Stats
Actions
Tags
From kastell
Intercepts destructive 'kastell destroy' and 'kastell restore' Bash commands, blocking execution until explicit user confirmation via re-invocation of /kastell-careful.
How this skill is triggered — by the user, by Claude, or both
Slash command
/kastell:kastell-carefulBashThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Safety guard that intercepts `kastell destroy` and `kastell restore` commands. Requires explicit confirmation before any destructive operation proceeds.
Safety guard that intercepts kastell destroy and kastell restore commands. Requires explicit confirmation before any destructive operation proceeds.
Invoke /kastell:careful before a session that involves server destruction or restoration. The skill-scoped prompt hook activates and monitors all Bash commands until the skill session ends.
Changed files:
!git diff --name-only 2>/dev/null || echo "Not a git repo"
Uncommitted:
!git status --short 2>/dev/null || echo "Not a git repo"
Three layers of protection work together:
Layer 1: Plugin hooks.json — Always active (plugin scope). Silently blocks kastell destroy and kastell server-delete via command hook (regex match, exit 2). No confirmation offered — hard block.
Layer 2: This skill's prompt hook — Active only during /kastell:careful session. Uses an LLM to detect destroy AND restore intent in any Bash command. Returns {"decision": "block"} with a reason message explaining the block. Covers restore which Layer 1 does NOT cover.
Layer 3: KASTELL_SAFE_MODE — Runtime guard embedded in CLI code itself (isSafeMode()). Last line of defense at the application layer.
The three layers are complementary: Layer 1 stops silent automation, Layer 2 provides in-session confirmation UX with semantic understanding, Layer 3 enforces safe mode at execution time.
Only kastell destroy and kastell restore are intercepted. Other commands (including kastell audit, kastell lock, kastell status) pass through without delay.
When a destructive command is detected:
npx claudepluginhub kastelldev/kastellBlocks destructive Bash commands like rm -rf, DROP TABLE, git force-push, reset --hard, and restricts file edits to a specific directory. Use for protection on critical systems.
Blocks destructive commands like rm -rf, git --force, DROP TABLE, docker prune, and restricts file edits to specified directories. Use on production systems and with autonomous agents.
Warns before destructive commands like rm -rf, DROP TABLE, force-push. Activates when user requests careful mode or safety mode. Useful for prod or shared environments.