Show HN: A Claude Code plugin that catch destructive Git and filesystem commands

Summary

Claude Code Safety Net A Claude Code plugin that acts as a safety net, catching destructive git and filesystem commands before they execute. Why This Exists We learned the hard way that instructions aren't enough to keep AI agents in check. After Claude Code silently wiped out hours of progress with a single rm -rf ~/ or git checkout -- , it became evident that "soft" rules in an CLAUDE.md or AGENTS.md file cannot replace hard technical constraints. The current approach is to use a dedicated hook to programmatically prevent agents from running destructive commands. Why Hooks Instead of settings.json? Claude Code's .claude/settings.json supports deny rules for Bash commands, but these use simple prefix matching—not pattern matching or semantic analysis. This makes them insufficient for nuanced safety rules: Limitation Example Can't distinguish safe vs. dangerous variants Bash(git checkout) blocks both git checkout -b new-branch (safe) and git checkout -- file (dangerous) Can't parse flags semantically Bash(rm -rf) blocks rm -rf /tmp/cache (safe) but allows rm -r -f / (dangerous, different flag order) Can't detect shell wrappers sh -c "rm -rf /" bypasses a Bash(rm) deny rule entirely Can't analyze interpreter one-liners python -c 'os.system("rm -rf /")' executes without matching any rm rule This hook provides semantic command analysis: it parses arguments, understands flag combinations, recursively analyzes shell wrappers, and distinguishes safe operations (temp directories, within cwd) from dangerous ones. Quick Start Installation /plugin marketplace add kenryu42/cc-marketplace /plugin install safety-net@cc-marketplace Note After installing the plugin, you need to restart your Claude Code for it to take effect. Auto-Update Run /plugin → Select Marketplaces → Choose cc-marketplace → Enable auto-update Commands Blocked Command Pattern Why It's Dangerous git checkout -- files Discards uncommitted changes permanently git checkout <ref> -- <path> Overwrites working tree w...