claude-guardrails-rg 1.0.0

package/README.md

@@ -0,0 +1,104 @@
+# claude-guardrails
+
+Automatic irreversibility guardrails for [Claude Code](https://claude.ai/code) — blocks destructive shell commands and dangerous file writes **before they execute**, on any OS.
+
+## Install
+
+```bash
+npm install -g claude-guardrails
+```
+
+The installer will ask where to apply the guardrails:
+
+```
+🛡️  Claude Code Guardrails Installer
+
+  [G] Global  — protects all projects  (~/.claude/settings.json)
+  [L] Local   — protects this project  (./.claude/settings.json)
+
+Where do you want to install? [G/l]:
+```
+
+Press `Enter` to install globally (recommended), or type `l` for the current project only.
+
+## Uninstall
+
+```bash
+npm uninstall -g claude-guardrails
+```
+
+The uninstaller asks the same question and removes only the guardrail entries — all other hooks and settings are left untouched.
+
+---
+
+## What gets blocked
+
+### Bash commands
+
+| Category | Blocked patterns |
+|---|---|
+| **Filesystem** | `rm -rf`, `dd if=`, redirect to block device (`> /dev/sdX`) |
+| **SQL DDL** | `DROP TABLE`, `DROP DATABASE`, `DROP SCHEMA`, `DROP INDEX`, `TRUNCATE TABLE` |
+| **Python ORM / CLI** | `drop_all()`, `drop_table()`, `flask drop`, `flask db downgrade`, `alembic downgrade`, `manage.py flush` |
+| **Database CLIs** | `psql -c DROP`, `mysql -e DROP`, `mysqladmin drop`, `mongo --eval drop`, `redis-cli FLUSHALL/FLUSHDB` |
+| **JS/TS DB CLIs** | `prisma migrate reset`, `sequelize db:drop`, `knex migrate:rollback --all`, `heroku pg:reset` |
+| **Cloud / Infra** | `terraform destroy`, `aws s3 rm --recursive`, `aws s3 rb`, `gcloud delete --quiet`, `kubectl delete namespace/all` |
+| **Git** | `git reset --hard`, `git push --force`, `git clean -f`, `git branch -D`, `git checkout --` |
+| **Process** | `kill -9`, `pkill -9` |
+
+### File writes — `.py` `.js` `.ts` `.jsx` `.tsx` `.sh` `.sql`
+
+| Category | Blocked patterns |
+|---|---|
+| **SQL DDL** | `DROP TABLE`, `DROP DATABASE`, `DROP SCHEMA`, `DROP INDEX`, `DROP VIEW`, `DROP SEQUENCE`, `TRUNCATE TABLE`, `DELETE FROM` without `WHERE` |
+| **SQLAlchemy** | `drop_all()`, `metadata.drop_all()`, `drop_table()`, `__table__.drop()` |
+| **Alembic** | `op.drop_table()`, `op.drop_column()`, `op.drop_index()`, `op.drop_constraint()` |
+| **Sequelize / Knex** | `queryInterface.dropTable()`, `queryInterface.dropAllTables()`, `.dropTable()`, `.dropTableIfExists()`, `schema.dropTable()` |
+| **TypeORM** | `.dropDatabase()`, `synchronize(true)` |
+| **MongoDB / Mongoose** | `collection.drop()`, `Model.collection.drop()`, `db.dropDatabase()`, `mongoose.connection.dropDatabase()`, `mongoose.connection.dropCollection()` |
+| **Prisma** | `$executeRaw` with DROP, `migrate reset` |
+| **Filesystem** | `shutil.rmtree()`, `rm -rf`, `fs.rmSync({recursive:true})`, `fs.rmdirSync({recursive:true})`, `rimraf()` |
+| **Git** | `git reset --hard`, `git push --force`, `git clean -f` |
+
+---
+
+## How it works
+
+On install, two scanner scripts are copied into your `.claude/hooks/` directory and registered in `settings.json` as `PreToolUse` hooks:
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [{ "type": "command", "command": "node ~/.claude/hooks/scan_file_content.mjs" }]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [{ "type": "command", "command": "node ~/.claude/hooks/scan_bash_command.mjs" }]
+      }
+    ]
+  }
+}
+```
+
+Before every `Bash`, `Write`, or `Edit` tool call, Claude Code pipes the tool input JSON to the relevant scanner via stdin. If a dangerous pattern matches, the scanner exits with code `2` — Claude Code treats this as a block and shows the error in the terminal. The AI cannot proceed until you manually intervene.
