Skip to main content
CC Safety Net provides CLI commands for diagnostics, command analysis, status line output, hook installation, and rulebook management. Run them with npx cc-safety-net or bunx cc-safety-net.

doctor

The doctor command runs a full health check of your CC Safety Net installation and prints a summary of what it finds. 
npx cc-safety-net doctor
bunx cc-safety-net doctor
CheckDescription
Hook IntegrationVerifies the plugin is properly configured for each supported platform
Self-TestRuns sample commands to confirm blocking works correctly
ConfigurationValidates custom rules in user and project configs
EnvironmentShows status of mode flags (CC_SAFETY_NET_STRICT, CC_SAFETY_NET_PARANOID, etc.; legacy SAFETY_NET_* also listed when set)
Recent ActivitySummarizes blocked commands from the last 7 days
System InfoDisplays versions of all relevant tools
Update CheckChecks if a newer version is available
Flags:
FlagDescription
--jsonOutput in JSON format (useful for sharing in bug reports)
--skip-update-checkSkip the npm version check

explain

The explain command traces how CC Safety Net analyzes a command step-by-step. Use it to debug why a command is blocked or allowed, or to understand how a custom rule applies. 
npx cc-safety-net explain "git reset --hard"
bunx cc-safety-net explain "git reset --hard"
Flags:
FlagDescription
--jsonOutput the analysis as JSON
--cwd <path>Use a custom working directory for analysis
Examples: 
npx cc-safety-net explain "rm -rf /"
npx cc-safety-net explain --json "git checkout -- file.txt"
npx cc-safety-net explain --cwd /tmp "git status"

statusline

The statusline command outputs CC Safety Net’s current status in a format suitable for your agent’s status line. It shows whether protection is active and which modes are enabled. 
bunx cc-safety-net statusline --claude-code
npx -y cc-safety-net statusline --claude-code
See the Status Line configuration page for setup instructions.

hook install

Install CC Safety Net’s PreToolUse hook directly into a supported agent’s config: 
npx -y cc-safety-net hook install --kimi-cli
Use the appropriate flag for your agent (e.g., --kimi-cli). See Installation for the recommended approach per agent.

rule

The rule command manages rulebook-based custom rules. See Custom Rules for the full authoring guide.

rule init

Create a starter project rule config and rulebook in the current directory: 
npx -y cc-safety-net rule init
Use --global to create the user-scope config at ~/.cc-safety-net/rules/rule.json instead: 
npx -y cc-safety-net rule init --global

rule sync

Rebuild the lock and cache for configured rulebook sources. Run after adding or changing entries in rule.json: 
npx -y cc-safety-net rule sync

rule verify

Validate the structure of all active rulebooks and rule definitions. Use this in CI or whenever you edit a rulebook by hand: 
npx -y cc-safety-net rule verify
Returns exit code 0 if everything is valid, or non-zero if errors are found.

rule test

Run every fixture defined in every active rulebook and confirm rules block and allow as expected: 
npx -y cc-safety-net rule test

rule migrate

Convert legacy inline config files (.safety-net.json, ~/.cc-safety-net/config.json) into the new rulebook layout: 
npx -y cc-safety-net rule migrate
Use --cleanup to delete the legacy files after the migrated rules are verified: 
npx -y cc-safety-net rule migrate --cleanup

rule doc

Print a machine-readable document describing the rulebook schema. Pipe the output to your agent to let it help author or validate rulebooks interactively: 
npx -y cc-safety-net rule doc

—version and —help

You can check the installed version or get usage information at any time. The --version flag has a -V short alias, and --help has a -h short alias. 
npx cc-safety-net --version
npx cc-safety-net -V
npx cc-safety-net --help
npx cc-safety-net -h
Use help <command> or <command> --help to see usage for a specific subcommand: 
npx cc-safety-net help explain
npx cc-safety-net explain --help
npx cc-safety-net help doctor