This project provides defense-in-depth security for Claude Code by intercepting and scrutinizing tool calls. It targets users seeking to prevent accidental data loss or exposure by blocking dangerous commands and protecting sensitive files through a configurable PreToolUse hook system. The primary benefit is enhanced safety and control over AI-driven code execution environments.

How It Works

The system leverages Claude Code's PreToolUse hooks to intercept Bash, Edit, and Write tool calls before they are executed. It applies security policies defined in patterns.yaml, which include strict path restrictions (zeroAccessPaths, readOnlyPaths, noDeletePaths) and command pattern matching (bashToolPatterns). These patterns can either outright block malicious operations or trigger a confirmation dialog for potentially risky but valid actions, ensuring a layered security approach.

Quick Start & Requirements

• Installation: Interactive installation via the Claude Code skill ("install the damage control system") or manual setup by copying skill files, configuring hooks in .claude/settings.json or .claude/settings.local.json, and restarting Claude Code.
• Dependencies: Python 3.x runtime (via UV) or TypeScript/Bun runtime.
• Configuration: patterns.yaml for defining security rules; hook registration in Claude Code's settings.
• Documentation: Hooks Reference, Settings Configuration, and Agentic Coding patterns are available.

Highlighted Details

• Path Protection Levels: zeroAccessPaths deny all access, readOnlyPaths permit reads but block writes/edits, and noDeletePaths allow all operations except deletion.
• Command Pattern Control: bashToolPatterns can block specific commands (e.g., rm -rf) or prompt for user confirmation for operations like SQL DELETE without a WHERE clause.
• Interactive Testing: Includes a tester script (test-damage-control.py or .ts) for interactively validating commands and paths against configured security patterns.
• CLI Testing: Supports non-interactive command-line testing of individual hooks and commands.

Maintenance & Community

The project appears to be associated with IndyDevDan, with mentions of a YouTube channel for agentic coding patterns. No specific community links (Discord, Slack) or details on core contributors/sponsorships are provided in the README.

Licensing & Compatibility

The project is released under the MIT License, permitting broad use and modification. Global and project-level hooks run in parallel; a block from either will prevent command execution.

Limitations & Caveats

Global and project hooks execute concurrently, meaning a security block from one will halt the operation regardless of the other. The system relies on specific exit codes (0 for allow/ask, 2 for block) for its logic, and other exit codes may result in warnings and command execution. Proper registration of hooks within Claude Code's configuration is essential for functionality.