will/claude-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement guardrail hooks for dangerous operation prevention

Browse Source 
- Add PreToolUse hook intercepting Bash, Write, Edit
- Block catastrophic commands (rm -rf /, mkfs, etc.)
- Require confirmation for operations outside safe paths
- Git-aware: operations in git repos are allowed
- Session allowlist for user-confirmed operations
- Audit logging to logs/guardrail.jsonl
- Clear session allowlist on SessionEnd

Config: state/guardrails.json
Scripts: hooks/scripts/guardrail.py, guardrail-confirm.py

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
OpenCode Test
2026-01-07 10:57:53 -08:00
parent f2f8a03a32
commit ecf375205f
6 changed files with 431 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hooks/scripts/session-end.sh
View File

@@ -28,6 +28,13 @@ REASON=$(echo "$INPUT" | python3 -c "import sys, json; print(json.load(sys.stdin
log "SessionEnd triggered: session=$SESSION_ID reason=$REASON"
# Clear guardrail session allowlist (confirmations don't persist across sessions)
GUARDRAIL_SESSION="${HOME}/.claude/state/guardrail-session.json"
if [[ -f "$GUARDRAIL_SESSION" ]]; then
rm -f "$GUARDRAIL_SESSION"
log "Cleared guardrail session allowlist"
fi
# Validate required fields
if [[ -z "$SESSION_ID" || -z "$TRANSCRIPT_PATH" ]]; then
log "ERROR: Missing session_id or transcript_path"