@dabit3: this sucks, there's a simple way to prevent this from ever happening: add a PreToolUse hook that hard-blocks any comman…

X AI KOLs Following Tools

Summary

Bash Guard is a simple hook that blocks risky shell commands (like sudo, rm outside project) before local coding agents run them, preventing accidental file deletion. Supports Claude Code, Codex CLI, and Devin CLI.

this sucks, there's a simple way to prevent this from ever happening: add a PreToolUse hook that hard-blocks any command touching paths outside the repo (works even in yolo mode) + maybe permissions.deny rules as backup. might as well install it on all local projects. https://github.com/dabit3/bash-guard… or just use a cloud agent, it runs on a throwaway machine.
Original Article
View Cached Full Text

Cached at: 07/11/26, 07:25 AM

this sucks, there’s a simple way to prevent this from ever happening:

add a PreToolUse hook that hard-blocks any command touching paths outside the repo (works even in yolo mode) + maybe permissions.deny rules as backup. might as well install it on all local projects. https://github.com/dabit3/bash-guard…

or just use a cloud agent, it runs on a throwaway machine.


dabit3/bash-guard

Source: https://github.com/dabit3/bash-guard

Bash Guard

A small command hook that blocks risky shell commands before local coding agents run them. It works with agents that support PreToolUse hooks, including Claude Code, Codex CLI, and Devin CLI.

It blocks:

  • Commands using sudo, diskutil, or mkfs
  • Destructive commands such as rm, mv, rsync, or shred when they target paths outside the current project

Requirements

  • Bash
  • jq

Install

mkdir -p "$HOME/.local/share/bash-guard"
cp bash-guard.sh "$HOME/.local/share/bash-guard/bash-guard.sh"
chmod +x "$HOME/.local/share/bash-guard/bash-guard.sh"

Configure your agent

Merge this hook into your agent’s JSON configuration, replacing <matcher> with the value below:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "<matcher>",
        "hooks": [
          {
            "type": "command",
            "command": "$HOME/.local/share/bash-guard/bash-guard.sh"
          }
        ]
      }
    ]
  }
}
AgentUser configurationProject configurationMatcher
Claude Code~/.claude/settings.json.claude/settings.json^Bash$
Codex CLI~/.codex/hooks.json.codex/hooks.json^Bash$
Devin CLI~/.config/devin/config.json.devin/config.json^exec$

Restart the agent after updating its configuration. In Codex CLI, open /hooks and trust the new hook. Use /hooks in Codex or Devin to confirm that it loaded.

Usage

Bash Guard runs automatically before each shell command. Allowed commands continue normally. Blocked commands are rejected with an explanation.

Test it directly by passing a hook payload:

echo '{"tool_input":{"command":"sudo rm -rf /tmp/example"},"cwd":"/path/to/project"}' \
  | "$HOME/.local/share/bash-guard/bash-guard.sh"

A blocked command exits with status 2. An allowed command exits with status 0. Other agents can use Bash Guard if their command hooks pass tool_input.command and cwd as JSON on standard input and treat exit status 2 as a block.

Matt Shumer (@mattshumer_): GPT-5.6-Sol just accidentally deleted almost ALL of my Mac’s files.

And this is why I trust Fable 1000x more.

Similar Articles

Dicklesworthstone/destructive_command_guard

GitHub Trending (daily)

A high-performance hook for AI coding agents that blocks destructive commands before they execute, protecting work from accidental deletion across tools like Claude Code, Codex CLI, Gemini CLI, Copilot CLI, and more.