@dabit3: this sucks, there's a simple way to prevent this from ever happening: add a PreToolUse hook that hard-blocks any comman…
Summary
Bash Guard is a simple hook that blocks risky shell commands (like sudo, rm outside project) before local coding agents run them, preventing accidental file deletion. Supports Claude Code, Codex CLI, and Devin CLI.
View Cached Full Text
Cached at: 07/11/26, 07:25 AM
this sucks, there’s a simple way to prevent this from ever happening:
add a PreToolUse hook that hard-blocks any command touching paths outside the repo (works even in yolo mode) + maybe permissions.deny rules as backup. might as well install it on all local projects. https://github.com/dabit3/bash-guard…
or just use a cloud agent, it runs on a throwaway machine.
dabit3/bash-guard
Source: https://github.com/dabit3/bash-guard
Bash Guard
A small command hook that blocks risky shell commands before local coding agents run them. It works with agents that support PreToolUse hooks, including Claude Code, Codex CLI, and Devin CLI.
It blocks:
- Commands using
sudo,diskutil, ormkfs - Destructive commands such as
rm,mv,rsync, orshredwhen they target paths outside the current project
Requirements
- Bash
jq
Install
mkdir -p "$HOME/.local/share/bash-guard"
cp bash-guard.sh "$HOME/.local/share/bash-guard/bash-guard.sh"
chmod +x "$HOME/.local/share/bash-guard/bash-guard.sh"
Configure your agent
Merge this hook into your agent’s JSON configuration, replacing <matcher> with the value below:
{
"hooks": {
"PreToolUse": [
{
"matcher": "<matcher>",
"hooks": [
{
"type": "command",
"command": "$HOME/.local/share/bash-guard/bash-guard.sh"
}
]
}
]
}
}
| Agent | User configuration | Project configuration | Matcher |
|---|---|---|---|
| Claude Code | ~/.claude/settings.json | .claude/settings.json | ^Bash$ |
| Codex CLI | ~/.codex/hooks.json | .codex/hooks.json | ^Bash$ |
| Devin CLI | ~/.config/devin/config.json | .devin/config.json | ^exec$ |
Restart the agent after updating its configuration. In Codex CLI, open /hooks and trust the new hook. Use /hooks in Codex or Devin to confirm that it loaded.
Usage
Bash Guard runs automatically before each shell command. Allowed commands continue normally. Blocked commands are rejected with an explanation.
Test it directly by passing a hook payload:
echo '{"tool_input":{"command":"sudo rm -rf /tmp/example"},"cwd":"/path/to/project"}' \
| "$HOME/.local/share/bash-guard/bash-guard.sh"
A blocked command exits with status 2. An allowed command exits with status 0. Other agents can use Bash Guard if their command hooks pass tool_input.command and cwd as JSON on standard input and treat exit status 2 as a block.
Matt Shumer (@mattshumer_): GPT-5.6-Sol just accidentally deleted almost ALL of my Mac’s files.
And this is why I trust Fable 1000x more.
Similar Articles
Dicklesworthstone/destructive_command_guard
A high-performance hook for AI coding agents that blocks destructive commands before they execute, protecting work from accidental deletion across tools like Claude Code, Codex CLI, Gemini CLI, Copilot CLI, and more.
@EnoReyes: Btw because of droid shield this deterministically cannot happen with Droid. We regex all bash commands and then combin…
EnoReyes highlights that Droid Shield uses regex and small models to prevent accidental file deletion, in contrast to the reported incident with GPT-5.6-Sol.
@sairahul1: I genuinely don't understand why everyone isn't using this yet. There is one Claude Code feature that: → runs your test…
Sai Rahul highlights Claude Code's Hooks feature that automates test running after edits, blocks destructive bash commands, logs spending, sends Slack alerts, and rewrites bad output automatically.
@DeRonin_: USE THIS GUIDE TO PROTECT YOUR COMPUTER FROM NPM HACKS THAT STEAL EVERYTHING IN ONE INSTALL TanStack, a code library us…
The article details a supply-chain attack on the TanStack library via NPM, offering a comprehensive guide to protect development environments by locking dependency ages, pinning versions, and auditing CI/CD pipelines and IDE extensions.
@sairahul1: https://x.com/sairahul1/status/2069710540654645550
A comprehensive guide explaining Claude Code Hooks, which are programmable checkpoints that run before actions to enforce rules and block or allow tool calls, offering more reliable control than CLAUDE.md guidance.