will/claude-code
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement guardrail hooks for dangerous operation prevention

Browse Source 
- Add PreToolUse hook intercepting Bash, Write, Edit
- Block catastrophic commands (rm -rf /, mkfs, etc.)
- Require confirmation for operations outside safe paths
- Git-aware: operations in git repos are allowed
- Session allowlist for user-confirmed operations
- Audit logging to logs/guardrail.jsonl
- Clear session allowlist on SessionEnd

Config: state/guardrails.json
Scripts: hooks/scripts/guardrail.py, guardrail-confirm.py

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
OpenCode Test
2026-01-07 10:57:53 -08:00
parent f2f8a03a32
commit ecf375205f
6 changed files with 431 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
state/guardrails.json Normal file
View File

@@ -0,0 +1,45 @@
{
"version": 1,
"safe_paths": [
"~/.claude",
"~/projects"
],
"blocked_paths": [
"/etc",
"/usr",
"/var",
"/boot",
"/sys",
"/proc",
"~/.ssh",
"~/.gnupg",
"~/.aws"
],
"rules": {
"bash": [
{"pattern": "rm -rf /($|[^a-zA-Z])", "action": "block", "name": "rm_rf_root"},
{"pattern": "rm -rf ~($|[^a-zA-Z])", "action": "block", "name": "rm_rf_home"},
{"pattern": "rm -rf \\*", "action": "block", "name": "rm_rf_wildcard"},
{"pattern": "chmod -R 777", "action": "block", "name": "chmod_777"},
{"pattern": ":\\(\\)\\{ :\\|:& \\};:", "action": "block", "name": "fork_bomb"},
{"pattern": "mkfs\\.", "action": "block", "name": "mkfs"},
{"pattern": "dd .* of=/dev/", "action": "block", "name": "dd_device"},
{"pattern": "> /dev/sd[a-z]", "action": "block", "name": "overwrite_device"},
{"pattern": "shutdown", "action": "confirm", "name": "shutdown"},
{"pattern": "reboot", "action": "confirm", "name": "reboot"},
{"pattern": "systemctl (stop|disable|mask)", "action": "confirm", "name": "systemctl_destructive"},
{"pattern": "rm ", "action": "confirm", "name": "rm_outside_safe", "outside_safe_paths": true},
{"pattern": "kubectl delete", "action": "confirm", "name": "kubectl_delete"},
{"pattern": "docker rm", "action": "confirm", "name": "docker_rm"},
{"pattern": "docker system prune", "action": "confirm", "name": "docker_prune"}
],
"write": [
{"path_match": "blocked_paths", "action": "block", "name": "write_blocked_path"},
{"path_match": "outside_safe_paths", "action": "confirm", "name": "write_outside_safe"}
],
"edit": [
{"path_match": "blocked_paths", "action": "block", "name": "edit_blocked_path"},
{"path_match": "outside_safe_paths", "action": "confirm", "name": "edit_outside_safe"}
]
}
}