carefullisted

# /careful — Destructive Command Guardrails Safety mode is now **active**. Every bash command will be checked for destructive patterns before running. If a destructive command is detected, you'll be warned and can choose to proceed or cancel. ```bash set -euo pipefail mkdir -p ~/.maxvision/analytics echo '{"skill":"careful","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.maxvision/analytics/skill-usage.jsonl 2>/dev/null || true ``` ## What's protected | Pattern | Example | Risk | |---------|---------|------| | `rm -rf` / `rm -r` / `rm --recursive` | `rm -rf /var/data` | Recursive delete | | `DROP TABLE` / `DROP DATABASE` | `DROP TABLE users;` | Data loss | | `TRUNCATE` | `TRUNCATE orders;` | Data loss | | `git push --force` / `-f` | `git push -f origin main` | History rewrite | | `git reset --hard` | `git reset --hard HEAD~3` | Uncommitted work loss | | `git checkout .` / `git restore .` | `git checkout .` | Uncommitted work loss | | `kubectl delete` | `kubectl delete pod` | Production impact | | `docker rm -f` / `docker system prune` | `docker system prune -a` | Container/image loss | ## Safe exceptions These patterns are allowed without warning: - `rm -rf node_modules` / `.next` / `dist` / `__pycache__` / `.cache` / `build` / `.turbo` / `coverage` ## How it works The hook reads the command from the tool input JSON, checks it against the patterns above, and returns `p