damage-control

<protection_levels>

<how_it_works> PreToolUse hooks intercept tool calls at three points:

1. Bash Hook – Evaluates commands against regex patterns and path restrictions
2. Edit Hook – Validates file paths before modifications
3. Write Hook – Checks paths before file creation

Exit codes:

• 0 = Allow operation
• 0 + JSON = Ask for confirmation (triggers dialog)
• 2 = Block operation (stderr fed back to Claude)

Ask patterns: Some operations trigger confirmation dialogs instead of blocking:

• git checkout -- . (discards changes)
• git stash drop (deletes stash)
• DELETE FROM table WHERE id=X (SQL with specific ID) </how_it_works>

<quick_start> Interactive installation:

/damage-control install

Or ask Claude:

“Install damage control security hooks” “Set up protection for my project” </quick_start>

1. Install – Set up damage control hooks (global, project, or personal)
2. Modify – Add/remove protected paths or blocked commands
3. Test – Validate hooks are working correctly
4. List – View all active protections across all levels

Wait for response before proceeding.

Direct command routing (skip menu):

• “add ~/.credentials to zero access” → Execute directly, then restart reminder
• “block npm publish command” → Execute directly, then restart reminder
• “protect /secrets folder” → Execute directly, then restart reminder

After reading the workflow, follow it exactly.

<blocked_commands_summary> Destructive file operations:

• rm -rf, rm --recursive, sudo rm
• chmod 777, chown -R root

Git destructive:

• git reset --hard, git push --force (not –force-with-lease)
• git clean -fd, git stash clear, git filter-branch

Cloud destructive:

• AWS: terminate-instances, delete-db-instance, delete-stack
• GCP: projects delete, instances delete, clusters delete
• Docker: system prune -a, volume rm
• Kubernetes: delete namespace, delete all --all

Database destructive:

• DELETE FROM table; (no WHERE clause)
• DROP TABLE, DROP DATABASE, TRUNCATE TABLE
• redis-cli FLUSHALL, dropdb

See scripts/patterns.yaml for complete list. </blocked_commands_summary>

<settings_locations>

<runtime_requirements> Python with UV (Recommended):

# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

# Windows
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

TypeScript with Bun (Alternative):

# macOS/Linux
curl -fsSL https://bun.sh/install | bash && bun add yaml

# Windows
powershell -c "irm bun.sh/install.ps1 | iex" && bun add yaml

</runtime_requirements>

<critical_reminder> IMPORTANT: After any installation or modification:

Restart your agent for changes to take effect.

Hooks are only loaded at agent startup. Run /hooks after restart to verify. </critical_reminder>

<workflows_index>

<scripts_index>

<success_criteria> A working damage-control installation has:

• Hooks installed at chosen level (global/project/personal)
• patterns.yaml copied alongside hook scripts
• settings.json updated with PreToolUse hook configuration
• UV (or Bun) runtime installed
• Agent restarted to load hooks
• Verified with /hooks command showing damage-control hooks
• Tested with rm -rf /tmp/test (should be blocked) </success_criteria>