Skip to content

Enhanced File Removal Prevention in pre_tool_use Hook#4

Open
qdhenry wants to merge 2 commits intodisler:mainfrom
qdhenry:enhance-file-removal-prevention
Open

Enhanced File Removal Prevention in pre_tool_use Hook#4
qdhenry wants to merge 2 commits intodisler:mainfrom
qdhenry:enhance-file-removal-prevention

Conversation

@qdhenry
Copy link

@qdhenry qdhenry commented Aug 15, 2025
edited
Loading

Summary

This PR enhances the pre_tool_use.py hook to provide intelligent file removal prevention that allows safe operations within the current working directory while protecting system files.

Key Changes

1. Smart Deletion Logic

  • Allows deletion of files/folders within the current working directory (CWD)
  • Blocks deletion of protected system paths regardless of location
  • Blocks deletion of files outside the CWD

2. New Helper Functions

  • is_within_cwd(path) - Checks if a path is within the current working directory
  • extract_target_paths(command) - Extracts all target paths from removal commands

3. Improved Pattern Detection

The hook detects various removal methods:

  • Standard rm commands (with any flags)
  • Directory removal (rmdir)
  • Alternative deletion tools
  • Move operations to trash locations
  • Find commands with delete flags

4. Better Error Messages

  • Clear indication when blocking protected system paths
  • Clear indication when blocking paths outside CWD
  • Shows current working directory for context

Configuration

Users can customize protected paths via the CLAUDE_PROTECTED_PATHS environment variable with colon-separated paths.

Testing

All scenarios tested successfully:

  • ✅ Deletion within CWD - ALLOWED
  • ✅ Deletion outside CWD - BLOCKED
  • ✅ Deletion of protected paths - BLOCKED
  • ✅ Clear error messages for each scenario

Impact

This change provides a better balance between safety and usability:

  • Developers can work freely within their project directories
  • System files remain protected
  • Accidental deletions outside the current project are prevented

qdhenry added 2 commits August 15, 2025 13:10
@qdhenry
feat: enhance file removal prevention in pre_tool_use hook
2822d3c 
- Expand command detection to catch alternative removal methods
- Add protected path system with configurable paths via env var
- Improve user feedback with context-specific error messages
- Block workarounds and alternative deletion methods
@qdhenry
fix: allow deletions within current working directory
25707cf 
- Add logic to check if paths are within CWD
- Allow deletion of any files/folders within CWD (unless protected)
- Block deletions outside CWD or in protected system paths
- Improve error messages to distinguish between different block reasons
@qdhenry
Copy link
Author

qdhenry commented Aug 15, 2025
edited
Loading

@disler , For context, I wanted to borrow this hook you published previously for a project I am working on. However, when I ran some tests, I realized Claude had snuck around the hook and moved the directory on my home path straight to the trash can using the mv command, so seeing that I wanted to add some additional guards to prevent this.

I'm super grateful for your YouTube channel and the projects you share, brother! Keep up the fantastic work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@qdhenry