+
+**Safe to re-run** — install is idempotent and merges with any hooks you already have. It will never duplicate or overwrite existing entries.
+
+---
+
+## Compatibility
+
+- Node.js 18+
+- macOS, Linux, Windows
+- No third-party dependencies
+
+## Manual install (if npm scripts are disabled)
+
+Some CI or locked-down environments block npm lifecycle scripts. Run the installer directly:
+
+```bash
+node $(npm root -g)/claude-guardrails/bin/install.js
+```

package/bin/install.js

@@ -0,0 +1,102 @@
+#!/usr/bin/env node
+
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import readline from 'readline';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+// Forward slashes required inside JSON command strings on all platforms
+const toUnixPath = (p) => p.split(path.sep).join('/');
+
+function ask(question) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise(resolve => rl.question(question, ans => { rl.close(); resolve(ans.trim().toLowerCase()); }));
+}
+
+function applyHooks(claudeDir, hooksDir, settingsFile) {
+  if (!fs.existsSync(hooksDir)) {
+    fs.mkdirSync(hooksDir, { recursive: true });
+  }
+
+  fs.copyFileSync(
+    path.join(__dirname, 'scan_bash_command.mjs'),
+    path.join(hooksDir, 'scan_bash_command.mjs')
+  );
+  fs.copyFileSync(
+    path.join(__dirname, 'scan_file_content.mjs'),
+    path.join(hooksDir, 'scan_file_content.mjs')
+  );
+
+  let settings = {};
+  if (fs.existsSync(settingsFile)) {
+    try {
+      settings = JSON.parse(fs.readFileSync(settingsFile, 'utf8'));
+    } catch (e) {
+      console.error(`❌ ${settingsFile} exists but could not be parsed as JSON.`);
+      console.error('   Fix it manually, then re-run the installer.');
+      process.exit(1);
+    }
+  }
+
+  const scanFileCmd = `node "${toUnixPath(path.join(hooksDir, 'scan_file_content.mjs'))}"`;
+  const scanBashCmd = `node "${toUnixPath(path.join(hooksDir, 'scan_bash_command.mjs'))}"`;
+
+  const GUARDRAILS = [
+    { matcher: 'Write|Edit', hooks: [{ type: 'command', command: scanFileCmd }], _fp: 'scan_file_content.mjs' },
+    { matcher: 'Bash',       hooks: [{ type: 'command', command: scanBashCmd }], _fp: 'scan_bash_command.mjs' },
+  ];
+
+  if (!settings.hooks) settings.hooks = {};
+  const existing = Array.isArray(settings.hooks.PreToolUse) ? settings.hooks.PreToolUse : [];
+
+  for (const g of GUARDRAILS) {
+    const present = existing.some(e =>
+      Array.isArray(e.hooks) &&
+      e.hooks.some(h => typeof h.command === 'string' && h.command.includes(g._fp))
+    );
+    if (!present) {
+      const { _fp, ...entry } = g;
+      existing.push(entry);
+    }
+  }
+  settings.hooks.PreToolUse = existing;
+
+  const tmp = settingsFile + '.tmp';
+  fs.writeFileSync(tmp, JSON.stringify(settings, null, 2), 'utf8');
+  try {
+    fs.renameSync(tmp, settingsFile);
+  } catch {
+    fs.copyFileSync(tmp, settingsFile);
+    fs.unlinkSync(tmp);
+  }
+}
+
+async function main() {
+  console.log('🛡️  Claude Code Guardrails Installer\n');
+  console.log('  [G] Global  — protects all projects  (~/.claude/settings.json)');
+  console.log('  [L] Local   — protects this project  (./.claude/settings.json)\n');
+
+  const answer = await ask('Where do you want to install? [G/l]: ');
+  const isLocal = answer === 'l' || answer === 'local';
+
+  const claudeDir    = isLocal ? path.join(process.cwd(), '.claude')       : path.join(os.homedir(), '.claude');
