Hooks don't fire in pipe mode (claude -p). This means your safety guards — destructive-guard, secret-guard, branch-guard — are all inactive when running headless.
Known limitation (#40506, #35646): PreToolUse, PostToolUse, and PermissionRequest hooks do not execute in claude -p mode.
| Mode | PreToolUse | PostToolUse | PermissionRequest |
|---|---|---|---|
| Interactive (TUI) | Yes | Yes | Yes |
Pipe (claude -p) | No | No | No |
Pipe + --dangerously-skip-permissions | No | No | No |
1. CLAUDE.md safety rules — the only safety layer in pipe mode:
# ABSOLUTE RULES (no hooks in pipe mode)
- NEVER run rm -rf, git reset --hard, or git push --force
- NEVER commit .env files
- ALWAYS confirm file paths before destructive operations2. Wrapper script — validate output before executing:
#!/bin/bash
OUTPUT=$(claude -p "fix the bug in src/main.ts" 2>&1)
# Check for dangerous commands before applying
if echo "$OUTPUT" | grep -qE 'rm -rf|git reset --hard'; then
echo "DANGEROUS: Output contains destructive commands" >&2
exit 1
fi
echo "$OUTPUT"3. Use interactive mode instead — if hooks are critical, avoid -p mode and use the TUI with --dangerously-skip-permissions for automation.
npx cc-safe-setup591 hooks for interactive mode. 8,872 tests.
cc-safe-setup · GitHub