Harness
Harness intercepts every Claude Code tool call before it runs. When a dangerous command matches a rule, the agent gets a plain-English explanation and steers around it — no hard crash, no lost work.
Rules Harness enforces
- HIGHRecursive forced deleteBlocks rm -rf on any path that is not a clearly scoped temp directory.
- HIGHCredential exposurePrevents writing or echoing secret keys, tokens, and private certificates to stdout or files.
- HIGHForce push to protected branchesIntercepts git push --force targeting main or master before the command runs.
- MEDIUMCloud resource wipeFlags destructive cloud CLI commands (aws s3 rm --recursive, gcloud … delete) for review.
- MEDIUMGlobal package clobberWarns before npm install -g or pip install --break-system-packages overwrite system tools.
How it fits the product
Harness is implemented as a PreToolUse hook in Claude Code. The hook fires on every bash command, file write, and edit before execution. When a tool call matches one of Harness's 50+ rules, the command is skipped and Claude Code receives a structured explanation — what matched, why it is dangerous, and what to do instead. The agent reads that explanation and continues with a safe alternative rather than crashing or waiting for human input. Rules are organised in three layers: system defaults shipped with Kontekstboard, enterprise or team policies synced to all members, and personal overrides each developer controls.