+  const hooksDir     = path.join(claudeDir, 'hooks');
+  const settingsFile = path.join(claudeDir, 'settings.json');
+
+  const label = isLocal ? `local project (.claude/)` : `global (~/.claude/)`;
+
+  try {
+    applyHooks(claudeDir, hooksDir, settingsFile);
+    console.log(`\n✅ Guardrails installed ${label}`);
+    console.log(`   Settings: ${settingsFile}`);
+    console.log(`   Hooks:    ${hooksDir}`);
+  } catch (err) {
+    console.error('❌ Failed to install guardrails:', err.message);
+    process.exit(1);
+  }
+}
+
+main();

package/bin/scan_bash_command.mjs

@@ -0,0 +1,129 @@
+import fs from 'fs';
+
+// 1. Read the JSON input from Claude via stdin
+let input = '';
+try {
+  input = fs.readFileSync(0, 'utf-8');
+} catch (e) {
+  process.exit(0);
+}
+
+// 2. Parse out the targeted bash command string
+let command = '';
+try {
+  const data = JSON.parse(input);
+  command = data.tool_input?.command || '';
+} catch (e) {
+  process.exit(0);
+}
+
+let blockedReason = '';
+
+// --- Filesystem ---
+if (/rm\s+-[a-zA-Z]*rf?|rm\s+-[a-zA-Z]*f[a-zA-Z]*r/.test(command)) {
+  blockedReason = 'rm -rf — recursive force delete';
+} else if (/\bdd\s+if=/.test(command)) {
+  blockedReason = 'dd — raw disk write/wipe';
+} else if (/>\s*\/dev\/sd[a-z]/.test(command)) {
+  blockedReason = 'redirect to block device — disk overwrite';
+}
+
+// --- SQL DDL via shell ---
+else if (/\bDROP\s+TABLE\b/i.test(command)) {
+  blockedReason = 'DROP TABLE via shell';
+} else if (/\bDROP\s+DATABASE\b/i.test(command)) {
+  blockedReason = 'DROP DATABASE via shell';
+} else if (/\bDROP\s+SCHEMA\b/i.test(command)) {
+  blockedReason = 'DROP SCHEMA via shell';
+} else if (/\bDROP\s+INDEX\b/i.test(command)) {
+  blockedReason = 'DROP INDEX via shell';
+} else if (/\bTRUNCATE\s+TABLE\b/i.test(command)) {
+  blockedReason = 'TRUNCATE TABLE via shell';
+}
+
+// --- Python ORM / DB CLI ---
+else if (/python.*drop_all/i.test(command)) {
+  blockedReason = 'drop_all() via python shell';
+} else if (/python.*drop_table/i.test(command)) {
+  blockedReason = 'drop_table() via python shell';
+} else if (/flask\s+(db\s+)?drop/i.test(command)) {
+  blockedReason = 'flask drop command';
+} else if (/flask\s+db\s+downgrade/i.test(command)) {
+  blockedReason = 'flask db downgrade — rolls back migrations destructively';
+} else if (/alembic\s+downgrade/i.test(command)) {
+  blockedReason = 'alembic downgrade — rolls back migrations';
+} else if (/django.*flush/i.test(command) || /manage\.py\s+flush/.test(command)) {
+  blockedReason = 'manage.py flush — wipes all data from the database';
+} else if (/manage\.py\s+migrate.*--fake-initial/.test(command)) {
+  blockedReason = 'migrate --fake-initial — can lead to data loss';
+}
+
+// --- Database CLI tools ---
+else if (/psql\b.*-c\s+['"]?\s*DROP/i.test(command)) {
+  blockedReason = 'psql -c DROP — executing DROP statement via psql';
+} else if (/mysql\b.*-e\s+['"]?\s*DROP/i.test(command)) {
+  blockedReason = 'mysql -e DROP — executing DROP statement via mysql CLI';
+} else if (/mysqladmin\s+drop/i.test(command)) {
+  blockedReason = 'mysqladmin drop — drops a MySQL database';
+} else if (/mongo\b.*--eval.*drop/i.test(command)) {
+  blockedReason = 'mongo --eval drop — dropping via mongo shell';
+} else if (/mongodrop|mongoexport.*--drop/i.test(command)) {
+  blockedReason = 'mongo drop flag — drops target before import';
