Copilot Safety Net

A Coding Agent CLI plugin that acts as a safety net, catching destructive git and filesystem commands before they execute.

Why This Exists
Why Use This Instead of Permission Deny Rules?
What About Sandboxing?
Prerequisites
Quick Start
Status Line Integration
- Emoji Mode Indicators
Diagnostics
Explain (Debug Analysis)
Commands Blocked
Commands Allowed
What Happens When Blocked
Testing the Hook
Breaking Change: Custom Rules Migration
Custom Rules
Advanced Features
Development
License

Why This Exists

We learned the hard way that instructions aren't enough to keep AI agents in check. After Claude Code silently wiped out hours of progress with a single rm -rf ~/ or git checkout --, it became evident that soft rules in an CLAUDE.md or AGENTS.md file cannot replace hard technical constraints. The current approach is to use a dedicated hook to programmatically prevent agents from running destructive commands.

Why Use This Instead of Permission Deny Rules?

Claude Code's .claude/settings.json supports deny rules with wildcard matching (e.g., Bash(git reset --hard:*)). Here's how this plugin differs:

At a Glance

	Permission Deny Rules	CC Safety Net
Setup	Manual configuration required	Works out of the box
Parsing	Wildcard pattern matching	Semantic command analysis
Execution order	Runs second	Runs first (PreToolUse hook)
Shell wrappers	Not handled automatically (must match wrapper forms)	Recursively analyzed (up to 10 levels)
Interpreter one-liners	Not handled automatically (must match interpreter forms)	Detected and blocked

Permission Rules Have Known Bypass Vectors

Even with wildcard matching, Bash permission patterns are intentionally limited and can be bypassed in many ways:

copilot-safety-net

Popularity

Health & Quality

What's Inside

README