mirror of
https://github.com/mattpocock/skills.git
synced 2026-04-30 22:13:54 +07:00
Matt Pocock
96 lines
2.3 KiB
Markdown
96 lines
2.3 KiB
Markdown
---
|
|
name: git-guardrails-claude-code
|
|
description: Set up Claude Code hooks to block dangerous git commands (push, reset --hard, clean, branch -D, etc.) before they execute. Use when user wants to prevent destructive git operations, add git safety hooks, or block git push/reset in Claude Code.
|
|
---
|
|
|
|
# Setup Git Guardrails
|
|
|
|
Sets up a PreToolUse hook that intercepts and blocks dangerous git commands before Claude executes them.
|
|
|
|
## What Gets Blocked
|
|
|
|
- `git push` (all variants including `--force`)
|
|
- `git reset --hard`
|
|
- `git clean -f` / `git clean -fd`
|
|
- `git branch -D`
|
|
- `git checkout .` / `git restore .`
|
|
|
|
When blocked, Claude sees a message telling it that it does not have authority to access these commands.
|
|
|
|
## Steps
|
|
|
|
### 1. Ask scope
|
|
|
|
Ask the user: install for **this project only** (`.claude/settings.json`) or **all projects** (`~/.claude/settings.json`)?
|
|
|
|
### 2. Copy the hook script
|
|
|
|
The bundled script is at: [scripts/block-dangerous-git.sh](scripts/block-dangerous-git.sh)
|
|
|
|
Copy it to the target location based on scope:
|
|
|
|
- **Project**: `.claude/hooks/block-dangerous-git.sh`
|
|
- **Global**: `~/.claude/hooks/block-dangerous-git.sh`
|
|
|
|
Make it executable with `chmod +x`.
|
|
|
|
### 3. Add hook to settings
|
|
|
|
Add to the appropriate settings file:
|
|
|
|
**Project** (`.claude/settings.json`):
|
|
|
|
```json
|
|
{
|
|
"hooks": {
|
|
"PreToolUse": [
|
|
{
|
|
"matcher": "Bash",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/block-dangerous-git.sh"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
```
|
|
|
|
**Global** (`~/.claude/settings.json`):
|
|
|
|
```json
|
|
{
|
|
"hooks": {
|
|
"PreToolUse": [
|
|
{
|
|
"matcher": "Bash",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "~/.claude/hooks/block-dangerous-git.sh"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
```
|
|
|
|
If the settings file already exists, merge the hook into existing `hooks.PreToolUse` array — don't overwrite other settings.
|
|
|
|
### 4. Ask about customization
|
|
|
|
Ask if user wants to add or remove any patterns from the blocked list. Edit the copied script accordingly.
|
|
|
|
### 5. Verify
|
|
|
|
Run a quick test:
|
|
|
|
```bash
|
|
echo '{"tool_input":{"command":"git push origin main"}}' | <path-to-script>
|
|
```
|
|
|
|
Should exit with code 2 and print a BLOCKED message to stderr.
|