Skip to main content
CC Safety Net blocks these commands because they can permanently destroy data — uncommitted changes, stashed work, or remote history. The list below covers the default built-in rules; custom rules can extend this list.

Git Commands

Command PatternWhy It’s Blocked
git checkout -- <files>Discards uncommitted changes permanently
git checkout <ref> -- <path>Overwrites working tree with ref version
git checkout <ref> <path>May overwrite working tree when Git disambiguates ref vs pathspec
git restore <files>Discards uncommitted changes
git restore --worktreeExplicitly discards working tree changes
git switch --discard-changesDiscards uncommitted changes when switching branches
git switch --force / -fDiscards uncommitted changes (force switch)
git reset --hardDestroys all uncommitted changes
git reset --mergeCan lose uncommitted changes
git clean -fRemoves untracked files permanently
git push --force / -fDestroys remote history
git branch -DForce-deletes branch without merge check
git stash dropPermanently deletes stashed changes
git stash clearDeletes ALL stashed changes
git worktree remove --forceForce-deletes worktree without checking for changes

Filesystem Commands

Command PatternWhy It’s Blocked
rm -rf (destructive targets)Recursive deletion of root, home, parent, absolute, or non-temp paths outside cwd
rm -rf / or ~ or $HOMERoot/home deletion is extremely dangerous
find ... -deletePermanently removes files matching criteria
xargs rm -rfDynamic input makes targets unpredictable
xargs <shell> -cCan execute arbitrary commands
parallel rm -rfDynamic input makes targets unpredictable
parallel <shell> -cCan execute arbitrary commands
dd writing to block devicesCan overwrite disks or partitions
mkfs on block devicesFormats disks or partitions
shredPermanently destroys file contents

Shell Wrappers and Interpreter One-Liners

Commands wrapped in shell interpreters like bash -c or sh -c are also blocked. CC Safety Net recursively analyzes nested wrappers up to 10 levels deep, so there is no bypass through indirection. With CC_SAFETY_NET_PARANOID_INTERPRETERS=1, interpreter one-liners — including python -c, node -e, ruby -e, and perl -e — are blocked as well, since they can hide destructive operations behind a language runtime. 
bash -c 'git reset --hard'                       # Blocked
sh -lc 'rm -rf /'                                # Blocked
python -c 'import os; os.system("rm -rf /")'     # Blocked (with CC_SAFETY_NET_PARANOID_INTERPRETERS)
The explain command lets you trace exactly why CC Safety Net blocks or allows any specific command. See the CLI Commands reference.