Git Guardrails Claude Code
Install PreToolUse hooks so Claude Code cannot run destructive git commands without your explicit approval.
Overview
Git guardrails (Claude Code) is a journey-wide agent skill that installs PreToolUse hooks to block destructive git commands—usable whenever a solo builder agents git work and wants push, hard reset, and clean blocked bef
Install
npx skills add https://github.com/vinvcn/mattpocock-skills-zh-cn --skill git-guardrails-claude-codeWhat is this skill?
- Blocks git push (all variants including --force), reset --hard, clean -f/-fd, branch -D, checkout ., and restore .
- PreToolUse hook script with jq parsing of tool_input.command and pattern matching
- Project scope (.claude/settings.json) or global (~/.claude/settings.json) install paths
- Bundled block-dangerous-git.sh copied to .claude/hooks with chmod +x
- Agent receives a clear BLOCKED message on exit code 2 when a pattern matches
- 9 dangerous git pattern checks in the bundled hook script
Adoption & trust: 483 installs on skills.sh; 485 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your coding agent can run git push, reset --hard, or clean -fd from a single mistaken tool call and you have no automatic stop before damage happens.
Who is it for?
Solo builders using Claude Code who want a default deny-list on high-risk git operations across one repo or all projects.
Skip if: Teams that need agents to push or force-push routinely without manual bypass, or users not on Claude Code’s hook/settings model.
When should I use this skill?
User wants to prevent destructive git operations, add git safety hooks, or block git push/reset in Claude Code.
What do I get? / Deliverables
After setup, matching git commands fail at the hook with a BLOCKED message so the agent cannot execute those operations until you change policy or run them yourself outside the guardrail.
- Executable block-dangerous-git.sh in .claude/hooks
- PreToolUse hook entry in Claude settings
Recommended Skills
Journey fit
Useful at every journey phase - explore requirements and options before committing to a direction.
Where it fits
Agent tries git clean -fd after a refactor mistake and the hook blocks it before wiping untracked assets.
Pre-release session where you forbid any git push until you personally review the diff.
Hotfix branch work with an agent that must not force-push to main.
How it compares
Use instead of trusting the model’s git discipline alone—this is hook-level enforcement, not a linter or PR review skill.
Common Questions / FAQ
Who is git-guardrails-claude-code for?
Claude Code users—especially solos and indies—who delegate terminal git to an agent and want destructive patterns blocked automatically.
When should I use git-guardrails-claude-code?
During build when iterating branches, before ship when you fear accidental pushes, and during operate when agents fix production—any time you enable agent shell access with git on the machine.
Is git-guardrails-claude-code safe to install?
It only adds a local hook script and settings entries you control; review the Security Audits panel on this page and inspect block-dangerous-git.sh before enabling global scope.
SKILL.md
READMESKILL.md - Git Guardrails Claude Code
#!/bin/bash INPUT=$(cat) COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command') DANGEROUS_PATTERNS=( "git push" "git reset --hard" "git clean -fd" "git clean -f" "git branch -D" "git checkout \." "git restore \." "push --force" "reset --hard" ) for pattern in "${DANGEROUS_PATTERNS[@]}"; do if echo "$COMMAND" | grep -qE "$pattern"; then echo "BLOCKED: '$COMMAND' matches dangerous pattern '$pattern'. The user has prevented you from doing this." >&2 exit 2 fi done exit 0 --- name: git-guardrails-claude-code description: 设置 Claude Code hooks,在危险 git commands(push, reset --hard, clean, branch -D 等)执行前阻止它们。Use when user wants to prevent destructive git operations, add git safety hooks, or block git push/reset in Claude Code. --- # Setup Git Guardrails 设置一个 PreToolUse hook,在 Claude 执行危险 git commands 前拦截并阻止它们。 ## What Gets Blocked - `git push`(包括 `--force` 在内的所有 variants) - `git reset --hard` - `git clean -f` / `git clean -fd` - `git branch -D` - `git checkout .` / `git restore .` 被阻止时,Claude 会看到一条 message,说明它无权访问这些 commands。 ## Steps ### 1. Ask scope 询问用户:只为**当前 project** 安装(`.claude/settings.json`),还是为**所有 projects** 安装(`~/.claude/settings.json`)? ### 2. Copy the hook script bundled script 位于:[scripts/block-dangerous-git.sh](scripts/block-dangerous-git.sh) 根据 scope 复制到目标位置: - **Project**: `.claude/hooks/block-dangerous-git.sh` - **Global**: `~/.claude/hooks/block-dangerous-git.sh` 用 `chmod +x` 让它可执行。 ### 3. Add hook to settings 添加到对应 settings file: **Project** (`.claude/settings.json`): ```json { "hooks": { "PreToolUse": [ { "matcher": "Bash", "hooks": [ { "type": "command", "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/block-dangerous-git.sh" } ] } ] } } ``` **Global** (`~/.claude/settings.json`): ```json { "hooks": { "PreToolUse": [ { "matcher": "Bash", "hooks": [ { "type": "command", "command": "~/.claude/hooks/block-dangerous-git.sh" } ] } ] } } ``` 如果 settings file 已存在,把 hook merge 到现有 `hooks.PreToolUse` array 中,不要覆盖其他 settings。 ### 4. Ask about customization 询问用户是否要在 blocked list 中添加或移除 patterns。相应编辑复制后的 script。 ### 5. Verify 运行快速测试: ```bash echo '{"tool_input":{"command":"git push origin main"}}' | <path-to-script> ``` 应以 code 2 退出,并向 stderr 打印 BLOCKED message。