claudeers.

🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?

Claim this page →
// Claude Plugins

cc-safety-net

A coding agent CLI hook that acts as a safety net, catching destructive git and filesystem commands before they execute. Supports Codex, Claude Code, OpenCod…

Actively maintained
100/100
last commit 9 days ago
last release 23 days ago
releases 24
open issues 3
// install
git clone https://github.com/kenryu42/cc-safety-net

CC Safety Net

CC Safety Net

A PreToolUse hook that intercepts and blocks destructive git and filesystem commands before AI coding agents run them. CC Safety Net parses command semantics — so flag reordering, shell wrappers, and interpreter one-liners can't bypass it.

[!NOTE] Full documentation → — installation, configuration, reference, guides, and the security model live on the docs site.

Why this exists

We learned the hard way that instructions aren't enough to keep AI agents in check. After an agent silently wiped hours of progress with a single rm -rf ~/ or git checkout --, it became clear that soft rules in a CLAUDE.md or AGENTS.md file cannot replace hard technical constraints. CC Safety Net is that constraint: it intercepts every Bash tool call and blocks destructive commands before they reach the shell. See What Is CC Safety Net for the full background.

Supported agents

CC Safety Net works across seven coding agent CLIs: Claude Code, Codex, Gemini CLI, GitHub Copilot CLI, Kimi Code, OpenCode, and Pi. Each integration is documented at Architecture.

Supported platforms

CC Safety Net runs on Windows, macOS, and Linux. It detects the host OS to apply correct behavior — case-insensitive path comparison on Windows, both / and \ path separators, and cmd.exe/PowerShell command resolution via COMSPEC/PATHEXT.

Prerequisites

  • Node.js 18 or higher.

Quick start

Codex Installation

  1. Enable Codex plugin hooks in ~/.codex/config.toml:
[features]
plugin_hooks = true
  1. Add the marketplace:
codex plugin marketplace add kenryu42/cc-marketplace
  1. Start Codex.
  2. In the TUI, run /plugins.
  3. Use arrow keys to select [cc-marketplace].
  4. Press Enter to install the plugin.
  5. run /hooks and select the safety-net PreToolUse hook and press t to trust it.

Claude Code Installation

/plugin marketplace add kenryu42/cc-marketplace
/plugin install safety-net@cc-marketplace
/reload-plugins

Claude Code Auto-Update

  1. Run /plugin → Select Marketplaces → Choose cc-marketplace → Enable auto-update

Gemini CLI Installation

gemini extensions install https://github.com/kenryu42/gemini-safety-net

GitHub Copilot CLI Installation

/plugin install kenryu42/copilot-safety-net

Kimi Code Installation

Install CC Safety Net into your Kimi Code config:

npx -y cc-safety-net hook install --kimi-code

Optional: run npx skill add kenryu42/cc-safety-net to add the /cc-safety-net skill for configuring custom rules.


OpenCode Installation

Install CC Safety Net with OpenCode's native plugin command:

opencode plugin -g cc-safety-net

[!NOTE] OpenCode can sometimes keep using a stale cached plugin version. See anomalyco/opencode#25293 for the current tracking issue.

To force OpenCode to reinstall cc-safety-net, remove its cached package and install the version you want:

rm -rf ~/.cache/opencode/packages/cc-safety-net@latest
opencode plugin -g -f cc-safety-net@latest

If you prefer pinning a specific version:

rm -rf ~/.cache/opencode/packages/cc-safety-net@latest
opencode plugin -g -f cc-safety-net@<version>

Restart OpenCode after updating so the plugin is loaded from the refreshed cache.


Pi Installation

Install CC Safety Net with Pi's package installer:

pi install npm:cc-safety-net

What it does

CapabilityWhat it catches
Semantic command analysisrm -rf on destructive targets, git reset --hard, git checkout --, git push --force, git stash clear, git clean -f, find -delete, dd/mkfs/shred — by intent, not string pattern. git checkout -b feature (safe) is allowed while git checkout -- file (destructive) is blocked.
Shell wrapper detectionDestructive commands hidden in bash -c, sh -c, and similar wrappers, recursively analyzed up to 10 levels deep.
Interpreter one-linersDestructive code in python -c, node -e, ruby -e, perl -e one-liners (e.g. os.system("rm -rf /")).
Fail-closed by defaultMalformed hook input, unparseable commands (in strict mode), invalid config, and broken rulebooks block rather than allow.
Custom rules via rulebooksAdd your own blocking rules at user or project scope, pinned by SHA-256 digest when fetched from GitHub.
Audit loggingEvery blocked command logged to ~/.cc-safety-net/logs/<session_id>.jsonl with secrets auto-redacted.