+} else if (/redis-cli\s+(FLUSHALL|FLUSHDB)/i.test(command)) {
+  blockedReason = 'redis-cli FLUSHALL/FLUSHDB — wipes Redis data';
+} else if (/npx\s+prisma\s+migrate\s+reset/i.test(command)) {
+  blockedReason = 'prisma migrate reset — wipes and recreates the database';
+} else if (/npx\s+sequelize.*db:drop/i.test(command)) {
+  blockedReason = 'sequelize db:drop — drops the database';
+} else if (/knex\s+migrate:rollback.*--all/i.test(command)) {
+  blockedReason = 'knex migrate:rollback --all — rolls back all migrations';
+} else if (/heroku\s+pg:reset/i.test(command)) {
+  blockedReason = 'heroku pg:reset — resets the Heroku Postgres database';
+}
+
+// --- Cloud / Infrastructure ---
+else if (/terraform\s+destroy/i.test(command)) {
+  blockedReason = 'terraform destroy — destroys all managed infrastructure';
+} else if (/aws\s+s3\s+rm\b.*--recursive/i.test(command)) {
+  blockedReason = 'aws s3 rm --recursive — bulk-deletes S3 objects';
+} else if (/aws\s+s3\s+rb\b/i.test(command)) {
+  blockedReason = 'aws s3 rb — removes an S3 bucket';
+} else if (/gcloud.*delete/i.test(command) && /--quiet|-q/.test(command)) {
+  blockedReason = 'gcloud delete --quiet — silently deletes a cloud resource';
+} else if (/kubectl\s+delete\s+(namespace|all)\b/i.test(command)) {
+  blockedReason = 'kubectl delete namespace/all — deletes Kubernetes resources';
+}
+
+// --- Git ---
+else if (/git.*reset.*--hard/.test(command)) {
+  blockedReason = 'git reset --hard — discards all uncommitted changes';
+} else if (/git.*push.*--force|git.*push.*-f\b/.test(command)) {
+  blockedReason = 'git push --force — overwrites remote history';
+} else if (/git.*clean.*-f/.test(command)) {
+  blockedReason = 'git clean -f — permanently deletes untracked files';
+} else if (/git.*branch.*-D/.test(command)) {
+  blockedReason = 'git branch -D — force deletes a branch';
+} else if (/git.*checkout.*--/.test(command)) {
+  blockedReason = 'git checkout -- — discards file changes';
+}
+
+// --- Process ---
+else if (/kill\s+-9|pkill\s+-9/.test(command)) {
+  blockedReason = 'kill -9 — force kills a process';
+}
+
+// 3. Block and print error if triggered
+if (blockedReason) {
+  console.error('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+  console.error(`GUARDRAILS BLOCKED: ${blockedReason}`);
+  console.error('');
+  console.error(`Command: ${command}`);
+  console.error('');
+  console.error('This command is irreversible and cannot be run through');
+  console.error('Claude Code. You must execute it manually in a terminal');
+  console.error('to ensure full human intent and review.');
+  console.error('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+  process.exit(2);
+}
+
+process.exit(0);

package/bin/scan_file_content.mjs

@@ -0,0 +1,153 @@
+import fs from 'fs';
+import path from 'path';
+
+// 1. Read the JSON input from Claude via stdin
+let input = '';
+try {
+  input = fs.readFileSync(0, 'utf-8');
+} catch (e) {
+  process.exit(0);
+}
+
+// 2. Parse tool input details
+let file = '';
+let content = '';
+
+try {
+  const data = JSON.parse(input);
+  const toolInput = data.tool_input || {};
+  file = toolInput.file_path || '';
+  const fileContent = toolInput.content || '';
+  const editString = toolInput.new_string || '';
+  content = fileContent + editString;
+} catch (e) {
+  process.exit(0);
+}
+
+// 3. Only scan source/test files, skip lock files, binaries, etc.
