod
• Destructive chains: rm -rf node_modules && npm install (blocks the whole thing)

---

Installation

Homebrew (recommended)

brew tap ldayton/dippy
brew install dippy

Manual

git clone https://github.com/ldayton/Dippy.git

Configure

Add to ~/.claude/settings.json (or use /hooks interactively):

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [{ "type": "command", "command": "dippy" }]
      }
    ]
  }
}

If you installed manually, use the full path instead: /path/to/Dippy/bin/dippy-hook

---

Configuration

Dippy is highly customizable. Beyond simple allow/deny rules, you can attach messages that steer the AI back on track when it goes astray—no wasted turns.

deny python "Use uv run python, which runs in project environment"
deny rm -rf "Use trash instead"
deny-redirect **/.env* "Never write secrets, ask me to do it"

Dippy reads config from ~/.dippy/config (global) and .dippy in your project root.

Full documentation: Dippy Wiki

---

Extensions

Dippy can do more than filter shell commands. See the wiki for additional capabilities.

---

Uninstall

Remove the hook entry from ~/.claude/settings.json, then:

brew uninstall dippy  # if installed via Homebrew