🧊

gstack: Edit Scope Lock

Restricts all file edits to a single directory for the session. Blocks Edit and Write operations outside the allowed path — prevents accidentally changing unrelated code while debugging.

by @garrytan · MIT · 63.2k New
Built for: Developers devops

What this skill does

Use this when debugging a specific module and you don't want Claude touching anything else. It enforces the scope so a debug session doesn't become an unplanned refactor.

@garrytan · Development
view on github ↗

name: freeze version: 0.1.0 description: | Restrict file edits to a specific directory for the session. Blocks Edit and Write outside the allowed path. Use when debugging to prevent accidentally “fixing” unrelated code, or when you want to scope changes to one module. Use when asked to “freeze”, “restrict edits”, “only edit this folder”, or “lock down edits”. (gstack) allowed-tools:

  • Bash
  • Read
  • AskUserQuestion hooks: PreToolUse:
    • matcher: “Edit” hooks:
      • type: command command: “bash ${CLAUDE_SKILL_DIR}/bin/check-freeze.sh” statusMessage: “Checking freeze boundary…”
    • matcher: “Write” hooks:
      • type: command command: “bash ${CLAUDE_SKILL_DIR}/bin/check-freeze.sh” statusMessage: “Checking freeze boundary…”

/freeze — Restrict Edits to a Directory

Lock file edits to a specific directory. Any Edit or Write operation targeting a file outside the allowed path will be blocked (not just warned).

mkdir -p ~/.gstack/analytics
echo '{"skill":"freeze","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}'  >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true

Setup

Ask the user which directory to restrict edits to. Use AskUserQuestion:

  • Question: “Which directory should I restrict edits to? Files outside this path will be blocked from editing.”
  • Text input (not multiple choice) — the user types a path.

Once the user provides a directory path:

  1. Resolve it to an absolute path:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
echo "$FREEZE_DIR"
  1. Ensure trailing slash and save to the freeze state file:
FREEZE_DIR="${FREEZE_DIR%/}/"
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
echo "Freeze boundary set: $FREEZE_DIR"

Tell the user: “Edits are now restricted to <path>/. Any Edit or Write outside this directory will be blocked. To change the boundary, run /freeze again. To remove it, run /unfreeze or end the session.”

How it works

The hook reads file_path from the Edit/Write tool input JSON, then checks whether the path starts with the freeze directory. If not, it returns permissionDecision: "deny" to block the operation.

The freeze boundary persists for the session via the state file. The hook script reads it on every Edit/Write invocation.

Notes

  • The trailing / on the freeze directory prevents /src from matching /src-old
  • Freeze applies to Edit and Write tools only — Read, Bash, Glob, Grep are unaffected
  • This prevents accidental edits, not a security boundary — Bash commands like sed can still modify files outside the boundary
  • To deactivate, run /unfreeze or end the conversation

Install this Skill

Skills give your AI agent a consistent, structured approach to this task — better output than a one-off prompt.

git clone --single-branch --depth 1 https://github.com/garrytan/gstack.git ~/.claude/skills/gstack && cd ~/.claude/skills/gstack && ./setup
Download ZIP

Community skill by @garrytan. Need a walkthrough? See the install guide →

Installs the full gstack bundle — all 33 skills — into ~/.claude/skills/gstack/. Works with Claude Code, Codex CLI, and Gemini CLI.

Works with

Claude Code OpenAI Codex CLI Gemini CLI

Prefer no terminal? Download the ZIP and place it manually.

Details

Category
Development
License
MIT
Author
@garrytan
Source
GitHub →
Source file
show path freeze/SKILL.md
View raw SKILL.md
gstack safety debugging