Skip to main content
This guide gets CC Safety Net running and verified in your AI coding agent in under 5 minutes. By the end you’ll have the hook installed, confirmed working, and you’ll have seen a real blocked command with your own eyes.
1

Install for Claude Code

Run these three commands inside Claude Code:
/plugin marketplace add kenryu42/cc-marketplace
/plugin install safety-net@cc-marketplace
/reload-plugins
Using a different agent? See the Installation page for Codex, Gemini CLI, GitHub Copilot CLI, Kimi CLI, OpenCode, and Pi instructions.
2

Verify the installation

Run the doctor command to confirm CC Safety Net is properly hooked in and blocking commands:
npx cc-safety-net doctor
The doctor command checks:
  • Hook Integration — the plugin is wired up for your agent
  • Self-Test — sample commands block and allow correctly
  • Configuration — any custom rules are valid
  • Environment — mode flags (CC_SAFETY_NET_STRICT, CC_SAFETY_NET_PARANOID, etc.) are reported
  • Recent Activity — a summary of blocked commands from the last 7 days
  • System Info — versions of Node.js and other relevant tools
  • Update Check — whether a newer version of CC Safety Net is available
A clean run prints a green checkmark next to each item. If anything fails, the output explains what went wrong and how to fix it.
3

Test command blocking

Ask your agent to run these two commands and observe the difference:
# Should be BLOCKED — discards uncommitted changes permanently
git checkout -- README.md

# Should be ALLOWED — creates a new branch, no data loss
git checkout -b test-branch
When CC Safety Net blocks the first command, your agent receives a structured block message (see below) and is instructed to ask you for explicit permission before trying anything similar again.
4

(Optional) Add a status line

CC Safety Net can display its current protection status directly in your agent’s status line, showing which mode is active at a glance. See the status line configuration page for setup instructions.

What a Block Looks Like

When CC Safety Net intercepts a destructive command, it returns a message like this to your agent: 
BLOCKED by CC Safety Net

Reason: git checkout -- discards uncommitted changes permanently. Use 'git stash' first.

Command: git checkout -- src/main.py

If this operation is truly needed, ask the user for explicit permission and have them run the command manually.
Your agent sees this message instead of executing the command. It will typically explain what happened, suggest a safer alternative, and ask you whether you want to proceed manually.

Next Steps

Explore Modes

Learn about Default, Strict, Paranoid, and Worktree modes and when to use each one.

Custom Rules

Define your own blocking rules at the project or user level to enforce team conventions.

Blocked Commands

Browse the full list of commands CC Safety Net blocks by default and the reasoning behind each.

How It Works

Go deeper on semantic command analysis, shell wrapper detection, and the hook lifecycle.