View and manage rules added via rampart allow and rampart block.
Usage
rampart rules [flags] # List custom rules
rampart rules list [flags] # List custom rules (alias)
rampart rules remove <index> # Remove a specific rule
rampart rules reset # Remove all custom rules
Subcommands
list
rampart rules list [flags]
rampart rules).
Output as JSON for scripting
remove
rampart rules remove <index> [flags]
--api
string
default:"http://127.0.0.1:9090"
Rampart serve API address for reload
API auth token (or set RAMPART_TOKEN)
reset
rampart rules reset [flags]
--api
string
default:"http://127.0.0.1:9090"
Rampart serve API address for reload
API auth token (or set RAMPART_TOKEN)
Table view (default)
Custom Rules
──────────────────────────────────────────────────────────────
Global
~/.rampart/policies/custom.yaml
# ACTION TOOL PATTERN ADDED
1 allow exec npm install * 2 hours ago
→ User-allowed: npm install *
2 deny exec curl * | bash 1 day ago
→ User-blocked: curl * | bash
3 allow read /tmp/** 3 days ago
Project
.rampart/policy.yaml
# ACTION TOOL PATTERN ADDED
4 deny write /etc/** 1 week ago
→ Production config is read-only
──────────────────────────────────────────────────────────────
Total: 15 rules (11 standard + 4 custom)
Manage: rampart rules remove <#>
JSON output
[
{
"index": 1,
"source": "global",
"action": "allow",
"tool": "exec",
"pattern": "npm install *",
"message": "User-allowed: npm install *",
"added_at": "2026-03-03T13:00:00Z"
},
{
"index": 2,
"source": "global",
"action": "deny",
"tool": "exec",
"pattern": "curl * | bash",
"message": "User-blocked: curl * | bash",
"added_at": "2026-03-02T10:00:00Z"
}
]
Examples
List all rules
List only global rules
List only project rules
Remove a rule
Remove this rule?
Action: deny
Tool: exec
Pattern: curl * | bash
Added: 1 day ago
Source: global
[y/N] y
✓ Rule removed
✓ Policy reloaded (14 rules active)
Remove without confirmation
rampart rules remove 2 --force
Reset all custom rules
This will remove all custom rules:
Global: 3 rule(s)
Project: 1 rule(s)
Standard policy (11 rules) will not be affected.
Reset? [y/N] y
✓ Removed 4 custom rule(s)
✓ Policy reloaded (11 rules active)
Export to JSON
rampart rules --json > rules.json
Rule indices
Rule indices are global and sequential across all sources:
Global rules: 1, 2, 3
Project rules: 4, 5
Policy reload
If rampart serve is running, the policy is automatically reloaded after removing or resetting rules:
✓ Policy reloaded (14 rules active)
Saved (14 rules). Run 'rampart serve' to activate.
Use cases
Audit custom rules
Review all custom allow/deny rules.
Clean up old rules
rampart rules remove 5
rampart rules remove 3
Reset to standard policy
rampart rules reset --force
Export for backup
rampart rules --json > backup.json
CI validation
#!/bin/bash
# Ensure no custom rules in CI
count=$(rampart rules --json | jq length)
if [ $count -gt 0 ]; then
echo "Custom rules detected in CI environment"
rampart rules
exit 1
fi
Filter with jq
# List only deny rules
rampart rules --json | jq '.[] | select(.action == "deny")'
# Count rules by action
rampart rules --json | jq 'group_by(.action) | map({action: .[0].action, count: length})'
Standard vs custom rules
Standard rules
Defined in policy profiles (standard.yaml, paranoid.yaml, etc.):
- Managed by
rampart init
- Updated on
rampart upgrade
- Not shown by
rampart rules
Custom rules
Defined by you via rampart allow and rampart block:
- Stored in
custom.yaml (global) or .rampart/policy.yaml (project)
- Shown by
rampart rules
- Never touched by
rampart upgrade
Troubleshooting
No custom rules found
No custom rules found.
Add rules with:
rampart allow "command pattern"
rampart block "command pattern"
Invalid index
rules: index 10 not found (have 4 rule(s))
rampart rules to see valid indices.
Negative index
rules: invalid index "-1" — must be a positive integer (indices start at 1)
Policy file missing
rules: load global custom rules: open ~/.rampart/policies/custom.yaml: no such file or directory
rampart init
rampart allow "npm test"
File locations
Global custom policy
~/.rampart/policies/custom.yaml
Project custom policy
Stores project-specific custom rules (applies to current project only).
See also