safety-net

A PreToolUse hook that intercepts and blocks destructive git and filesystem commands before AI coding agents run them. CC Safety Net parses command semantics — so flag reordering, shell wrappers, and interpreter one-liners can't bypass it.

[!NOTE] Full documentation → — installation, configuration, reference, guides, and the security model live on the docs site.

Why this exists

We learned the hard way that instructions aren't enough to keep AI agents in check. After an agent silently wiped hours of progress with a single rm -rf ~/ or git checkout --, it became clear that soft rules in a CLAUDE.md or AGENTS.md file cannot replace hard technical constraints. CC Safety Net is that constraint: it intercepts every Bash tool call and blocks destructive commands before they reach the shell. See What Is CC Safety Net for the full background.

Supported agents

CC Safety Net works across seven coding agent CLIs: Claude Code, Codex, Gemini CLI, GitHub Copilot CLI, Kimi Code, OpenCode, and Pi. Each integration is documented at Architecture.

Prerequisites

• Node.js 18 or higher.

Quick start

Codex Installation

1. Enable Codex plugin hooks in ~/.codex/config.toml:

[features]
plugin_hooks = true

2. Add the marketplace:

codex plugin marketplace add kenryu42/cc-marketplace

3. Start Codex.
4. In the TUI, run /plugins.
5. Use arrow keys to select [cc-marketplace].
6. Press Enter to install the plugin.
7. run /hooks and select the safety-net PreToolUse hook and press t to trust it.

---

Claude Code Installation

/plugin marketplace add kenryu42/cc-marketplace
/plugin install safety-net@cc-marketplace
/reload-plugins

Claude Code Auto-Update

1. Run /plugin → Select Marketplaces → Choose cc-marketplace → Enable auto-update

---

Gemini CLI Installation

gemini extensions install https://github.com/kenryu42/gemini-safety-net

---

GitHub Copilot CLI Installation

/plugin install kenryu42/copilot-safety-net

---

Kimi Code Installation

Install CC Safety Net into your Kimi Code config:

npx -y cc-safety-net hook install --kimi-code

Optional: run npx skill add kenryu42/cc-safety-net to add the /cc-safety-net skill for configuring custom rules.

---

OpenCode Installation

Install CC Safety Net with OpenCode's native plugin command:

opencode plugin -g cc-safety-net

[!NOTE] OpenCode can sometimes keep using a stale cached plugin version. See anomalyco/opencode#25293 for the current tracking issue.

To force OpenCode to reinstall cc-safety-net, remove its cached package and install the version you want:

rm -rf ~/.cache/opencode/packages/cc-safety-net@latest
opencode plugin -g -f cc-safety-net@latest

If you prefer pinning a specific version:

rm -rf ~/.cache/opencode/packages/cc-safety-net@latest
opencode plugin -g -f cc-safety-net@<version>

Restart OpenCode after updating so the plugin is loaded from the refreshed cache.

---