Trust Checks
What Are Trust Checks?
Section titled “What Are Trust Checks?”Trust checks are confirmation prompts that appear before Rally grants Copilot write access to your code.
Configuration
Section titled “Configuration”Configure trust behavior in ~/rally/config.yaml:
settings: require_trust: ask # Options: always, ask (default), neverValid values:
always— Always ask before each dispatchask— Ask once per project (default)never— Never ask (use with caution)
The Trust Prompt
Section titled “The Trust Prompt”When trust is required, Rally shows:
⚠️ Trust Required
Project: owner/myrepoIssue: #42 - Fix login timeout
Granting trust allows Copilot to: • Edit and create files • Run shell commands • Make changes to your code
Do you want to grant trust? [y/N]Trust Levels
Section titled “Trust Levels”always
Section titled “always”Every dispatch requires confirmation. Most secure.
Best for:
- Shared machines
- Unfamiliar codebases
- Maximum control
Ask once per project. Subsequent dispatches remember the choice.
Best for:
- Personal development
- Familiar projects
- Balance of security and convenience
Never ask for confirmation. Least secure.
Best for:
- Automated workflows
- Trusted environments
- When you always want write access
CLI Override
Section titled “CLI Override”Override the configuration per-dispatch:
rally dispatch issue 42 --trust # Skip trust promptrally dispatch issue 42 --no-trust # Force read-only modeRevoking Trust
Section titled “Revoking Trust”To revoke trust for a project, edit the project entry in ~/rally/projects.yaml or remove and re-onboard the project.
Security Recommendations
Section titled “Security Recommendations”- Use
alwayson shared machines - Use
askfor personal development - Avoid
neverunless you have a specific need - Review the issue/PR before granting trust