Full blocked/allowed command lists: Blocked Commands · Allowed Commands.

Why not just use a sandbox?

A workspace-writable sandbox still permits git reset --hard, git push --force, and rm -rf . inside the project directory, because the OS only sees writes to an allowed path. Sandboxing contains blast radius; CC Safety Net catches the destructive operations sandboxing permits — use both for defense-in-depth. See vs Sandboxing.

Modes

CC Safety Net has opt-in modes toggled by CC_SAFETY_NET_* environment variables (legacy SAFETY_NET_* names also accepted):

ModeFlagEffect
StrictCC_SAFETY_NET_STRICT=1Fail closed on unparseable commands, not just malformed input.
ParanoidCC_SAFETY_NET_PARANOID=1Stricter checks; or use CC_SAFETY_NET_PARANOID_RM=1 (block rm -rf even within cwd) and CC_SAFETY_NET_PARANOID_INTERPRETERS=1 (block interpreter one-liners).
WorktreeCC_SAFETY_NET_WORKTREE=1Relax local git discards inside verified linked worktrees.

See Modes and Environment.

Diagnostics and tracing

# Verify your installation and run a self-test
npx cc-safety-net doctor
# Trace how a command is analyzed step-by-step
npx cc-safety-net explain "git reset --hard"

Both support --json for machine-readable output. Full reference: CLI Commands · Explain Trace.

Upgrading from an older version

[!WARNING] If you previously defined custom rules in a legacy inline config (.safety-net.json or ~/.cc-safety-net/config.json), those files are no longer loaded at runtime. Commands now fail closed (stay blocked) until you migrate. Run npx -y cc-safety-net rule migrate to convert them to the rulebook layout. See the migration guide.

Full documentation

All details live on the docs site at ccsafetynet.com/docs:

AreaPages
Get startedIntroduction · Installation · Quickstart
ConfigurationModes · Environment · Custom Rules · Status Line
ReferenceBlocked Commands · Allowed Commands · Audit Log · CLI Commands · Explain Trace · Glossary
GuidesHow It Works · Architecture · Analysis Engine · Design Principles · Security Model · vs Sandboxing · Known Limitations · Troubleshooting
ProjectContributing · Security Policy

Development

See CONTRIBUTING.md for details on how to contribute to this project.

License

MIT

// compatibility

Platformscli, api
Operating systems
AI compatibilityclaude
LicenseMIT
Pricingopen-source
LanguageTypeScript

// faq

What is cc-safety-net?

A coding agent CLI hook that acts as a safety net, catching destructive git and filesystem commands before they execute. Supports Codex, Claude Code, OpenCode, Gemini CLI, Copilot CLI, Kimi Code and Pi.. It is open-source on GitHub.

Is cc-safety-net free to use?

cc-safety-net is open-source under the MIT license, so it is free to use.

What category does cc-safety-net belong to?

cc-safety-net is listed under plugins in the Claudeers registry of Claude-compatible tools.

0 views
1,439 stars
unclaimed
updated 5 days ago

// embed badge

cc-safety-net on Claudeers
[![Claudeers](https://claudeers.com/api/badge/cc-safety-net.svg)](https://claudeers.com/cc-safety-net)

// retro hit counter

cc-safety-net hit counter
[![Hits](https://claudeers.com/api/counter/cc-safety-net.svg)](https://claudeers.com/cc-safety-net)

// reviews

// guestbook

0/500

// related in Claude Plugins

🔓

A single CLAUDE.md file to improve Claude Code behavior, derived from Andrej Karpathy's observations on LLM coding pitfalls.

// pluginsmultica-ai/187,223[ claude ]
🔓

Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explainin…

// pluginsanthropics/Python135,848[ claude ]
🔓

"CLI-Anything: Making ALL Software Agent-Native" -- CLI-Hub: https://clianything.cc/

// pluginsHKUDS/Python44,672Apache-2.0[ claude ]
🔓

A Claude Code plugin that shows what's happening - context usage, active tools, running agents, and todo progress

// pluginsjarrodwatts/JavaScript26,116MIT[ claude ]

// built by

Ecosystem hubone of the most connected projects in the claude ecosystem · 37 connections
→ see how cc-safety-net connects across the ecosystem