Defense-in-depth protection system for Claude Code. Uses PreToolUse hooks to intercept and validate tool calls before execution, blocking dangerous commands and protecting sensitive files. | Level | Read | Write | Edit | Delete | Use Case | |-------|------|-------|------|--------|----------| | **zeroAccessPaths** | No | No | No | No | Secrets, credentials, .env files | | **readOnlyPaths** | Yes | No | No | No | System configs, lock files, build artifacts | | **noDeletePaths** | Yes | Yes | Yes | No | Important project files, .git/, LICENSE | </protection_levels> PreToolUse hooks intercept tool calls at three points:

1. Bash Hook - Evaluates commands against regex patterns and path restrictions
2. Edit Hook - Validates file paths before modifications
3. Write Hook - Checks paths before file creation

Exit codes:

• 0 = Allow operation
• 0 + JSON = Ask for confirmation (triggers dialog)
• 2 = Block operation (stderr fed back to Claude)

Ask patterns: Some operations trigger confirmation dialogs instead of blocking:

• git checkout -- . (discards changes)
• git stash drop (deletes stash)
• DELETE FROM table WHERE id=X (SQL with specific ID)</how_it_works>

**Interactive installation:** ``` /damage-control install ```

Or ask Claude:

"Install damage control security hooks"
"Set up protection for my project"

</quick_start>

What would you like to do?

1. Install - Set up damage control hooks (global, project, or personal)
2. Modify - Add/remove protected paths or blocked commands
3. Test - Validate hooks are working correctly
4. List - View all active protections across all levels

Wait for response before proceeding.

| Response | Workflow | |----------|----------| | 1, "install", "setup", "deploy" | [workflows/install.md](workflows/install.md) | | 2, "modify", "add", "remove", "change" | [workflows/modify.md](workflows/modify.md) | | 3, "test", "verify", "check" | [workflows/test.md](workflows/test.md) | | 4, "list", "view", "show" | [workflows/list.md](workflows/list.md) |

Direct command routing (skip menu):

• "add ~/.credentials to zero access" → Execute directly, then restart reminder
• "block npm publish command" → Execute directly, then restart reminder
• "protect /secrets folder" → Execute directly, then restart reminder

After reading the workflow, follow it exactly.

**Destructive file operations:** - `rm -rf`, `rm --recursive`, `sudo rm` - `chmod 777`, `chown -R root`

Git destructive:

• git reset --hard, git push --force (not --force-with-lease)
• git clean -fd, git stash clear, git filter-branch

Cloud destructive:

• AWS: terminate-instances, delete-db-instance, delete-stack
• GCP: projects delete, instances delete, clusters delete
• Docker: system prune -a, volume rm
• Kubernetes: delete namespace, delete all --all

Database destructive:

• DELETE FROM table; (no WHERE clause)
• DROP TABLE, DROP DATABASE, TRUNCATE TABLE
• redis-cli FLUSHALL, dropdb

See scripts/patterns.yaml for complete list.
</blocked_commands_summary>

| Level | Settings Path | Hooks Path | Scope | |-------|--------------|------------|-------| | Global | `~/.claude/settings.json` | `~/.claude/hooks/damage-control/` | All projects | | Project | `.claude/settings.json` | `.claude/hooks/damage-control/` | Team-shared | | Personal | `.claude/settings.local.json` | `.claude/hooks/damage-control/` | Just you | </settings_locations> **Python with UV (Recommended):** ```bash # macOS/Linux curl -LsSf https://astral.sh/uv/install.sh | sh

Windows

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

**TypeScript with Bun (Alternative):**
```bash
# macOS/Linux
curl -fsSL https://bun.sh/install | bash && bun add yaml

# Windows
powershell -c "irm bun.sh/install.ps1 | iex" && bun add yaml

</runtime_requirements> **IMPORTANT:** After any installation or modification:

Restart your agent for changes to take effect.

Hooks are only loaded at agent startup. Run /hooks after restart to verify.
</critical_reminder>

| Workflow | Purpose | |----------|---------| | [workflows/install.md](workflows/install.md) | Interactive installation at any settings level | | [workflows/modify.md](workflows/modify.md) | Add/remove protected paths and blocked commands | | [workflows/test.md](workflows/test.md) | Validate all hooks are working correctly | | [workflows/list.md](workflows/list.md) | View all active protections | </workflows_index>

Script	Purpose
scripts/bash-tool-damage-control.py	PreToolUse hook for Bash commands
scripts/edit-tool-damage-control.py	PreToolUse hook for Edit tool
scripts/write-tool-damage-control.py	PreToolUse hook for Write tool
scripts/test-damage-control.py	Test runner for hook validation
scripts/patterns.yaml	Security patterns and protected paths
scripts/settings-template.json	Hook configuration template
</scripts_index>

A working damage-control installation has:

• Hooks installed at chosen level (global/project/personal)
• patterns.yaml copied alongside hook scripts
• settings.json updated with PreToolUse hook configuration
• UV (or Bun) runtime installed
• Agent restarted to load hooks
• Verified with /hooks command showing damage-control hooks
• Tested with rm -rf /tmp/test (should be blocked)</success_criteria>