March 26, 2026
I OPEN-SOURCED MY ENTIRE CLAUDE CODE SETUP
I dropped a screenshot into Claude Code and it crashed. Not a graceful "something went wrong" — a hard crash. The 20MB request limit hit, the session died, and all my context was gone. No recovery.
That was the moment I stopped using Claude Code as a chat assistant and started building infrastructure around it.
Three months later, I have 3 hooks that fire automatically, 10 rules that enforce my standards before I type a word, 2 custom slash commands, a second AI that reviews every major change, and a permission system that means I never click "approve" again. I open-sourced all of it.
ONE-LINE INSTALL
Paste this into Claude Code:
Install the Claude Code safeguards from https://github.com/MeriaApp/claude-code-safeguards — clone to /tmp, run install.sh, then delete the clone.Claude reads the instruction, clones the repo, runs the installer, and configures everything. Takes about 10 seconds.
Or manually: git clone to /tmp, run ./install.sh, delete the clone. Requires jq.
Out of the box, Claude Code asks permission for everything, crashes on screenshots, and forgets your standards every session. This fixes all of that.
THE PROBLEM
Claude Code out of the box is powerful but raw. It asks permission on every file edit. It'll happily run rm -rf if you let it. It has no memory of how you work. Drop a retina screenshot in and you might blow past the request limit. There are no quality gates, no guardrails, no automation.
Most people deal with this by clicking "approve" hundreds of times a day. I decided to fix it once and never think about it again.
WHAT'S IN THE BOX
3 Hooks — Automatic Protection
Hooks are shell scripts that fire at lifecycle events. You don't invoke them — they run automatically every time the matching event occurs.
| Hook | Event | What It Does |
|---|---|---|
| Screenshot handler | PreToolUse/Read | Intercepts image reads, resizes retina screenshots to 1400px, files into project/screenshots/, prevents the 20MB crash |
| Destructive blocker | PreToolUse/Bash | Blocks rm -rf, git push --force, sudo, pipe-to-shell attacks, disk-level ops |
| Context preserver | PreCompact | Injects project state into context before compression so nothing critical gets lost |
The screenshot hook is the one that started this project. Here's how it works:
You drop a screenshot into Claude Code
→ Hook intercepts the Read before it hits the API
→ Resizes to 1400px wide (retina = 2x too large)
→ Files to project/screenshots/20260326_170125.png
→ Blocks the original Read (exit code 2)
→ Tells Claude the filed path via stderr
→ Claude reads the smaller, filed version insteadSet once. Fires on every image read, every project, every session. I've never thought about screenshot management since.
The destructive command blocker catches the commands that can ruin your day:
| Blocked Pattern | What It Suggests Instead |
|---|---|
| rm -rf | Use trash (brew install trash) |
| git push --force | Push without --force |
| git push origin main | Create a feature branch first |
| sudo | Ask the user to run it manually |
| curl ... | bash | Download first, review, then execute |
10 Rules — Standards on Autopilot
Rules are markdown files in .claude/rules/ that auto-load at the start of every session. Not suggestions — directives. Claude follows them before you type anything.
| Rule | What It Enforces |
|---|---|
| Coding Standards | Read before edit. Minimal diffs. No placeholders. No hardcoded secrets. No temp patches. |
| Git Workflow | Stage specific files (never git add -A). Commit only when asked. Never amend. Never force push. |
| Quality Standard | Verification gate before any change ships. Risk assessment. Root cause fixes only. |
| Context Management | When to /compact, when to /clear, how to handle large files, when to start fresh. |
| Gemini Orchestration | When and how to delegate to Gemini CLI for code review. Trust boundaries between models. |
| Full App Audit | Say "audit this app" and Claude spawns parallel agents for code health, architecture, compliance. |
| File Hygiene | Suspected dead files go to _review/ with a log. Never delete directly. |
| Binary Handling | Screenshot protocol. Shell alternatives for video, audio, archives. Context limits. |
| Screenshots | Move processed screenshots to _used/. Auto-cleanup after 7 days. |
| Capabilities | The meta-rule: tells Claude what's installed so it uses hooks, commands, and features proactively. |
The last one — capabilities.md — is the piece most people miss. Without it, Claude has all these tools but doesn't know to use them. The capabilities rule tells Claude: "You have a Gemini integration. Use it after large changes. You have /compact. Run it before context fills up. You have subagents. Spawn them for audits." It turns installed tools into active behaviors.
