git-guardrails-claude-code

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Setup Git Guardrails

搭建Git防护机制

Sets up a PreToolUse hook that intercepts and blocks dangerous git commands before Claude executes them.

设置PreToolUse钩子，在Claude执行危险git命令前拦截并阻止它们。

What Gets Blocked

拦截范围

```
git push
```
(all variants including
```
--force
```
)
```
git reset --hard
```
```
git clean -f
```
/
```
git clean -fd
```
```
git branch -D
```
```
git checkout .
```
/
```
git restore .
```

When blocked, Claude sees a message telling it that it does not have authority to access these commands.

```
git push
```
（包括
```
--force
```
在内的所有变体）
```
git reset --hard
```
```
git clean -f
```
/
```
git clean -fd
```
```
git branch -D
```
```
git checkout .
```
/
```
git restore .
```

当命令被拦截时，Claude会收到一条消息，告知其无权访问这些命令。

Steps

操作步骤

1. Ask scope

1. 询问作用范围

Ask the user: install for this project only (

.claude/settings.json

) or all projects (

~/.claude/settings.json

询问用户：仅为当前项目（

.claude/settings.json

）安装，还是为所有项目（

~/.claude/settings.json

）安装？

2. Copy the hook script

2. 复制钩子脚本

The bundled script is at: scripts/block-dangerous-git.sh

Copy it to the target location based on scope:

Project:
```
.claude/hooks/block-dangerous-git.sh
```
Global:
```
~/.claude/hooks/block-dangerous-git.sh
```

Make it executable with

chmod +x

内置脚本路径为：scripts/block-dangerous-git.sh

根据作用范围复制到目标位置：

项目级：
```
.claude/hooks/block-dangerous-git.sh
```
全局级：
```
~/.claude/hooks/block-dangerous-git.sh
```

使用

chmod +x

命令赋予其可执行权限。

3. Add hook to settings

3. 将钩子添加至设置文件

Add to the appropriate settings file:

Project (

.claude/settings.json

json

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/block-dangerous-git.sh"
          }
        ]
      }
    ]
  }
}

Global (

~/.claude/settings.json

json

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "~/.claude/hooks/block-dangerous-git.sh"
          }
        ]
      }
    ]
  }
}

If the settings file already exists, merge the hook into existing

hooks.PreToolUse

array — don't overwrite other settings.

添加至对应的设置文件中：

项目级（

.claude/settings.json

）：

json

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "\"$CLAUDE_PROJECT_DIR\"/.claude/hooks/block-dangerous-git.sh"
          }
        ]
      }
    ]
  }
}

全局级（

~/.claude/settings.json

）：

json

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "~/.claude/hooks/block-dangerous-git.sh"
          }
        ]
      }
    ]
  }
}

如果设置文件已存在，请将钩子合并到现有的

hooks.PreToolUse

数组中——不要覆盖其他设置。

4. Ask about customization

4. 询问自定义需求

Ask if user wants to add or remove any patterns from the blocked list. Edit the copied script accordingly.

询问用户是否需要在拦截列表中添加或移除命令模式，并相应编辑已复制的脚本。

5. Verify

5. 验证设置

Run a quick test:

bash

echo '{"tool_input":{"command":"git push origin main"}}' | <path-to-script>

Should exit with code 2 and print a BLOCKED message to stderr.

运行快速测试：

bash

echo '{"tool_input":{"command":"git push origin main"}}' | <path-to-script>

脚本应返回退出码2，并在标准错误输出中打印BLOCKED消息。