Claude Code Autonomous Mode Safety — Complete Hook Setup

Running Claude Code unattended — overnight builds, CI pipelines, headless mode — means no human is watching when it decides to rm -rf node_modules, force-push to main, or commit your .env file. Hooks are the only safety layer that works without human oversight.

What Goes Wrong in Autonomous Mode

Claude Code in autonomous mode has full terminal access and makes decisions without asking. In attended sessions, you catch mistakes before they happen. In autonomous mode, every mistake executes.

Real autonomous mode incidents

The 5 Essential Hooks for Autonomous Mode

1. Destructive Command Guard

Blocks rm -rf, chmod 777, mkfs, and other filesystem-destroying commands.

# Blocks: rm -rf /, rm -r -f /home, chmod -R 777 /
# Allows: rm temp.txt, rm -rf node_modules (configurable)

2. Branch Protection

Blocks pushes to main/master and all force-pushes.

# Blocks: git push origin main, git push --force
# Allows: git push origin feature-branch

3. Secret Leak Prevention

Blocks staging of .env files, credential files, and private keys.

# Blocks: git add .env, git add credentials.json
# Allows: git add .env.example

4. Loop Detection

Detects when Claude repeats the same command 5+ times and breaks the cycle.

# Blocks: same command repeated 5+ times
# Prevents: infinite retry loops burning tokens

5. Context Monitor

Warns when the context window is running low, preventing compaction-related mistakes.

# Warns: context usage above 80%
# Prevents: uncontrolled compaction and post-compact drift

Install All 5 in One Command

npx cc-safe-setup

Installs 8 hooks (the 5 above plus syntax checking, session handoff, and auto-approve for safe read commands). Takes 10 seconds. No dependencies.

Verify Your Setup

# Check all hooks are installed and working
npx cc-safe-setup --doctor

# Run the audit (0-100 safety score)
npx cc-safe-setup --audit

# Full health check
npx cc-health-check

Running with --dangerously-skip-permissions? One more layer

Most autonomous setups (cron, CI, watchdogs) run in bypass mode so nothing pauses for approval. Two things bite operators here. First, accepting the dangerous-mode prompt once silently writes skipDangerousModePermissionPrompt: true to settings.json permanently, so you stop being warned that you are even in bypass mode (#65848). Second, the flag does not actually bypass every gate — Edit prompts and some surfaces still fire, and the flag itself has regressed across versions.

The bypass-mode-effective-verifier hook re-surfaces both at every session start: it reads settings.json for a persisted bypass default or the suppressed-warning flag and prints a standing reminder, and it names the gates the flag does not cover. It is advisory only (it never blocks), so it is safe to leave on in unattended runs.

# Re-prints the bypass warning each session, even after the
# upstream prompt has been silently suppressed (#65848)
npx cc-safe-setup   # installs bypass-mode-effective-verifier

Make Autonomous Mode Safe

npx cc-safe-setup

Process-level protection that works even when the model forgets instructions. 213 test files 734 examples

GitHub · npm · Getting Started

Deep Dives

Open source, zero dependencies. View source.

Related: rm -rf · force-push · if field · autonomous · all tools

Learn more: Production Guide · All Tools