+const allowedExtensions = ['.py', '.js', '.ts', '.jsx', '.tsx', '.sh', '.sql'];
+if (!allowedExtensions.includes(path.extname(file).toLowerCase())) {
+  process.exit(0);
+}
+
+let blockedReason = '';
+
+// --- SQL DDL ---
+if (/\bDROP\s+TABLE\b/i.test(content)) {
+  blockedReason = 'DROP TABLE — deletes a table and all its data';
+} else if (/\bDROP\s+DATABASE\b/i.test(content)) {
+  blockedReason = 'DROP DATABASE — deletes the entire database';
+} else if (/\bDROP\s+SCHEMA\b/i.test(content)) {
+  blockedReason = 'DROP SCHEMA — deletes a schema and everything in it';
+} else if (/\bDROP\s+INDEX\b/i.test(content)) {
+  blockedReason = 'DROP INDEX — removes an index';
+} else if (/\bDROP\s+VIEW\b/i.test(content)) {
+  blockedReason = 'DROP VIEW — removes a view';
+} else if (/\bDROP\s+SEQUENCE\b/i.test(content)) {
+  blockedReason = 'DROP SEQUENCE — removes a sequence';
+} else if (/\bTRUNCATE\s+TABLE\b/i.test(content)) {
+  blockedReason = 'TRUNCATE TABLE — deletes all rows permanently';
+} else if (/\bDELETE\s+FROM\b/i.test(content) && !/\bWHERE\b/i.test(content)) {
+  blockedReason = 'DELETE FROM without WHERE — deletes all rows';
+}
+
+// --- Python ORM / SQLAlchemy ---
+else if (/\bdrop_all\s*\(/i.test(content)) {
+  blockedReason = 'drop_all() — drops all ORM-managed tables';
+} else if (/metadata\.drop_all/i.test(content)) {
+  blockedReason = 'metadata.drop_all() — drops all tables';
+} else if (/\bdrop_table\s*\(/i.test(content)) {
+  blockedReason = 'drop_table() — drops a database table';
+} else if (/__table__\.drop\s*\(/i.test(content)) {
+  blockedReason = '__table__.drop() — drops the SQLAlchemy model table';
+}
+
+// --- Alembic migrations ---
+else if (/op\.drop_table\s*\(/i.test(content)) {
+  blockedReason = 'op.drop_table() — Alembic: drops a table in migration';
+} else if (/op\.drop_column\s*\(/i.test(content)) {
+  blockedReason = 'op.drop_column() — Alembic: removes a column and its data';
+} else if (/op\.drop_index\s*\(/i.test(content)) {
+  blockedReason = 'op.drop_index() — Alembic: removes an index';
+} else if (/op\.drop_constraint\s*\(/i.test(content)) {
+  blockedReason = 'op.drop_constraint() — Alembic: removes a constraint';
+}
+
+// --- Sequelize / Knex (JS/TS) ---
+else if (/queryInterface\.dropTable\s*\(/i.test(content)) {
+  blockedReason = 'queryInterface.dropTable() — Sequelize: drops a table';
+} else if (/queryInterface\.dropAllTables\s*\(/i.test(content)) {
+  blockedReason = 'queryInterface.dropAllTables() — Sequelize: drops all tables';
+} else if (/\.dropTable\s*\(/i.test(content)) {
+  blockedReason = 'dropTable() — drops a database table';
+} else if (/\.dropTableIfExists\s*\(/i.test(content)) {
+  blockedReason = 'dropTableIfExists() — drops a database table';
+} else if (/schema\.dropTable\s*\(/i.test(content)) {
+  blockedReason = 'schema.dropTable() — Knex: drops a table';
+}
+
+// --- TypeORM ---
+else if (/\.dropDatabase\s*\(/i.test(content)) {
+  blockedReason = 'dropDatabase() — drops the entire database';
+} else if (/connection\.synchronize\s*\(\s*true/i.test(content)) {
+  blockedReason = 'synchronize(true) — TypeORM: drops and recreates all tables';
+}
+
+// --- MongoDB / Mongoose ---
