Show HN：Claude Code 插件可攔截破壞性的 Git 和檔案系統指令

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

To see all available qualifiers, see our documentation.

A Claude Code plugin that acts as a safety net, catching destructive git and filesystem commands before they execute.

License

Uh oh!

There was an error while loading. Please reload this page.

kenryu42/claude-code-safety-net

Folders and files

Latest commit

History

Repository files navigation

Claude Code Safety Net

A Claude Code plugin that acts as a safety net, catching destructive git and filesystem commands before they execute.

Why This Exists

We learned the hard way that instructions aren't enough to keep AI agents in check.
After Claude Code silently wiped out hours of progress with a single rm -rf ~/ or git checkout --, it became evident that "soft" rules in an CLAUDE.md or AGENTS.md file cannot replace hard technical constraints.
The current approach is to use a dedicated hook to programmatically prevent agents from running destructive commands.

Why Hooks Instead of settings.json?

Claude Code's .claude/settings.json supports deny rules for Bash commands, but these use simple prefix matching—not pattern matching or semantic analysis. This makes them insufficient for nuanced safety rules:

This hook provides semantic command analysis: it parses arguments, understands flag combinations, recursively analyzes shell wrappers, and distinguishes safe operations (temp directories, within cwd) from dangerous ones.

Quick Start

Installation

Note

After installing the plugin, you need to restart your Claude Code for it to take effect.

Auto-Update

Commands Blocked

Commands Allowed

What Happens When Blocked

When a destructive command is detected, the plugin blocks the tool execution and provides a reason.

Example output:

Testing the Hook

You can manually test the hook by attempting to run blocked commands in Claude Code:

Development

Setup

Run Tests

Full Checks

Project Structure

Advanced Features

Strict Mode

By default, unparseable commands are allowed through. Enable strict mode to fail-closed
when the hook input or shell command cannot be safely analyzed (e.g., invalid JSON,
unterminated quotes, malformed bash -c wrappers):

Paranoid Mode

Paranoid mode enables stricter safety checks that may be disruptive to normal workflows.
You can enable it globally or via focused toggles:

Paranoid behavior:

Shell Wrapper Detection

The guard recursively analyzes commands wrapped in shells:

Interpreter One-Liner Detection

Detects destructive commands hidden in Python/Node/Ruby/Perl one-liners:

Secret Redaction

Block messages automatically redact sensitive data (tokens, passwords, API keys) to prevent leaking secrets in logs.

Audit Logging

All blocked commands are logged to ~/.cc-safety-net/logs/<session_id>.jsonl for audit purposes:

Sensitive data in log entries is automatically redacted.

License

MIT

About

A Claude Code plugin that acts as a safety net, catching destructive git and filesystem commands before they execute.

Topics

Resources

License

Contributing

Uh oh!

There was an error while loading. Please reload this page.

Stars

Watchers

Forks

Releases

  2

Packages

  0

Languages

Footer

Footer navigation