Customizing Safety
Kalami installs 17 deny patterns by default. You can remove, add, or upgrade them to match your workflow.
Checking current safety
npx kalami status
Shows your deny pattern counts (default + custom) and any upgrade suggestions.
Removing a deny pattern
Use allow with a substring that matches the patterns you want to remove:
# Remove all .env deny patterns
npx kalami allow .env
# Allow force push
npx kalami allow force-push
# Allow sudo commands
npx kalami allow sudo
The command removes all deny patterns matching the substring and lists what was removed.
Upgrading to mechanical enforcement
When a prose rule keeps getting violated, upgrade it to a hard deny:
# Block all npm commands mechanically
npx kalami harden npm
# Block all rm -rf commands
npx kalami harden rm-rf
After hardening:
- The deny pattern is added to
.claude/settings.json - Claude Code blocks the command before it executes
npx kalami statusshows the hardened rule with its "since" date
Reverting a hardened rule
npx kalami unharden npm
This removes the mechanical deny and clears the state. The operation reverts to prose-only enforcement.
Automatic upgrade suggestions
When npx kalami status detects a pattern violated 3 or more times, it suggests hardening:
Upgrade available:
npx kalami harden force-push (violated 4 times)
This means prose rules aren't enough — Claude keeps doing it despite the instruction. Mechanical enforcement is recommended.
Available harden recipes
| Recipe | What it blocks |
|---|---|
.env | Read/Edit all .env files |
npm | npm install, ci, run, exec |
force-push | git push --force, -f, --force-with-lease |
rm-rf | All rm -rf commands |
sudo | All sudo commands |
hard-reset | git reset --hard |
ssh | Read/Edit ~/.ssh/* |
aws | Read/Edit AWS credentials and config |
Custom deny patterns
You can also add custom deny patterns directly in .claude/settings.json:
{
"permissions": {
"deny": ["Bash(docker rm -f*)", "Edit(production.config.*)"]
}
}
Custom patterns survive reinstall and uninstall.