Stopping AI coding agents from changing code outside their task

can work fast, but they may quietly change code outside the task they were given. A narrow request like fixing retry logic in `src/auth.ts` can lead to extra edits in a shared utility file or database config. A normal `git diff` only shows what changed; it does not show what the AI was allowed to change.

That makes out-of-scope edits hard to find in a large . Ripple is an tool that tries to solve this at the Git layer instead of relying on better prompts. Before editing, the AI declares its exact intended scope through an MCP server.

When a commit is attempted, a local Git hook checks the staged AST diff against the approved scope.

Key points

  • may change files outside the task they were assigned.
  • `git diff` shows changes, but not whether those changes were authorized.
  • Ripple is an tool for checking AI edits before commit.
  • The AI declares its allowed scope through an MCP server before editing.
  • A local Git hook checks the staged AST diff before the commit goes through.
Read original