Less permission fatigue, more momentum. Dippy knows what’s safe to run and keeps Claude on track when plans change.

https://github.com/ldayton/Dippy

Claude Code asks permission for every shell command. The problem isn't `ls`—it's that `ps aux | grep python | awk '{print $2}' | head -10` also needs approval. So does `git log --oneline -5 && git diff --stat`. You're constantly interrupted for commands that are obviously safe.

Dippy is a PreToolUse hook with a real bash parser. It decomposes pipelines, analyzes each command, and auto-approves when it understands the whole thing is read-only. I'm seeing much faster development—not smarter AI, just fewer interruptions.

What's original:

1. Actual bash parsing. Hand-written recursive descent parser (Parable), pure Python, no dependencies. Correctly handles pipelines, subshells, command substitution, here-docs, redirects. Understands `cd /tmp && rm -rf ` resolves paths relative to /tmp. 14,000+ tests.

2. Deep command analysis. Not just "is this git"—Dippy knows: - `awk '{print $2}'` is safe, `awk '{print > "file"}'` writes files - `sed -n 's/foo/bar/p'` is safe, `sed -i` modifies in place - `curl -sS https://...` is safe, `curl ... > script.sh` isn't - `find . -name "

.txt"` is safe, `find . -exec rm {} \;` isn't - 45+ CLI tools with subcommand-aware logic

3. Deny messages that steer Claude in the right direction. `deny python "Use uv run python"` blocks and tells the AI why. It self-corrects and continues—no wasted turn. This compounds across a session.

4. Highly configurable. A [configuration system](https://github.com/ldayton/Dippy/wiki/Configuration) with last-rule-wins semantics gives you fine-grain control over Dippy's steering and command approvals.

Philosophy: approve what we know is safe, ask about everything else. Not adversarial—just catches mistakes.