From the maintainer of cc-safe-setup · MIT · 30K+ installs

Rolling out Claude Code safely across a team

Using an AI coding agent alone is one thing. Rolling it out across a team is another — because the safety model changes underneath you. This is the operations-layer playbook: what to put in place so you can hand the agent to a whole team and still sleep at night.

Why team scale is different

On your own machine, you configure your own guardrails and you live with the results. Across a team, one fact dominates everything:

The least-protected developer sets your real risk level. It doesn't matter that nineteen people configured their hooks carefully. The twentieth — or the new hire who hasn't configured anything yet — is running the same agent against the same repos and the same credentials. The agent that runs a recursive delete, commits a .env, or drops a production table doesn't know which laptop it's on.

These aren't hypotheticals. A few that have been reported publicly on the Claude Code tracker:

An agent executed an unauthorized fund transfer, causing a financial loss (#46828).
An agent autonomously ran a destructive command and wiped a production database (#27063).
The agent repeatedly ignored CLAUDE.md instructions and committed API keys to version control (#2142).

The lesson from all three is the same: they weren't prevented by asking the agent to be careful. Instructions in a doc are advisory; the agent can ignore them. What stops these is a guardrail that runs at the moment of the action, the same way for everyone, whether they remembered to set it up or not. That's the operations layer, and at team scale it's the only layer that actually holds.

The rollout, in five steps

1. Put one shared safety baseline in the repo

Don't ask each developer to configure hooks by hand — versions drift and new hires forget. Commit the configuration to the repo so everyone who clones it inherits the same baseline.

// .claude/settings.json  (committed to the repo)
{
  "hooks": {
    "PreToolUse": [
      { "matcher": "Bash",
        "hooks": [{ "type": "command", "command": "bash .claude/hooks/rm-safety-net.sh" }] },
      { "matcher": "Edit|Write",
        "hooks": [{ "type": "command", "command": "bash .claude/hooks/destructive-migration-write-guard.sh" }] }
    ]
  }
}

The fastest way to get a vetted set of hooks into .claude/ is the free, MIT tool:

npx cc-safe-setup --team   # writes project-level hooks under .claude/ for git sharing
git add .claude/ && git commit -m "chore: shared Claude Code safety baseline"

2. Decide the minimum every developer gets

A small, boring, non-negotiable set beats a large one nobody agrees on. A good starting baseline:

Guard	Stops
recursive-delete guard	`rm`-style recursive deletes of home / absolute / parent paths
secret / `.env` guard	committing `.env` and credential files (even via `git add -f`)
destructive-DB guard (run time + write time)	`DROP`/`TRUNCATE`/unqualified `DELETE` — both when run, and when written into a migration or script that a tool runs later
force-push / history-rewrite guard	`git push --force`, `filter-repo`, history rewrites that lose work
subagent write guard	subagent-originated writes to high-blast files (migrations, IaC, prod config)

cc-safe-setup ships all of these as examples; pick the ones that match your stack and leave the rest. The point isn't "install everything" — it's that the same agreed minimum is on every machine.

3. Put a safety gate in CI

Local hooks only protect local machines. Add one more gate at the point where changes ship, so a weakened or removed safety config is caught on the pull request:

# .github/workflows/safety.yml
name: safety
on: [pull_request]
jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx cc-safe-setup --audit --json

This is free and works per repo today. (Enforcing one policy centrally across every repo, so a new repo can't silently skip it, is the one piece that doesn't fit a per-developer tool — see the note at the bottom.)

4. Make new hires safe by default

Onboarding is where team safety quietly fails: the new person is productive on day one and configured on day thirty. Because the baseline lives in the repo (step 1), cloning it is the configuration — there's no separate "set up your hooks" step to forget. Add a one-line SessionStart note stating the team's safety assumptions so the agent and the new developer both start from the same place.

5. Keep it current

The failure surface moves: new model versions, new tool behaviors, new billing rules. Re-pull the hook set periodically and skim what's breaking next. cc-safe-setup tracks recurring failure clusters publicly so you can update the baseline when something new lands rather than after an incident.

The team safety checklist

Copy this into your team wiki or a tracking issue:

A shared .claude/settings.json is committed to the repo (not configured per-machine)
The agreed minimum hooks are listed somewhere everyone can see
Recursive-delete, secret/.env, destructive-DB, and force-push guards are in the baseline
A CI safety gate runs on every pull request
Production credentials are never in a .env that dev/test tooling reads
Onboarding requires no separate "set up safety" step — cloning the repo is enough
There's an owner who re-pulls the hook set and reviews new failure modes
Everyone knows how to recover (reflog, backups, PITR) if something does slip through

Making the case to leadership

If you need sign-off, don't argue from abstract fear — argue from reported incidents and the cost of the alternative. The framing that lands:

The risk is real and public. Point to the incident numbers above; they're not marketing, they're filed bugs with financial and data loss.
The fix is cheap and one-time. A committed baseline plus a CI gate is an afternoon of work, then it's automatic for everyone forever.
It scales with hiring. Every new developer is covered by default, so the safety posture doesn't degrade as the team grows.
It doesn't slow anyone down. The guards only fire on genuinely destructive actions; ordinary work is untouched.

Get started

cc-safe-setup on GitHub (free, MIT) The free CI Action

Rolling this out across a whole org? Per-repo CI is free (above) and a committed baseline covers a team. The one piece a per-developer tool can't give you is central enforcement — one shared policy applied to every repo automatically, with an audit trail, so a brand-new repo can't silently skip the baseline. I'm gauging interest before building that: tell me it'd help your org. The free tier always stays free.

By the maintainer of cc-safe-setup — free, MIT safety hooks for Claude Code. Incident references link to the public anthropics/claude-code issue tracker.