| name | safety-guard |
| description | Prevent destructive operations on production systems and during autonomous agent runs. Sets ask/deny rules around `rm`, `git reset/clean`, force-push, drops, and infra changes. |
| when_to_use | Use when working on production, running agents in full-auto, doing migrations or deploys, or restricting edits to a specific directory. Also when user says "production mode", "lock this down", "don't break anything", "run this safely", "guard rails", or "I'm scared of this script".
|
| allowed-tools | Read Edit Write Bash |
Safety Guard — Prevent Destructive Operations
When to Use
- When working on production systems
- When agents are running autonomously (full-auto mode)
- When you want to restrict edits to a specific directory
- During sensitive operations (migrations, deploys, data changes)
How It Works
Three modes of protection:
Mode 1: Careful Mode
Intercepts destructive commands before execution and warns:
Watched patterns:
- rm -rf (especially /, ~, or project root)
- git push --force
- git reset --hard
- git checkout . (discard all changes)
- DROP TABLE / DROP DATABASE
- docker system prune
- kubectl delete
- chmod 777
- sudo rm
- npm publish (accidental publishes)
- Any command with --no-verify
When detected: shows what the command does, asks for confirmation, suggests safer alternative.
Mode 2: Freeze Mode
Locks file edits to a specific directory tree:
/safety-guard freeze src/components/
Any Write/Edit outside src/components/ is blocked with an explanation. Useful when you want an agent to focus on one area without touching unrelated code.
Mode 3: Guard Mode (Careful + Freeze combined)
Both protections active. Maximum safety for autonomous agents.
/safety-guard guard --dir src/api/ --allow-read-all
Agents can read anything but only write to src/api/. Destructive commands are blocked everywhere.
Unlock
/safety-guard off
Implementation
Uses PreToolUse hooks to intercept Bash, Write, Edit, and MultiEdit tool calls. Checks the command/path against the active rules before allowing execution.
Integration
- Enable by default for fully autonomous agent sessions
- Logs all blocked actions to
~/.claude/safety-guard.log