Boucle

Claude Code hooks that actually enforce your rules. 7 installable hooks, plus enforcement and audit tooling, ~1758 tests, 932 known Claude Code gaps documented with severity ratings and workarounds.

Quick links: Check your setup · Install hooks · Individual hooks · Platform support · Recommended Claude Code version · Troubleshooting · Boucle Framework (optional, for autonomous agents)

Claude Code Hooks

Claude Code's CLAUDE.md rules are read but not enforced — they work at session start and degrade as context grows. Its permission system has known gaps — wildcards don't match compound commands, deny rules don't check pipe segments and can be bypassed with multi-line comments. These hooks enforce boundaries that text rules and permissions can't.

What happens when a hook blocks a dangerous command:

Claude tries:  rm -rf ~/projects
bash-guard:    bash-guard: rm -rf targeting a critical system path. This would cause irreversible data loss.
Claude sees:   ⚠ Hook blocked this action. Suggesting safer alternative...

No prompts, no "are you sure" dialogs. The command never runs.

Check your current setup:

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/safety-check/check.sh | bash

Scores your Claude Code safety configuration from A to F and shows one-liner fixes for each gap. Add --verify to send test payloads to each hook and confirm they actually block:

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/safety-check/check.sh | bash -s -- --verify

Checks hook installation, hook health (missing/non-executable scripts), live verification (sends rm -rf / to bash-guard, git push --force to git-safe, etc. and confirms they block), enforce-hooks and CLAUDE.md @enforced rules, environment issues (IS_DEMO, JSONC settings, jq/python3 dependencies, Windows hook reliability), and known CLI version regressions. Scans both user-level (~/.claude/settings.json) and project-level (.claude/settings.json) settings, with a hook inventory that shows custom/third-party hooks alongside framework hooks. Also warns when deny rules are configured without bash-guard, since deny patterns can be bypassed by compound commands and multi-line scripts. No installation required. ~260 tests.

Start with the essentials (bash-guard + git-safe + file-guard):

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- recommended

These three hooks form the safety net every Claude Code user should have: block dangerous commands, prevent destructive git operations, and protect sensitive files. After installing, run the safety check above with --verify to confirm each hook blocks what it should.

If the install succeeds but hooks do not block anything:

• Run install.sh verify first. A clean install is not proof the hooks are firing.
• Run install.sh doctor next. It catches missing files, bad permissions, JSONC in settings.json, and other silent fail-open states.
• On Windows, use PowerShell 7 (pwsh), not Windows PowerShell 5.
• If you write custom deny hooks, prefer stderr + exit 2 for hard blocks. JSON permissionDecision: "deny" is still inconsistent across Claude Code surfaces.

Install all hooks at once:

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- all

Windows (PowerShell 7+) — native PS1 hooks, no bash or jq required. Requires PowerShell 7 (pwsh), not the built-in Windows PowerShell 5:

iex "& { $(irm https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.ps1) } all"

Manage hooks:

# See what's installed
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- list

# Test all installed hooks with real payloads (run after CC updates)
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- verify

# Upgrade all installed hooks to latest
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- upgrade

# Remove a hook (files + settings.json)
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- uninstall read-once

# Remove all hooks
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- uninstall all

# Snapshot settings.json before updating Claude Code
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- backup

# Restore after an auto-update wipes your hooks
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- restore

# Run safety audit on your Claude Code setup
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- check

# Diagnose installation health (files, settings, permissions)
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- doctor

# Show all commands and available hooks
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.sh | bash -s -- help

Windows equivalents (same commands, PowerShell syntax):

# List, upgrade, check, uninstall, doctor, backup/restore
iex "& { $(irm https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.ps1) } list"
iex "& { $(irm https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.ps1) } upgrade"
iex "& { $(irm https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.ps1) } check"
iex "& { $(irm https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.ps1) } doctor"
iex "& { $(irm https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/install.ps1) } uninstall read-once"

Or pick individual hooks:

read-once — Stop redundant file reads

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/read-once/install.sh | bash

Saves ~2000 tokens per prevented re-read. Includes diff mode for edit-verify-edit workflows (80-95% token savings on changed files).

file-guard — Protect files from AI access or modification

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/file-guard/install.sh | bash

Define protected files in .file-guard (one pattern per line). Two modes: write-protect (default) blocks writes, edits, and destructive bash commands. [deny] blocks all access including Read, Grep, and Glob, useful for large codegen directories where Claude should use an MCP server instead of reading files directly. Resolves symlinks to prevent bypass via symbolic links. Handles absolute paths (v2.1.89+ compatibility). ~140 tests (bash + PowerShell).

git-safe — Prevent destructive git operations

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/git-safe/install.sh | bash

Blocks git push --force, git reset --hard, git checkout ., git checkout HEAD -- path, git restore, git clean -f, git branch -D, --no-verify, and other destructive git commands. Prevents the exact pattern that destroyed 30+ files despite 100+ CLAUDE.md rules. Suggests safer alternatives. Allowlist via .git-safe config. ~134 tests (77 bash + 57 PowerShell).

bash-guard — Block dangerous bash commands

curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/bash-guard/install.sh | bash

Blocks dangerous commands across these categories:

• File destruction -- rm -rf /, shred, truncate -s 0, mass delete (find -delete, xargs rm, git clean -f)
• Privilege escalation -- sudo, pkexec, doas, pipe-to-shell (curl|bash)
• Disk utilities -- diskutil eraseDisk/eraseVolume/partitionDisk, fdisk, gdisk, parted, wipefs (#37984: 87GB personal data destroyed)
• Database destruction -- DROP TABLE, prisma db push, dropdb, migrate:fresh, FLUSHALL, and 10+ ORM variants
• Credential exposure -- env/printenv, bash -x, cat .env, SSH keys, programmatic dumps (os.environ, process.env)
• Data exfiltration -- curl -d @file, wget --post-file, nc host < file
• Cloud infrastructure -- terraform destroy, `kubectl delete/drain/