guard
- 信任分
- 92/100
- 兼容 Agent
- 1
- 领域
- 通用
- 兼容 Agent
- Claude Code
- 信任分
- 92 / 100 · 已通过审计
- 作者 / 版本 / 许可
- @garrytan · v0.1.0 · 未声明 license
- 安装命令数
- 1 条
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
想读作者英文原文? ↓ 滚到正文区切换 · 在 GitHub 查看 ↗
设计思路
guard 是 careful + freeze 的「双保险一键启用」——同时打开「危险命令拦截」和「编辑路径围栏」。作者特地在 SKILL 里点出依赖:guard 引用了 careful 和 freeze 兄弟目录里的 hook 脚本,两者必须同时安装(gstack setup 脚本会一起装上)。
准备工作
通过 AskUserQuestion 让用户输入要锁的目录(文本输入,不是单选):
"Guard mode: which directory should edits be restricted to? Destructive command warnings are always on. Files outside the chosen path will be blocked from editing."
确定路径后:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
FREEZE_DIR="${FREEZE_DIR%/}/"
eval "$(~/.claude/skills/gstack/bin/gstack-paths)"
STATE_DIR="$GSTACK_STATE_ROOT"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"回执给用户:
Guard mode active. Two protections are now running:
- Destructive command warnings —
rm -rf、DROP TABLE、force-push 等执行前会警告(可 override)。- Edit boundary — 文件编辑限制在
<path>/,越界 block。解除编辑围栏跑
/unfreeze;要全部停就结束 session。
受保护的范围
- 危险命令清单见
careful - 编辑围栏机制见
freeze
guard 不发明新规则,只是把这两套硬规则同时启动;适合「我要让 agent 帮我改这一块、其他都别动、危险命令都先问我」这类场景。
适合谁
- 让 agent 自动跑、但希望最严防呆的工程师
- 给客户机器 / 实习生用 agent,想叠加最高保护
- 涉及生产代码的修复任务
何时不该用
- 大重构需要跨目录改——guard 会把围栏当成束缚
- sandbox / 容器内本身已隔离,叠加反而干扰
配套
careful(危险命令层)、freeze(路径围栏层)、unfreeze(解除围栏)、git-guardrails-claude-code(git 命令层);按需选层叠加。
/guard — Full Safety Mode
Activates both destructive command warnings and directory-scoped edit restrictions.
This is the combination of /careful + /freeze in a single command.
Dependency note: This skill references hook scripts from the sibling /careful
and /freeze skill directories. Both must be installed (they are installed together
by the gstack setup script).
mkdir -p ~/.gstack/analytics
echo '{"skill":"guard","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || trueSetup
Ask the user which directory to restrict edits to. Use AskUserQuestion:
- Question: "Guard mode: which directory should edits be restricted to? Destructive command warnings are always on. Files outside the chosen path will be blocked from editing."
- Text input (not multiple choice) — the user types a path.
Once the user provides a directory path:
- Resolve it to an absolute path:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
echo "$FREEZE_DIR"- Ensure trailing slash and save to the freeze state file:
FREEZE_DIR="${FREEZE_DIR%/}/"
eval "$(~/.claude/skills/gstack/bin/gstack-paths)"
STATE_DIR="$GSTACK_STATE_ROOT"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
echo "Freeze boundary set: $FREEZE_DIR"Tell the user:
- "Guard mode active. Two protections are now running:"
- "1. Destructive command warnings — rm -rf, DROP TABLE, force-push, etc. will warn before executing (you can override)"
- "2. Edit boundary — file edits restricted to
<path>/. Edits outside this directory are blocked." - "To remove the edit boundary, run
/unfreeze. To deactivate everything, end the session."
What's protected
See /careful for the full list of destructive command patterns and safe exceptions.
See /freeze for how edit boundary enforcement works.