Builtin config
Overview
Cupcake provides pre-built security policies (builtins) that handle common use cases without requiring you to write Rego. This page documents all available builtins and their configuration options.
The complete configuration template is provided below. You can copy sections to your .cupcake/rulebook.yml or ~/.config/cupcake/rulebook.yml (for global configs).
Configuration Template
# Cupcake Base Configuration Template
# This template demonstrates all available builtin abstractions and configuration options.
# Copy this file to .cupcake/rulebook.yml and uncomment/modify as needed.
# ============================================================================
# SIGNALS - External data providers
# ============================================================================
# Signals are commands that provide data to policies. They can return strings
# or JSON structures. Convention: place scripts in .cupcake/signals/ directory
# for auto-discovery, or define explicitly here.
signals:
# Example: Simple string signal
# current_branch:
# command: "git branch --show-current"
# timeout_seconds: 2
# Example: Structured JSON signal
# system_info:
# command: 'echo "{\"os\": \"$(uname)\", \"user\": \"$(whoami)\"}"'
# timeout_seconds: 5
# Note: Signals in .cupcake/signals/ directory are auto-discovered
# File signals/foo.sh becomes signal "foo" automatically
# ============================================================================
# ACTIONS - Response to policy violations
# ============================================================================
# Actions are commands executed when policies trigger. Convention: place scripts
# in .cupcake/actions/ directory named by rule_id for auto-discovery.
actions:
# Actions that run on ANY policy denial
# on_any_denial:
# - command: "echo 'Policy violation detected' >> audit.log"
# Rule-specific actions (by rule_id)
# by_rule_id:
# SECURITY-001:
# - command: "notify-team --severity high"
# LINT-001:
# - command: "echo 'Code style violation'"
# Note: Scripts in .cupcake/actions/ are auto-mapped by filename
# File actions/SECURITY-001.sh triggers for rule_id: SECURITY-001
# ============================================================================
# BUILTINS - Higher-level policy abstractions
# ============================================================================
# Builtins provide common security patterns without writing Rego policies.
# Each builtin can be enabled/disabled and configured independently.
#
# IMPORTANT: Builtins are ENABLED BY DEFAULT when configured.
# Simply configuring a builtin (even with just empty settings) enables it.
# To disable, either remove the configuration or set 'enabled: false'.
#
# FILE PROTECTION BUILTINS (Two-Tier System):
# 1. protected_paths: Makes specific paths read-only (read allowed, write blocked)
# 2. rulebook_security_guardrails: Total lockdown of paths (no read OR write)
builtins:
# ---------------------------------------------------------------------------
# CLAUDE_CODE_ALWAYS_INJECT_ON_PROMPT - Add context to every user prompt (Claude Code only)
# ---------------------------------------------------------------------------
# Inject additional context with every user interaction. Useful for project
# guidelines, current state awareness, or team conventions.
# Note: This builtin only works with Claude Code due to context injection support.
# claude_code_always_inject_on_prompt:
# # enabled: true # Optional - defaults to true when configured
# context:
# # Static text context
# - "Follow SOLID principles and write comprehensive tests"
# - "This is a production system - be careful with database changes"
#
# # Dynamic context from command
# - command: "git status --short"
# - command: "date '+Today is %A, %B %d'"
#
# # Context from file
# - file: ".cupcake/coding-standards.md"
# - file: "docs/current-sprint-goals.md"
# ---------------------------------------------------------------------------
# GIT_PRE_CHECK - Enforce checks before git operations
# ---------------------------------------------------------------------------
# Run validation before allowing git commits, pushes, or merges. Ensures
# code quality and prevents broken commits from entering the repository.
git_pre_check:
enabled: true
checks:
- command: "echo Validation passed"
message: "Basic validation check"
