gstack: Full Safety Mode
Combines /careful (warns before destructive commands) and /freeze (locks edits to one directory) in a single command. Maximum safety for production work or high-stakes debugging.
What this skill does
Use this when the cost of a mistake is high — production databases, live deployments, shared infrastructure. One command activates both layers of protection.
name: guard version: 0.1.0 description: | Full safety mode: destructive command warnings + directory-scoped edits. Combines /careful (warns before rm -rf, DROP TABLE, force-push, etc.) with /freeze (blocks edits outside a specified directory). Use for maximum safety when touching prod or debugging live systems. Use when asked to “guard mode”, “full safety”, “lock it down”, or “maximum safety”. (gstack) allowed-tools:
- Bash
- Read
- AskUserQuestion
hooks:
PreToolUse:
- matcher: “Bash”
hooks:
- type: command command: “bash ${CLAUDE_SKILL_DIR}/../careful/bin/check-careful.sh” statusMessage: “Checking for destructive commands…”
- matcher: “Edit”
hooks:
- type: command command: “bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh” statusMessage: “Checking freeze boundary…”
- matcher: “Write”
hooks:
- type: command command: “bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh” statusMessage: “Checking freeze boundary…”
- matcher: “Bash”
hooks:
/guard — Full Safety Mode
Activates both destructive command warnings and directory-scoped edit restrictions.
This is the combination of /careful + /freeze in a single command.
Dependency note: This skill references hook scripts from the sibling /careful
and /freeze skill directories. Both must be installed (they are installed together
by the gstack setup script).
mkdir -p ~/.gstack/analytics
echo '{"skill":"guard","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || trueSetup
Ask the user which directory to restrict edits to. Use AskUserQuestion:
- Question: “Guard mode: which directory should edits be restricted to? Destructive command warnings are always on. Files outside the chosen path will be blocked from editing.”
- Text input (not multiple choice) — the user types a path.
Once the user provides a directory path:
- Resolve it to an absolute path:
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
echo "$FREEZE_DIR"- Ensure trailing slash and save to the freeze state file:
FREEZE_DIR="${FREEZE_DIR%/}/"
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
mkdir -p "$STATE_DIR"
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
echo "Freeze boundary set: $FREEZE_DIR"Tell the user:
- “Guard mode active. Two protections are now running:”
- “1. Destructive command warnings — rm -rf, DROP TABLE, force-push, etc. will warn before executing (you can override)”
- “2. Edit boundary — file edits restricted to
<path>/. Edits outside this directory are blocked.” - “To remove the edit boundary, run
/unfreeze. To deactivate everything, end the session.”
What’s protected
See /careful for the full list of destructive command patterns and safe exceptions.
See /freeze for how edit boundary enforcement works.
Install this Skill
Skills give your AI agent a consistent, structured approach to this task — better output than a one-off prompt.
git clone --single-branch --depth 1 https://github.com/garrytan/gstack.git ~/.claude/skills/gstack && cd ~/.claude/skills/gstack && ./setup Community skill by @garrytan. Need a walkthrough? See the install guide →
Installs the full gstack bundle — all 33 skills — into ~/.claude/skills/gstack/. Works with Claude Code, Codex CLI, and Gemini CLI.
Works with
Prefer no terminal? Download the ZIP and place it manually.
Details
- Category
- Development
- License
- MIT
- Author
- @garrytan
- Source
- GitHub →
- Source file
-
show path
guard/SKILL.md