outlinedriven/git-guardrails-claude-code
skills/git-guardrails-claude-code/SKILL.md
Install a Claude-Code PreToolUse hook that blocks destructive git commands (push variants including force-push, hard reset, force clean, branch -D, checkout/restore overwrites) before Bash runs them. Use when the user wants git safety rails, force-push prevention, or repository-wipe protection.
$ install --global
skillsauthnpx skillsauth add outlinedriven/odin-codex-plugin git-guardrails-claude-codeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 4, 2026, 5:49 AM149.9s2 files scanned
SKILL.md
- name:
- git-guardrails-claude-code
- description:
- Install a Claude-Code PreToolUse hook that blocks destructive git commands (push variants including force-push, hard reset, force clean, branch -D, checkout/restore overwrites) before Bash runs them. Use when the user wants git safety rails, force-push prevention, or repository-wipe protection.
Bash-tool PreToolUse hook. The harness invokes the script with the candidate command on stdin as JSON; the script greps for dangerous patterns and exits non-zero with an explanatory stderr message, which the harness surfaces to the model as a refusal. The model cannot override the block.
Blocked patterns (default)
git push— all variants, including--forceand--force-with-lease.git reset --hard— discards working tree and index irreversibly.git clean -fandgit clean -fd— deletes untracked files and directories.git branch -D— force-deletes a branch, including unmerged work.git checkout .andgit restore .— bulk-overwrites uncommitted changes.
Install
1. Choose scope
- Project-local —
.claude/settings.jsonand.claude/hooks/block-dangerous-git.sh. Travels with the repository. - Global —
~/.claude/settings.jsonand~/.claude/hooks/block-dangerous-git.sh. Applies to every project.
2. Place the hook script
Write the script (content below) to the chosen hooks directory. Mark executable with chmod +x.
3. Register the hook
Project (.claude/settings.json):
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/block-dangerous-git.sh"
}
]
}
]
}
}
4. Verify
echo '{"tool_input":{"command":"git push origin main"}}' | /path/to/block-dangerous-git.sh
Expected: exit code 2, stderr contains BLOCKED:. A benign command (git status) must exit 0 with no output.
Hook script (block-dangerous-git.sh)
#!/bin/bash
INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command')
DANGEROUS_PATTERNS=(
"git push"
"git reset --hard"
"git clean -fd"
"git clean -f"
"git branch -D"
"git checkout \."
"git restore \."
"push --force"
"reset --hard"
)
for pattern in "${DANGEROUS_PATTERNS[@]}"; do
if echo "$COMMAND" | grep -qE "$pattern"; then
echo "BLOCKED: '$COMMAND' matches dangerous pattern '$pattern'. The user has prevented you from doing this." >&2
exit 2
fi
done
exit 0
Dependencies: bash, jq. The script is the contract surface; SKILL.md prescribes how to install and extend it.
Cross-harness note
The hook concept generalises but the install surface differs:
- Claude Code —
PreToolUsehook on theBashmatcher (this skill). - Codex CLI / Gemini CLI / other harnesses — typically a wrapper around the shell-exec tool or an MCP-level guard. The script body (pattern list, exit-2 contract) ports unchanged; the registration JSON does not.
Related Skills
outlinedriven/tidy
testing
VerifiedTrustedCommunity
ODIN's compress-operations dispatcher under the Compressor/Extender role. Invoke on "tidy", "clean up", "tidy this file/memory/workspace/git/docs", or when active context (current file, diff, stack, memory directory) has structural rot to resolve before touching behavior. Detects target domain from context and routes to the sibling skill. Requires explicit target or clear active-context signal — do not invoke speculatively.
12SKILL.mdUpdated May 7, 2026
outlinedriven/taste
development
VerifiedTrustedCommunity
Cross-domain taste skill — apply distinctive judgment to any artifact (prose, code, design, decisions) instead of converging to AI defaults. Two modes — `audit` (judge work against the two-sided charter and portable anchors) and `anchor` (load register before producing). Auto-detects by phrasing; override via `/taste audit | anchor`. Trigger on "is this slop?", "overkill?", "elegant?", "taste-test this".
12SKILL.mdUpdated May 4, 2026
outlinedriven/strict-validation-setup
tools
VerifiedTrustedCommunity
One-shot bootstrap of strict-mode tooling per ecosystem plus per-task GOALS.md scaffolding so an agentic loop can self-verify. Writes typechecker/linter/schema-validator config for TS (strict + noUncheckedIndexedAccess + exactOptionalPropertyTypes), Python (Pyright strict, Ruff strict), Rust (Clippy deny-correctness), Go (golangci-lint with staticcheck), OCaml (dune --release); establishes `.agent-tasks/<id>/GOALS.md` per-task convention distinct from project-stable AGENTS.md. C++/Java/Kotlin and framework specifics (Spring Boot, Nest, React-strict) are out of scope. Trigger on new project bootstrap, agentic-task setup, "make this self-verifying", "set the loop's goal", "scaffold goals for this issue". Pairs with `llm-self-loop` runtime.
12SKILL.mdUpdated May 4, 2026
outlinedriven/setup-pre-commit
tools
VerifiedTrustedCommunity
Install git pre-commit hooks via the project's hook tool — Husky+lint-staged (JS), pre-commit (Python/OCaml), lefthook (Go), cargo-husky (Rust). Use when the user wants commit-time formatting, linting, type-checking, or test gates. Detects ecosystem first.
12SKILL.mdUpdated May 4, 2026