+else if (/collection\.drop\s*\(/i.test(content)) {
+  blockedReason = 'collection.drop() — drops a MongoDB collection';
+} else if (/Model\.collection\.drop\s*\(/i.test(content)) {
+  blockedReason = 'Model.collection.drop() — drops a Mongoose model collection';
+} else if (/db\.dropDatabase\s*\(/i.test(content)) {
+  blockedReason = 'db.dropDatabase() — drops the entire MongoDB database';
+} else if (/mongoose\.connection\.dropDatabase\s*\(/i.test(content)) {
+  blockedReason = 'mongoose.connection.dropDatabase() — drops the MongoDB database';
+} else if (/mongoose\.connection\.dropCollection\s*\(/i.test(content)) {
+  blockedReason = 'mongoose.connection.dropCollection() — drops a MongoDB collection';
+}
+
+// --- Prisma ---
+else if (/prisma\.\$executeRaw.*DROP/i.test(content)) {
+  blockedReason = 'prisma.$executeRaw with DROP — raw destructive SQL via Prisma';
+} else if (/migrate\s+reset/i.test(content)) {
+  blockedReason = 'migrate reset — wipes and recreates the database';
+}
+
+// --- Filesystem ---
+else if (/shutil\.rmtree\s*\(/i.test(content)) {
+  blockedReason = 'shutil.rmtree() — recursively deletes a directory';
+} else if (/\brm\s+-[a-zA-Z]*rf?/.test(content)) {
+  blockedReason = 'rm -rf — recursively force-deletes files';
+} else if (/fs\.rmSync\s*\(.*recursive\s*:\s*true/i.test(content)) {
+  blockedReason = 'fs.rmSync({ recursive: true }) — recursively deletes a directory';
+} else if (/fs\.rmdirSync\s*\(.*recursive\s*:\s*true/i.test(content)) {
+  blockedReason = 'fs.rmdirSync({ recursive: true }) — recursively deletes a directory';
+} else if (/rimraf\s*\(/i.test(content)) {
+  blockedReason = 'rimraf() — recursively deletes a directory';
+}
+
+// --- Git ---
+else if (/git.*reset.*--hard/.test(content)) {
+  blockedReason = 'git reset --hard — discards all uncommitted changes';
+} else if (/git.*push.*--force/.test(content)) {
+  blockedReason = 'git push --force — overwrites remote history';
+} else if (/git.*clean.*-f/.test(content)) {
+  blockedReason = 'git clean -f — permanently deletes untracked files';
+}
+
+// 4. Block and print error if triggered
+if (blockedReason) {
+  console.error('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+  console.error(`GUARDRAILS BLOCKED: ${blockedReason}`);
+  console.error(`File: ${file}`);
+  console.error('');
+  console.error('This operation is irreversible and cannot be written');
+  console.error('by an AI agent. You must write this manually in your');
+  console.error('editor to ensure full human intent and review.');
+  console.error('');
+  console.error('If you truly need this, edit the file directly.');
+  console.error('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+  process.exit(2);
+}
+
+process.exit(0);

package/bin/uninstall.js

@@ -0,0 +1,92 @@
+#!/usr/bin/env node
+
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import readline from 'readline';
+
+const GUARDRAIL_SCRIPTS = [
+  'scan_bash_command.mjs',
+  'scan_file_content.mjs',
+];
+
+function ask(question) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise(resolve => rl.question(question, ans => { rl.close(); resolve(ans.trim().toLowerCase()); }));
+}
+
+async function main() {
