claude-guardrails-rg
v1.0.2
Published
Cross-platform global security guardrails for Claude Code
Maintainers
rahbanReadme
claude-guardrails-rg
Automatic irreversibility guardrails for Claude Code — blocks destructive shell commands and dangerous file writes before they execute, on any OS.
Install
# Local — protects only this project (creates ./.claude/)
npm install claude-guardrails-rg
# Global — protects all projects (creates ~/.claude/)
npm install -g claude-guardrails-rgThe installer auto-detects whether you're installing locally or globally.
Uninstall
# Remove from local project
npm uninstall claude-guardrails-rg
# Remove from global
npm uninstall -g claude-guardrails-rgThe uninstaller removes only the guardrail entries — all other hooks and settings are left untouched.
Manual Override
If auto-detection fails, you can force the mode:
# Force local install
node node_modules/claude-guardrails-rg/bin/install.js --local
# Force global install
npx claude-guardrails-rg --globalWhat gets blocked
Bash commands
| Category | Blocked patterns |
|---|---|
| Filesystem | rm -rf, dd if=, redirect to block device (> /dev/sdX) |
| SQL DDL | DROP TABLE, DROP DATABASE, DROP SCHEMA, DROP INDEX, TRUNCATE TABLE |
| Python ORM / CLI | drop_all(), drop_table(), flask drop, flask db downgrade, alembic downgrade, manage.py flush |
| Database CLIs | psql -c DROP, mysql -e DROP, mysqladmin drop, mongo --eval drop, redis-cli FLUSHALL/FLUSHDB |
| JS/TS DB CLIs | prisma migrate reset, sequelize db:drop, knex migrate:rollback --all, heroku pg:reset |
| Cloud / Infra | terraform destroy, aws s3 rm --recursive, aws s3 rb, gcloud delete --quiet, kubectl delete namespace/all |
| Git | git reset --hard, git push --force, git clean -f, git branch -D, git checkout -- |
| Process | kill -9, pkill -9 |
File writes — .py .js .ts .jsx .tsx .sh .sql
| Category | Blocked patterns |
|---|---|
| SQL DDL | DROP TABLE, DROP DATABASE, DROP SCHEMA, DROP INDEX, DROP VIEW, DROP SEQUENCE, TRUNCATE TABLE, DELETE FROM without WHERE |
| SQLAlchemy | drop_all(), metadata.drop_all(), drop_table(), __table__.drop() |
| Alembic | op.drop_table(), op.drop_column(), op.drop_index(), op.drop_constraint() |
| Sequelize / Knex | queryInterface.dropTable(), queryInterface.dropAllTables(), .dropTable(), .dropTableIfExists(), schema.dropTable() |
| TypeORM | .dropDatabase(), synchronize(true) |
| MongoDB / Mongoose | collection.drop(), Model.collection.drop(), db.dropDatabase(), mongoose.connection.dropDatabase(), mongoose.connection.dropCollection() |
| Prisma | $executeRaw with DROP, migrate reset |
| Filesystem | shutil.rmtree(), rm -rf, fs.rmSync({recursive:true}), fs.rmdirSync({recursive:true}), rimraf() |
| Git | git reset --hard, git push --force, git clean -f |
How it works
On install, two scanner scripts are copied into your .claude/hooks/ directory and registered in settings.json as PreToolUse hooks:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Write|Edit",
"hooks": [{ "type": "command", "command": "node ~/.claude/hooks/scan_file_content.mjs" }]
},
{
"matcher": "Bash",
"hooks": [{ "type": "command", "command": "node ~/.claude/hooks/scan_bash_command.mjs" }]
}
]
}
}Before every Bash, Write, or Edit tool call, Claude Code pipes the tool input JSON to the relevant scanner via stdin. If a dangerous pattern matches, the scanner exits with code 2 — Claude Code treats this as a block and shows the error in the terminal. The AI cannot proceed until you manually intervene.
Safe to re-run — install is idempotent and merges with any hooks you already have. It will never duplicate or overwrite existing entries.
Compatibility
- Node.js 18+
- macOS, Linux, Windows
- No third-party dependencies
Manual install (if npm scripts are disabled)
Some CI or locked-down environments block npm lifecycle scripts. Run the installer directly:
node $(npm root -g)/claude-guardrails-rg/bin/install.js