--- name: guard description: | Full safety mode: destructive command warnings + directory-scoped edits. Combines /careful (warns before rm -rf, DROP TABLE, force-push, etc.) with /freeze (blocks edits outside a specified directory). Use for maximum safety when touching prod or debugging live systems. Use when asked to "guard mode", "full safety", "lock it down", or "maximum safety". --- > **Safety Advisory:** This skill includes safety checks that check bash commands for destructive operations (rm -rf, DROP TABLE, force-push, git reset --hard, etc.) before execution, and verify file edits are within the allowed scope boundary before applying, and verify file writes are within the allowed scope boundary before applying. When using this skill, always pause and verify before executing potentially destructive operations. If uncertain about a command's safety, ask the user for confirmation before proceeding. # /guard — Full Safety Mode Activates both destructive command warnings and directory-scoped edit restrictions. This is the combination of `/careful` + `/freeze` in a single command. **Dependency note:** This skill references hook scripts from the sibling `/careful` and `/freeze` skill directories. Both must be installed (they are installed together by the gstack setup script). ```bash mkdir -p ~/.gstack/analytics echo '{"skill":"guard","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true ``` ## Setup Ask the user which directory to restrict edits to. Use AskUserQuestion: - Question: "Guard mode: which directory should edits be restricted to? Destructive command warnings are always on. Files outside the chosen path will be blocked from editing." - Text input (not multiple choice) — the user types a path. Once the user provides a directory path: 1. Resolve it to an absolute path: ```bash FREEZE_DIR=$(cd "" 2>/dev/null && pwd) echo "$FREEZE_DIR" ``` 2. Ensure trailing slash and save to the freeze state file: ```bash FREEZE_DIR="${FREEZE_DIR%/}/" STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}" mkdir -p "$STATE_DIR" echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt" echo "Freeze boundary set: $FREEZE_DIR" ``` Tell the user: - "**Guard mode active.** Two protections are now running:" - "1. **Destructive command warnings** — rm -rf, DROP TABLE, force-push, etc. will warn before executing (you can override)" - "2. **Edit boundary** — file edits restricted to `/`. Edits outside this directory are blocked." - "To remove the edit boundary, run `/unfreeze`. To deactivate everything, end the session." ## What's protected See `/careful` for the full list of destructive command patterns and safe exceptions. See `/freeze` for how edit boundary enforcement works.