Implement guardrail hooks for dangerous operation prevention

- Add PreToolUse hook intercepting Bash, Write, Edit - Block catastrophic commands (rm -rf /, mkfs, etc.) - Require confirmation for operations outside safe paths - Git-aware: operations in git repos are allowed - Session allowlist for user-confirmed operations - Audit logging to logs/guardrail.jsonl - Clear session allowlist on SessionEnd Config: state/guardrails.json Scripts: hooks/scripts/guardrail.py, guardrail-confirm.py 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-07 10:57:53 -08:00
parent f2f8a03a32
commit ecf375205f
6 changed files with 431 additions and 0 deletions
--- a/hooks/hooks.json
+++ b/hooks/hooks.json
@@ -41,6 +41,18 @@
          }
        ]
      }
+    ],
+    "PreToolUse": [
+      {
+        "matcher": "Bash|Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "~/.claude/hooks/scripts/guardrail.py",
+            "timeout": 5
+          }
+        ]
+      }
    ]
  }
 }