Name: project-boundary
Author: justi

Project Boundary — Claude Code Plugin

Allows destructive operations within your project but blocks them outside the project directory. Built for --dangerously-skip-permissions mode where Claude doesn't ask — this plugin is your safety net.

How it differs from existing plugins

claude-code-safety-net — blocks rm everywhere; Project Boundary allows it inside the project so refactoring works normally.
destructive-command-guard — only distinguishes /tmp vs everything else; Project Boundary uses $CLAUDE_PROJECT_DIR as the actual boundary.
claude-code-damage-control — requires manually listing protected paths; Project Boundary automatically protects everything outside the project.

What it does

Boundary-checked (allowed inside project, blocked outside)

Operation	Inside project	Outside project
`rm`, `rm -rf`	Allowed	Blocked
`mv` (source and destination)	Allowed	Blocked
`cp` (source and destination)	Allowed	Blocked
`ln` (source and target)	Allowed	Blocked
`chmod` / `chown`	Allowed	Blocked
`>` / `>>` redirect	Allowed	Blocked
`tee` / `tee -a`	Allowed	Blocked
`curl -o` / `curl --output`	Allowed	Blocked
`wget -O` / `wget --output-document`	Allowed	Blocked
`find -delete` / `find -exec rm`	Allowed	Blocked
`dd of=`	Allowed	Blocked
`install` (source, destination, `--target-directory=`)	Allowed	Blocked
`rsync` (source, destination, `--log-file=`, `--partial-dir=`, `--backup-dir=`, `--temp-dir=`, `--write-batch=`, `--only-write-batch=`)	Allowed	Blocked
`tar -C` / `--directory=`	Allowed	Blocked
`unzip -d` / `cpio -D`	Allowed	Blocked
`7z -o<dir>` / `7z -w<dir>` (extract verbs only)	Allowed	Blocked
Edit tool (file edits)	Allowed	Blocked
MultiEdit tool (multi-file edits)	Allowed	Blocked
Write tool (file creation)	Allowed	Blocked

Always blocked (unsafe to inspect)

Command	Reason
`bash -c "..."` / `sh -c "..."`	Nested shell — cannot inspect inner command
`eval '...'`	Cannot safely parse evaluated code
Piping to `sh` / `bash`	Inner commands invisible to guard
`xargs rm/mv/cp/...`	Arguments cannot be validated
`python -c` / `ruby -e` / `perl -e` / `node --eval` / `php -r/-R/--run` / `Rscript -e` / `osascript -e`	Inline interpreter code is opaque to the Bash parser
`awk '... system("...") ...'` (and similar `\| "sh"`)	Awk programs can shell out without the guard seeing the inner command
`env -S` / `env --split-string` / `env -C` / `env --chdir`	These either smuggle a real command inside a string or change the working directory before the inner tool runs
`$(...)` / backticks (outside single quotes)	Command substitution target is uninspectable. Single-quoted forms like `'$(cmd)'` and arithmetic expansion `$((2+2))` are allowed.
`$VAR` / `${VAR}` and positional / special parameters (`$1` … `$9`, `$@`, `$*`, `$#`, `$?`, `$$`, `$!`, `$-`) outside single quotes	Variable expansion target is uninspectable for the same reason as `$(...)`. Only `$HOME` / `${HOME}` is allowed (canonical home path). Use literal values inline, or reach for the `Read` / `Grep` tools instead of piping shell vars. ANSI-C `$'…'`, i18n `$"…"`, backslash-escaped `\$VAR`, single-quoted `'$VAR'`, and quoted-heredoc bodies are unaffected.

Help us improve

Find plugins for your project

Help us improve

project-boundary

Popularity

What's Inside

README

Project Boundary — Claude Code Plugin

How it differs from existing plugins

What it does

Boundary-checked (allowed inside project, blocked outside)

Always blocked (unsafe to inspect)

Additional protections

Help us improve

Health & Quality

Confidence

Similar Plugins

safety-essentials

safety-hooks

safety-net

warden

claude-code-hooks

claude-buddy