# CC Safety Net

> Documentation for CC Safety Net, a PreToolUse hook that intercepts and blocks destructive git and filesystem commands before AI coding agents run them using semantic analysis that pattern matching and sandboxing cannot match.

## Docs

- [CC Safety Net Custom Rules: Block Any Command Pattern](https://ccsafetynet.com/docs/configuration/custom-rules.md): Define project and user-level custom blocking rules in CC Safety Net using JSON config files. Block any command pattern with a custom reason message.
- [CC Safety Net Environment Variables](https://ccsafetynet.com/docs/configuration/environment.md): Complete reference for every CC Safety Net environment variable: protection modes, debug output, and config-directory overrides.
- [CC Safety Net Modes: Strict, Paranoid, and Worktree](https://ccsafetynet.com/docs/configuration/modes.md): Configure CC Safety Net's protection level with Strict, Paranoid, and Worktree modes. Set environment variables to tune behavior for your workflow.
- [CC Safety Net Status Line: Real-Time Mode Indicators](https://ccsafetynet.com/docs/configuration/status-line.md): Display CC Safety Net's active protection mode in Claude Code's status line using bunx, npx, or claude x. Pipe alongside any existing status line command.
- [Contributing to CC Safety Net](https://ccsafetynet.com/docs/contributing.md): How to contribute to CC Safety Net: development setup with Bun, the check command, local testing in Claude Code and OpenCode, and the pull request process.
- [How CC Safety Net Intercepts and Blocks Bash Commands](https://ccsafetynet.com/docs/guides/how-it-works.md): How CC Safety Net intercepts Bash commands, runs semantic analysis, detects shell wrappers, and returns block decisions before execution.
- [How CC Safety Net Integrates with Each Agent](https://ccsafetynet.com/docs/guides/integration-architecture.md): How CC Safety Net plugs into Claude Code, Codex, Copilot CLI, Gemini CLI, Kimi Code, OpenCode, and Pi — hook subprocesses, plugins, and the in-process Pi extension.
- [Troubleshooting CC Safety Net Installation and Behavior](https://ccsafetynet.com/docs/guides/troubleshooting.md): Fix common CC Safety Net issues: hook not firing, commands not blocked, false positives, custom rules not loading, and status line not showing.
- [CC Safety Net vs Claude Code Wildcard Permission Deny Rules](https://ccsafetynet.com/docs/guides/vs-permission-rules.md): Compare CC Safety Net's semantic analysis with Claude Code permission deny rules, and learn why combining both approaches gives the strongest protection.
- [CC Safety Net vs Claude Code OS-Level Native Sandboxing](https://ccsafetynet.com/docs/guides/vs-sandboxing.md): Compare CC Safety Net with Claude Code native sandboxing. They defend against different threats — use both together for complete defense-in-depth.
- [Install CC Safety Net for Your AI Coding Agent](https://ccsafetynet.com/docs/installation.md): Step-by-step installation instructions for CC Safety Net across Claude Code, Codex, Gemini CLI, GitHub Copilot CLI, Kimi Code, OpenCode, and Pi. Requires Node.js 18 or higher.
- [What Is CC Safety Net and Why You Need It](https://ccsafetynet.com/docs/introduction.md): CC Safety Net catches destructive git and filesystem commands before AI agents run them, using semantic analysis that pattern matching and sandboxing can't match.
- [Get Started with CC Safety Net](https://ccsafetynet.com/docs/quickstart.md): Install CC Safety Net for any supported agent, verify it's working, and see a real blocked command. Works with Claude Code, Codex, Gemini CLI, GitHub Copilot CLI, Kimi Code, OpenCode, and Pi.
- [Commands Allowed Through by CC Safety Net](https://ccsafetynet.com/docs/reference/allowed-commands.md): Git and filesystem commands CC Safety Net explicitly allows. Safe variants of dangerous commands are recognized and permitted by the semantic analyzer.
- [CC Safety Net Audit Log Reference](https://ccsafetynet.com/docs/reference/audit-log.md): Reference for CC Safety Net's audit log: file location, JSONL entry schema, what gets logged, and the full secret-redaction scope.
- [Commands Blocked by CC Safety Net](https://ccsafetynet.com/docs/reference/blocked-commands.md): Complete reference of git, rm, find, and xargs commands that CC Safety Net blocks by default, with the reason each command is considered destructive.
- [CC Safety Net CLI Commands Reference](https://ccsafetynet.com/docs/reference/cli-commands.md): Reference for all CC Safety Net CLI commands: doctor for diagnostics, explain for command tracing, statusline for Claude Code, hook for Kimi Code install, and rule for rulebook management.
- [CC Safety Net Security Policy](https://ccsafetynet.com/docs/security.md): How to report a security vulnerability in CC Safety Net, what counts as a security issue, supported versions, and response expectations.