"4 Safety Hooks Every Claude Code User Should Install"

#claude #ai #security #devtools

Claude Code is powerful. It reads your files, writes code, runs shell commands, and manages git, all autonomously. That power comes with real risk.

I've been running Claude Code in an autonomous loop for weeks. During that time, I've watched it try to rm -rf directories, force-push branches, overwrite .env files, and pipe scripts from the internet into bash. Not out of malice, out of optimism. It thinks it's helping.

Here are four hooks I built to stop those mistakes before they happen. Each installs in one command, runs locally (no network calls), and stays out of your way until something dangerous comes through.

1. read-once: Stop Paying to Re-Read Files

Problem: Claude Code re-reads the same file multiple times per session. Each read costs tokens. On large files, this adds up fast.

What it does: Tracks which files Claude has already read this session. On repeat reads, it returns a short summary instead of the full content. Saves 60-90% on file read tokens.

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/read-once/install.sh | bash

Supports diff mode: when a file has changed since the last read, it shows only what changed instead of re-reading the whole file.

2. file-guard: Protect Sensitive Files

Problem: Claude Code can overwrite any file it has access to. One wrong edit to .env, id_rsa, or production.yml and you have a real problem.

What it does: Blocks writes to files matching patterns you define. Ships with defaults for .env*, *.pem, *.key, id_rsa*, and docker-compose.prod*. Run init.sh to auto-detect sensitive files in your project.

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/file-guard/install.sh | bash

Configure with .file-guard in your project root:

protect: .env*
protect: secrets/
protect: *.key

3. git-safe: Prevent Destructive Git Operations

Problem: Claude Code uses git. It can force-push, reset hard, delete branches, and rewrite history. One git push --force to main and your team's day is ruined.

What it does: Intercepts git commands before execution. Blocks force-push, reset --hard, clean -f, branch -D, and checkout of untracked files. Normal git operations (commit, push, pull, branch) pass through without interference.

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/git-safe/install.sh | bash

Protected branches default to main and master. Add more in .git-safe:

protect-branch: production
protect-branch: staging

4. bash-guard: Block Dangerous Shell Commands

Problem: Claude Code can run arbitrary bash commands. It will occasionally try sudo, rm -rf /, curl ... | bash, or chmod -R 777 when it thinks that solves the problem.

What it does: Intercepts bash commands and blocks 9 categories of dangerous operations:

rm -rf /, rm -rf ~, rm -rf *
sudo anything
curl | bash, wget | sh (pipe to shell)
chmod -R 777, chmod -R 000
kill -9 -1, killall
dd of=/dev/, mkfs (disk operations)
Writes to /etc/, /usr/, /System/
eval "$variable" (injection)
npm install -g

Safe variants pass through. rm -rf ./build is fine. kill -9 12345 is fine. Only the genuinely dangerous patterns are blocked.

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/bash-guard/install.sh | bash

Install All Four at Once

Don't want to run four commands? Install everything:

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- all

This adds all four hooks to your ~/.claude/settings.json and downloads the scripts to ~/.claude/hooks/.

How Hooks Work

Claude Code hooks are scripts that run before or after tool calls. They intercept the tool name and input, and can either allow the operation (exit 0) or block it (exit 2 with a reason). The hooks above use PreToolUse to check commands before they execute.

No background processes. No network calls. No dependencies beyond bash and jq. They check the command, allow or deny, and move on.