Prevent Database Wipes

Claude Code can run DROP DATABASE, prisma migrate reset, rails db:drop, or php artisan migrate:fresh without warning in Auto Mode. One command and your production data is gone.

#401 — Claude loaded .env with production database URL and ran tests that wiped the production database.

What Gets Blocked

The block-database-wipe hook catches:

DROP DATABASE / DROP TABLE
prisma migrate reset / prisma db push --force-reset
rails db:drop / rails db:reset
php artisan migrate:fresh
django-admin flush / python manage.py flush
sequelize db:drop
TRUNCATE TABLE

Install

npx cc-safe-setup --install-example block-database-wipe

Or include it in the full safety setup:

npx cc-safe-setup --shield

For Laravel Specifically

If Claude loaded your .env with DB_DATABASE=production_db and then ran php artisan migrate:fresh, the hook would block it. But the root cause is .env loading into the shell — fix both.

Protect Your Database

npx cc-safe-setup --install-example block-database-wipe

667 hooks. 9,200+ tests.

cc-safe-setup · GitHub