Safety Guard — Prevent Destructive Operations

What problem does it solve?

It prevents autonomous agents from performing destructive or risky filesystem and database operations that can cause irreversible damage during production work.

Core Features & Use Cases

• Watched destructive-command blocking (Careful Mode): Intercepts high-risk bash commands and dangerous patterns (for example: rm -rf variants, forceful git operations, DROP TABLE/DROP DATABASE, aggressive chmod, prune/delete commands) and requires confirmation while suggesting safer alternatives.
• Directory write locking (Freeze Mode): Blocks any Write/Edit operations outside a specified directory tree so agents can’t modify unrelated parts of the codebase.
• Combined maximum protection (Guard Mode): Applies both command blocking and directory write restrictions together, allowing read access broadly while limiting writes to a targeted area.
• Auditability and operational control: Provides an explicit off/unlock command and logs blocked actions to a local safety-guard log for traceability.

Quick Start

Enable guardrails by running the command: /safety-guard guard --dir src/api/ --allow-read-all