Codymaster cm-guardian-runtime

Use when you need to check if a destructive command is blocked or run guardian freeze checks.

install

source · Clone the upstream repo

git clone https://github.com/tody-agent/codymaster

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/tody-agent/codymaster "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/cm-guardian-runtime" ~/.claude/skills/tody-agent-codymaster-cm-guardian-runtime && rm -rf "$T"

manifest: skills/cm-guardian-runtime/SKILL.md

source content

cm-guardian-runtime — destructive command & freeze checks

Commands

cm guardian check -- git push --force origin main    # exits 1 if blocked
cm guardian path-check --file ./src/app.ts --roots src,lib

Behaviour

Regex set for

rm -rf

DROP TABLE

git push --force

git reset --hard

, pipes to shell, etc.

Prefix whitelist includes
```
npm run build
```
,
```
npm test
```
,
```
npx vitest
```
.
Violations append to
```
.cm/guardian.log
```
.

Investigate / debug mode

When using cm-debugging or root-cause work, treat freeze roots as mandatory: only edit inside allowed directories until the hypothesis is proven.

Config

See

.cm/config.example.yaml

→

guardian:

. Hook patterns (Cursor / Codex): docs/workflows/guardian-hooks.md (repo root).