2 Slash Commands — Complex Workflows in One Line
Custom commands are markdown files in .claude/commands/. The filename becomes the slash command. The content defines the workflow Claude executes.
Full engineering audit. Spawns parallel agents scanning code health, architecture, and platform compliance. Cites every finding with file:line. Severity-ranked P0 through P3. Saves structured report. Doesn't fix anything — documents what's wrong.
Captures your git diff, pipes it to Gemini CLI for an independent code review. Claude evaluates each finding — applies valid ones (~70%), discards false positives (~30%), builds to confirm no regressions. Two AIs. One writes. One reviews.
Create your own by adding .md files to ~/.claude/commands/. Any workflow you repeat more than twice should be a command.
Permissions — Trust, Not Prompting
The installer configures permissions so you stop clicking "approve" on every operation:
// What gets allowed (all standard tools)
Bash(*), Read, Write, Edit, Glob, Grep, Agent, WebFetch, WebSearch
// What gets hard-blocked
Binary files: mp4, mov, avi, mkv, mp3, wav, flac, zip, tar.gz, dmg...
Secrets: ~/.ssh/**, ~/.gnupg/**, ~/.aws/**, ~/.azure/**, ~/.kube/**
Credentials: ~/.docker/config.json, ~/.npmrc, ~/.git-credentials
Crypto keys: *.pem, *.key, *.gpg, *.cert, *.crtFull Bash(*) access with the destructive command hook as the guardrail. Binary files denied because Claude can't parse them anyway. Secrets and credentials hard-blocked so they never accidentally end up in a conversation or commit.
Gemini CLI — A Second Brain
The installer optionally sets up Gemini CLI — Google's command-line AI. Gemini Flash is free (60 requests/minute) and brings a different perspective to code review.
Why use two AIs? Because they have different blind spots. Gemini scores 83% on code editing benchmarks where Claude scores 72%. Claude is better at architecture, writing, and tool use. Together, they catch more than either one alone.
The /gemini-review command automates this: Claude writes the code, pipes the diff to Gemini, evaluates the feedback, applies what's valid, and builds to confirm. No manual orchestration.
HOW IT ALL FITS TOGETHER
This isn't a collection of tips. It's a system. Each piece connects:
- Rules define how Claude works — before you type anything
- Hooks enforce boundaries automatically — no approval needed
- Commands encode complex workflows — one slash to execute
- Permissions remove friction for safe operations — block dangerous ones
- Capabilities rule ties it together — Claude knows what it has and uses it proactively
The result: I open Claude Code, give it a task in plain English, and walk away. It knows my standards. It won't destroy anything. It compresses context before it degrades. It reviews its own work with a second AI. It commits when the work is verified.
I stopped using Claude Code as a chat assistant. I use it as an autonomous engineering system with guardrails.
INSTALL IT
OPTION 1: TELL CLAUDE
Paste this into Claude Code:
Install the Claude Code safeguards from https://github.com/MeriaApp/claude-code-safeguards — clone to /tmp, run install.sh, then delete the clone.OPTION 2: DO IT YOURSELF
git clone https://github.com/MeriaApp/claude-code-safeguards.git /tmp/claude-code-safeguards
cd /tmp/claude-code-safeguards && ./install.sh
rm -rf /tmp/claude-code-safeguardsRequires jq (brew install jq / apt install jq).
Safe to re-run. Merges with your existing settings. Never overwrites. Creates a backup.
Restart Claude Code after installing. Everything activates on the next session.
THE SETUP IS THE PRODUCT
Out of the box, Claude Code is a very smart chat assistant that happens to be in your terminal. With the right hooks, rules, commands, and permissions, it becomes something different: an autonomous system that enforces your standards, protects your work, reviews its own output, and gets better every session.
The gap between "using Claude Code" and "building on Claude Code" is configuration. This repo is the configuration.
If you found this useful, I wrote a companion post on every Claude Code feature I actually use — the shortcuts, workflow commands, and daily habits that make the tool feel native.