rimba trust
Review and approve the shell commands configured in .rimba/settings.toml.
rimba will not automatically run committed post_create, post_rename, or deps.modules[].install shell commands until you explicitly approve them. This prevents a malicious or accidental settings change from running arbitrary code on your machine without your knowledge.
Approval is stored locally in .rimba/trust.local.toml (gitignored) and is keyed by a hash of the current command set. Changing any shell command in settings.toml automatically re-arms the consent gate — you will be prompted to approve again.
Synopsis
rimba trust [flags]
Examples
rimba trust # Review commands and approve interactively
rimba trust --show # Inspect commands and approval status without prompting
rimba trust --yes # Approve without prompting (e.g. in CI)
How it works
When rimba encounters unapproved shell commands during add, rename, duplicate, restore, or dependency installation, it:
- Displays the configured commands.
- Prompts:
Run these commands? [y/N] - On approval, records the hash in
.rimba/trust.local.toml. - On decline (or non-interactive stdin), the invoking command exits with an error and a remediation hint. (
rimba trustitself exits 0 on decline.)
Once approved, rimba runs the commands without prompting — until the command set changes.
Common workflows
Approve commands after cloning a repo
rimba trust
# Shows commands from settings.toml; prompts for approval
Inspect without approving
rimba trust --show
Configured shell commands:
npm install
npx prisma generate
Hash: a1b2c3d4...
Status: not trusted — run 'rimba trust' to approve
Approve in CI without a prompt
rimba trust --yes
# Or set RIMBA_TRUST_YES=1 in your CI environment
Re-approve after a settings change
# A teammate updated post_create in settings.toml
git pull
rimba trust # Hash changed; re-prompts for approval
.rimba/trust.local.tomlis gitignored — approval is per-machine, not shared. Every developer on the team must approve independently. This is intentional: trust is a local consent decision.
Flags
| Flag | Description |
|---|---|
--show |
Display configured commands and approval status without prompting |
--yes |
Approve committed shell commands without prompting (also: RIMBA_TRUST_YES=1) |
Related commands
- rimba init · set up
.rimba/settings.tomlwhere shell commands are configured - rimba add · triggers the trust gate when
post_createhooks are configured - rimba rename · triggers the trust gate when
post_renamehooks are configured - rimba duplicate · triggers the trust gate when
post_createhooks are configured - rimba restore · triggers the trust gate when
post_createhooks are configured - rimba deps · triggers the trust gate when
deps.modules[].installis configured