---
description: Safety rules for Hive — block dangerous commands and protect critical files
---

## Damage Control Rules

### Dangerous Commands (BLOCK)
- `rm` with recursive or force flags (`-r`, `-R`, `-f`)
- `sudo rm`
- `git reset --hard` (use `--soft` or stash)
- `git clean -fd`
- `git push --force` (use `--force-with-lease`)
- `git stash clear`
- `git filter-branch`
- `DELETE FROM` without WHERE clause
- `TRUNCATE TABLE`, `DROP TABLE`, `DROP DATABASE`

### Ask Before Executing
- `git checkout -- .` (discards all uncommitted changes)
- `git branch -D` (force deletes branch even if unmerged)

### Never Read or Write
- `.env`, `.env.local`, `.env.production`
- `~/.ssh/`, `~/.aws/`
- `*.pem`, `*.key`, `*.tfstate`

### Read-Only (no writes)
- `/etc/`, `/usr/`
- `package-lock.json`, `bun.lockb`, `yarn.lock`
- `node_modules/`, `dist/`, `build/`

### Never Delete
- `.git/`, `.gitignore`
- `LICENSE`, `README.md`
- `features.md`, `.hive/`