+  console.log('🗑️  Claude Code Guardrails Uninstaller\n');
+  console.log('  [G] Global  — removes from all projects  (~/.claude/settings.json)');
+  console.log('  [L] Local   — removes from this project  (./.claude/settings.json)\n');
+
+  const answer = await ask('Where do you want to uninstall from? [G/l]: ');
+  const isLocal = answer === 'l' || answer === 'local';
+
+  const claudeDir    = isLocal ? path.join(process.cwd(), '.claude')   : path.join(os.homedir(), '.claude');
+  const hooksDir     = path.join(claudeDir, 'hooks');
+  const settingsFile = path.join(claudeDir, 'settings.json');
+
+  console.log('');
+
+  try {
+    // 1. Remove guardrail hook entries from settings.json
+    if (fs.existsSync(settingsFile)) {
+      let settings = {};
+      try {
+        settings = JSON.parse(fs.readFileSync(settingsFile, 'utf8'));
+      } catch (e) {
+        console.warn('⚠️  settings.json could not be parsed. Skipping settings cleanup.');
+      }
+
+      if (settings.hooks && Array.isArray(settings.hooks.PreToolUse)) {
+        const before = settings.hooks.PreToolUse.length;
+
+        settings.hooks.PreToolUse = settings.hooks.PreToolUse.filter(entry => {
+          if (!Array.isArray(entry.hooks)) return true;
+          return !entry.hooks.some(h =>
+            typeof h.command === 'string' &&
+            GUARDRAIL_SCRIPTS.some(s => h.command.includes(s))
+          );
+        });
+
+        const removed = before - settings.hooks.PreToolUse.length;
+
+        if (settings.hooks.PreToolUse.length === 0) delete settings.hooks.PreToolUse;
+        if (Object.keys(settings.hooks).length === 0) delete settings.hooks;
+
+        const tmp = settingsFile + '.tmp';
+        fs.writeFileSync(tmp, JSON.stringify(settings, null, 2), 'utf8');
+        try {
+          fs.renameSync(tmp, settingsFile);
+        } catch {
+          fs.copyFileSync(tmp, settingsFile);
+          fs.unlinkSync(tmp);
+        }
+
+        console.log(`Removed ${removed} guardrail hook(s) from ${settingsFile}`);
+      } else {
+        console.log('No guardrail hooks found in settings.json.');
+      }
+    } else {
+      console.log('settings.json not found. Nothing to clean up.');
+    }
+
+    // 2. Delete the scanner script files
+    for (const script of GUARDRAIL_SCRIPTS) {
+      const dest = path.join(hooksDir, script);
+      if (fs.existsSync(dest)) {
+        fs.unlinkSync(dest);
+        console.log(`Removed ${dest}`);
+      }
+    }
+
+    console.log('\n✅ Uninstall complete. Other hooks and settings untouched.');
+
+  } catch (err) {
+    console.error('❌ Failed to uninstall guardrails:', err.message);
+    process.exit(1);
+  }
+}
+
+main();

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "claude-guardrails-rg",
+  "version": "1.0.0",
+  "description": "Cross-platform global security guardrails for Claude Code",
+  "type": "module",
+  "main": "bin/install.js",
+  "scripts": {
+    "postinstall": "node bin/install.js",
+    "preuninstall": "node bin/uninstall.js"
+  },
+  "files": [
+    "bin/"
+  ],
+  "keywords": [
+    "claude",
+    "claude-code",
+    "guardrails",
+    "security"
+  ],
+  "author": "Mohd Rahban Ghani",
+  "license": "ISC"
+}