By justi
Safely run refactoring, cleanup, and file edits within your project directory by automatically blocking destructive commands like rm, delete, or invalid flutter pub add that target files outside project boundaries. Prevents accidental filesystem damage using PreToolUse hooks, bash scripts, and pubspec.yaml guards.
npx claudepluginhub davepoon/buildwithclaude --plugin project-boundaryAllows destructive operations within your project but blocks them outside the project directory. Built for --dangerously-skip-permissions mode where Claude doesn't ask — this plugin is your safety net.
rm everywhere; Project Boundary allows it inside the project so refactoring works normally./tmp vs everything else; Project Boundary uses $CLAUDE_PROJECT_DIR as the actual boundary.| Operation | Inside project | Outside project |
|---|---|---|
rm, rm -rf | Allowed | Blocked |
mv (source and destination) | Allowed | Blocked |
cp (source and destination) | Allowed | Blocked |
ln (source and target) | Allowed | Blocked |
chmod / chown | Allowed | Blocked |
> / >> redirect | Allowed | Blocked |
tee / tee -a | Allowed | Blocked |
curl -o / curl --output | Allowed | Blocked |
wget -O / wget --output-document | Allowed | Blocked |
find -delete / find -exec rm | Allowed | Blocked |
dd of= | Allowed | Blocked |
install (source and destination) | Allowed | Blocked |
rsync (source and destination) | Allowed | Blocked |
tar -C / --directory= | Allowed | Blocked |
unzip -d / cpio -D | Allowed | Blocked |
| Edit tool (file edits) | Allowed | Blocked |
| MultiEdit tool (multi-file edits) | Allowed | Blocked |
| Write tool (file creation) | Allowed | Blocked |
| Command | Reason |
|---|---|
bash -c "..." / sh -c "..." | Nested shell — cannot inspect inner command |
eval '...' | Cannot safely parse evaluated code |
Piping to sh / bash | Inner commands invisible to guard |
xargs rm/mv/cp/... | Arguments cannot be validated |
$(...) / backticks (outside single quotes) | Command substitution target is uninspectable. Single-quoted forms like '$(cmd)' and arithmetic expansion $((2+2)) are allowed. |
;, &&, ||, | and checks each sub-command independentlycwd awareness — uses cwd from the hook event, so commands run outside the project (without an explicit cd) are also guardedcd tracking — cd /tmp && rm -rf something is blocked because cd left the project; cd $PROJECT && rm file is allowed even if the event cwd was outsidecwd or cd), these are blocked: git clean -f, git checkout ., git restore ., git reset --hard, git push --force, git stash drop/clear, git branch -D, git reflog expire, rails db:drop/reset, rake db:drop/reset. Safe commands like git status, git log, rails routes remain allowed.sudo prefix — stripped before checking, so sudo rm /etc/passwd is still blockedfind options — handles -L, -H, -P before the search path.. segments are resolved before boundary check~ and $HOME expansion — rm ~/file and rm $HOME/file are correctly detected as outside-project/var → /private/var, dereferences symlink chains in Edit/Write/MultiEdit (fail-closed after 20 hops){a,b,c}) is not enumerated — literal match only~user/ (home of another user) is not expanded; only ~/ (current user) is handledDirect:
claude --plugin-dir /path/to/claude-code-project-boundary
From marketplace:
/plugin marketplace add davepoon/buildwithclaude
/plugin install project-boundary@buildwithclaude
Pure-bash PreToolUse hooks for Bash, Edit, MultiEdit, and Write tools. The Bash hook splits chained commands and resolves target paths (handling symlinks, .., ~, $HOME); the Edit, MultiEdit, and Write hooks perform file path boundary checks against $CLAUDE_PROJECT_DIR. Dependencies: bash + jq.
bash tests/test_guard.sh
Full test suite covering all guard scenarios. CI runs on Ubuntu and macOS.
MIT
Semantic search for Claude Code conversations. Remember past discussions, decisions, and patterns.
Executes bash commands
Hook triggers when Bash tool is used
Modifies files
Hook triggers on file write and edit operations
Permanent coding companion for Claude Code — survives any update. MCP-based terminal pet with ASCII art, stats, reactions, and personality.