Skip to main content
Source: command-blacklist/ This example uses a PreToolUse hook to intercept terminal commands before they execute. When the agent tries to run a blocked pattern, the hook returns exit code 2 to deny it and provides a message explaining why. The blacklist approach: block known-dangerous patterns, allow everything else.

What Gets Blocked

The rm -rf and chmod 777 rules only fire on system directories. Deleting /tmp/my-output or your project directory is intentionally allowed. Use the curl … | bash demo to see a block in action.

How It Works

A PreToolUse hook script reads the tool invocation JSON from stdin, checks the command against patterns, and either exits 0 (allow) or exits 2 with a JSON denial message:
hooks/hooks.json (inline shell script)
The hook lives inside a plugin in safety-guardian/, which you load via the REST API or a launch badge.

Try It

Use the Load a Plugin example to load the plugin and test it:
The hook intercepts the command and blocks it before execution.

Blacklist vs. Whitelist

See Command Whitelist for the opposite approach.

Why Inline Shell, Not an External Script

Hook scripts in plugins run with the working directory set to the agent’s workspace, not the plugin directory. There’s no path variable for the plugin root, so a relative script path like hooks/scripts/check.sh won’t resolve at runtime. The solution is to inline the shell script directly in hooks.json as a POSIX-sh command value.

See Also

  • Command Whitelist — Allow only an explicit list of approved commands
  • Workspace Isolation — Prevent the agent from navigating or writing outside an assigned directory
  • Hooks — Full hooks documentation