| name | freeze |
| version | 0.1.0 |
| description | Restrict file edits to a specific directory for the session. Blocks Edit and
Write outside the allowed path. Use when debugging to prevent accidentally
"fixing" unrelated code, or when you want to scope changes to one module.
Use when asked to "freeze", "restrict edits", "only edit this folder",
or "lock down edits". (Nexus)
|
| allowed-tools | ["Bash","Read","AskUserQuestion"] |
| hooks | {"PreToolUse":[{"matcher":"Edit","hooks":[{"type":"command","command":"bash ${CLAUDE_SKILL_DIR}/../../../runtimes/hooks/freeze/bin/check-freeze.sh","statusMessage":"Checking freeze boundary..."}]},{"matcher":"Write","hooks":[{"type":"command","command":"bash ${CLAUDE_SKILL_DIR}/../../../runtimes/hooks/freeze/bin/check-freeze.sh","statusMessage":"Checking freeze boundary..."}]}]} |
/freeze — Restrict Edits to a Directory
Overview
This skill creates a session edit boundary. It is a safety tool for reducing
accidental scope creep, not a replacement for code review or shell discipline.
Lock file edits to a specific directory. Any Edit or Write operation targeting
a file outside the allowed path will be blocked (not just warned).
Setup
Ask the user which directory to restrict edits to. Use AskUserQuestion:
- Question: "Which directory should I restrict edits to? Files outside this path will be blocked from editing."
- Text input (not multiple choice) — the user types a path.
Once the user provides a directory path:
- Resolve it to an absolute path:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
echo "$FREEZE_DIR"
- Ensure trailing slash and save to the freeze state file:
FREEZE_DIR="${FREEZE_DIR%/}/"
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.nexus}"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
echo "Freeze boundary set: $FREEZE_DIR"
Tell the user: "Edits are now restricted to <path>/. Any Edit or Write
outside this directory will be blocked. To change the boundary, run /freeze
again. To remove it, run /unfreeze or end the session."
How it works
The hook reads file_path from the Edit/Write tool input JSON, then checks
whether the path starts with the freeze directory. If not, it returns
permissionDecision: "deny" to block the operation.
The freeze boundary persists for the session via the state file. The hook
script reads it on every Edit/Write invocation.
Notes
- The trailing
/ on the freeze directory prevents /src from matching /src-old
- Freeze applies to Edit and Write tools only — Read, Bash, Glob, Grep are unaffected
- This prevents accidental edits, not a security boundary — Bash commands like
sed can still modify files outside the boundary
- To deactivate, run
/unfreeze or end the conversation
Output Contract
Report the absolute freeze boundary path and the active enforcement behavior:
Edit and Write outside the boundary are blocked.- Read/search/shell tools are not blocked by this skill.
/unfreeze clears the boundary.
Do not claim freeze is active unless freeze-dir.txt was written successfully.
Verification Evidence
Verify by reading or echoing the saved state file after setup:
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.nexus}"
cat "$STATE_DIR/freeze-dir.txt"
The reported path must exactly match the absolute directory boundary with a
trailing slash.