# Optional: only apply to certain operations
# operations: ["commit", "push"] # skip for merge
# ---------------------------------------------------------------------------
# POST_EDIT_CHECK - Validate files after modification
# ---------------------------------------------------------------------------
# Run language-specific validation after files are edited. Provides immediate
# feedback about syntax errors, type issues, or style violations.
# post_edit_check:
# # enabled: true # Optional - defaults to true when configured
# # Checks by file extension
# by_extension:
# "rs":
# command: "cargo check --message-format short"
# message: "Rust compilation check"
#
# "py":
# command: "python -m py_compile"
# message: "Python syntax validation"
#
# "tsx":
# command: "npx tsc --noEmit"
# message: "TypeScript type checking"
#
# "jsx":
# command: "npx eslint --quiet"
# message: "ESLint validation"
#
# "go":
# command: "go fmt && go vet"
# message: "Go format and vet check"
# ---------------------------------------------------------------------------
# GIT_BLOCK_NO_VERIFY - Prevent bypassing git commit hooks
# ---------------------------------------------------------------------------
# Blocks git commands that use --no-verify flag to bypass pre-commit hooks.
# This ensures code quality checks, linting, and security scans always run.
git_block_no_verify:
enabled: true
message: "Git operations with --no-verify are not permitted"
# Optional: Add exceptions for specific environments
# exceptions:
# - "CI_ENVIRONMENT"
# ---------------------------------------------------------------------------
# CLAUDE_CODE_ENFORCE_FULL_FILE_READ - Require complete file reads (Claude Code only)
# ---------------------------------------------------------------------------
# Ensures Claude reads entire files (up to a configurable limit) before
# processing. Prevents partial reads that might miss important context.
# Files larger than max_lines can still use offset/limit parameters.
# Note: This builtin only works with Claude Code.
# claude_code_enforce_full_file_read:
# enabled: true
# max_lines: 2000 # Files under this size must be read completely
# message: "Please read the entire file first (files under 2000 lines must be read completely)"
# ---------------------------------------------------------------------------
# PROTECTED_PATHS - User-defined read-only paths
# ---------------------------------------------------------------------------
# Declare specific files or directories as read-only while still allowing
# Claude to read and analyze them. Supports glob patterns. Uses a WHITELIST
# approach for bash commands - only known-safe read operations are allowed.
protected_paths:
enabled: true
message: "System path modification blocked by policy"
paths:
- "/etc/"
- "/System/"
- "~/.ssh/"
# Note: Read operations (cat, grep, less, etc.) are allowed
# Write operations (edit, rm, mv, sed -i, etc.) are blocked
# ---------------------------------------------------------------------------
# RULEBOOK_SECURITY_GUARDRAILS - Cupcake configuration protection
# ---------------------------------------------------------------------------
# Protects the .cupcake directory and other critical paths from any
# modification or inspection. This is the highest security level - blocks
# BOTH read and write operations. Essential for protecting Cupcake's own
# configuration and sensitive system files.
rulebook_security_guardrails:
message: "Cupcake configuration files are protected from modification"
# Protected paths (defaults to [".cupcake/"] if not specified)
protected_paths:
- ".cupcake/"
- ".git/hooks/"
# - "secrets/" # Add your own sensitive directories
Key Concepts
Enabling/Disabling Builtins
By default, builtins are enabled when configured. You don't need enabled: true explicitly:
# This enables the builtin
git_pre_check:
checks:
- command: "npm test"
To disable, use enabled: false:
# This disables the builtin
git_pre_check:
enabled: false
File Protection Hierarchy
Cupcake provides two levels of file protection:
protected_paths- Blocks writes to specific paths
- Allows reads
-
Good for system directories and configuration files
-
rulebook_security_guardrails(Most secure) - Blocks reads AND writes
- Use for sensitive configuration like
.cupcake/itself
Signals vs Static Config
- Signals: Dynamic data gathered at evaluation time (e.g.,
git status) - Static config: Fixed values in the rulebook (e.g., file paths, messages)
Builtins can use both:
protected_paths:
paths: # Static config
- "/etc/"
# Meanwhile, in signals:
signals:
current_branch: # Dynamic signal
command: "git branch --show-current"
Harness-Specific Builtins
Some builtins only work with specific harnesses:
- Claude Code / Factory AI:
always_inject_on_prompt,enforce_full_file_read(context injection support required) - Universal: All other builtins work with Claude Code, Cursor, Factory AI, and OpenCode
Global vs Project Builtins
- Project builtins — Configured in
.cupcake/rulebook.yml, apply to one project - Global builtins — Configured in
~/.config/cupcake/rulebook.yml, apply to all projects
Global builtins take precedence and cannot be overridden by project configuration. The following are global-only:
system_protectionsensitive_data_protectioncupcake_exec_protection
Next Steps
- View example policies to see builtins in action
- Read writing policies to create custom rules
- Check out signals and actions for advanced automation