Running Claude Code unattended — overnight builds, CI pipelines, headless mode — means no human is watching when it decides to rm -rf node_modules, force-push to main, or commit your .env file. Hooks are the only safety layer that works without human oversight.
Claude Code in autonomous mode has full terminal access and makes decisions without asking. In attended sessions, you catch mistakes before they happen. In autonomous mode, every mistake executes.
Real autonomous mode incidents
skipDangerousModePermissionPrompt: true to settings.json, so every later autonomous session ran in bypass mode with no warning (#65848)Blocks rm -rf, chmod 777, mkfs, and other filesystem-destroying commands.
# Blocks: rm -rf /, rm -r -f /home, chmod -R 777 /
# Allows: rm temp.txt, rm -rf node_modules (configurable)
Blocks pushes to main/master and all force-pushes.
# Blocks: git push origin main, git push --force
# Allows: git push origin feature-branch
Blocks staging of .env files, credential files, and private keys.
# Blocks: git add .env, git add credentials.json
# Allows: git add .env.example
Detects when Claude repeats the same command 5+ times and breaks the cycle.
# Blocks: same command repeated 5+ times
# Prevents: infinite retry loops burning tokens
Warns when the context window is running low, preventing compaction-related mistakes.
# Warns: context usage above 80%
# Prevents: uncontrolled compaction and post-compact drift
npx cc-safe-setup
Installs 8 hooks (the 5 above plus syntax checking, session handoff, and auto-approve for safe read commands). Takes 10 seconds. No dependencies.
# Check all hooks are installed and working
npx cc-safe-setup --doctor
# Run the audit (0-100 safety score)
npx cc-safe-setup --audit
# Full health check
npx cc-health-check
--dangerously-skip-permissions? One more layerMost autonomous setups (cron, CI, watchdogs) run in bypass mode so nothing pauses for approval. Two things bite operators here. First, accepting the dangerous-mode prompt once silently writes skipDangerousModePermissionPrompt: true to settings.json permanently, so you stop being warned that you are even in bypass mode (#65848). Second, the flag does not actually bypass every gate — Edit prompts and some surfaces still fire, and the flag itself has regressed across versions.
The bypass-mode-effective-verifier hook re-surfaces both at every session start: it reads settings.json for a persisted bypass default or the suppressed-warning flag and prints a standing reminder, and it names the gates the flag does not cover. It is advisory only (it never blocks), so it is safe to leave on in unattended runs.
# Re-prints the bypass warning each session, even after the
# upstream prompt has been silently suppressed (#65848)
npx cc-safe-setup # installs bypass-mode-effective-verifier
npx cc-safe-setup
Process-level protection that works even when the model forgets instructions. 213 test files 734 examples
GitHub · npm · Getting Started
Open source, zero dependencies. View source.
Related: rm -rf · force-push · if field · autonomous · all tools
Learn more: Production Guide · All Tools