Automated enforcement of net-negative LOC, complexity constraints, and quality standards for Claude code
π New in v0.1.4: The Snapshot Strategy is now the recommended approach for more robust session-wide LOC tracking.
π New: File locking feature to protect critical files from any modifications.
CCGuard ensures your codebase stays lean by blocking changes that exceed your configured line count threshold during Claude coding sessions. By default, it enforces net-negative changes (no increase allowed), but can be configured with a positive lines buffer for flexibility. It encourages simplicity, thoughtful refactoring, and a cleaner, maintainable codebase.
CCGuard blocking a file edit that would increase total lines of code
CCGuard preventing code bloat during refactoring operations
- Flexible Enforcement: Strict net-negative by default, but configurable with positive line buffer
- Simplicity Focus: Keeps your code concise by limiting unnecessary additions
- Promotes Refactoring: Encourages rethinking and optimizing existing code
- Progress Insights: Provides real-time session statistics
- Easy Control: Simple toggling for flexible enforcement
- File Protection: Lock critical files to prevent accidental modifications
Ensure you have:
- Node.js 18+
- Claude Code
Install CCGuard CLI globally:
npm install -g ccguardCCGuard requires two hooks to be configured in Claude Code:
β οΈ CRITICAL NOTE: CCGuard must be the ONLY hook configured for PreToolUse events with theWrite|Edit|MultiEditmatcher. Due to a current Claude Code bug (as of v1.0.58), duplicate hooks for the same tool matcher do not work properly. If you have other hooks for these tools, you must remove them for CCGuard to function correctly.
- Type
/hooks - Select
PreToolUse - Before tool execution - Click
+ Add new matcher... - Enter:
Write|Edit|MultiEdit|Bash - Click
+ Add new hook... - Enter command:
ccguard - Save settings (Project settings recommended)
- Type
/hooks - Select
UserPromptSubmit - When user submits a prompt - Click
+ Add new hook... - Enter command:
ccguard - Save settings (Project settings recommended)
Note: This hook is ONLY required if you plan to use the snapshot strategy. The default cumulative strategy does NOT need this hook.
- Type
/hooks - Select
PostToolUse - After tool execution - Click
+ Add new matcher... - Enter:
Write|Edit|MultiEdit|Bash - Click
+ Add new hook... - Enter command:
ccguard - Save settings (Project settings recommended)
{
"hooks": {
"PreToolUse": [{
"matcher": "Write|Edit|MultiEdit|Bash",
"hooks": [{"type": "command", "command": "ccguard"}]
}],
"PostToolUse": [{
"matcher": "Write|Edit|MultiEdit|Bash", // Only needed for snapshot strategy
"hooks": [{"type": "command", "command": "ccguard"}]
}],
"UserPromptSubmit": [{
"hooks": [{"type": "command", "command": "ccguard"}]
}]
}
}Note: The PostToolUse hook is only required if using the
snapshotstrategy. The defaultcumulativestrategy only needs PreToolUse.
CCGuard automatically checks file operations. Control using:
ccguard on # Enable enforcement
ccguard off # Disable enforcement
ccguard status # Show status and LOC statistics
ccguard reset # Reset session statistics
ccguard version # Show CCGuard version (aliases: v, --version, -v)Protect critical files from any modifications with file locking:
ccguard lock @src/core/auth.ts # Lock a file from modifications
ccguard unlock @src/core/auth.ts # Unlock to allow modifications
ccguard locks # List all locked filesKey features:
- @ Prefix Required: File paths must start with @ to differentiate from other commands
- Path Flexibility: Supports both relative and absolute paths
- Session Persistent: Locked files remain locked across Claude sessions
- Clear Errors: Blocked operations show which file is locked and how to unlock
Example workflow:
# Lock critical configuration
ccguard lock @config/production.json
# Claude attempts to edit will be blocked with:
# "File is locked and cannot be modified: /project/config/production.json
# To unlock this file, use: ccguard unlock @/project/config/production.json"
# When ready to modify
ccguard unlock @config/production.jsonCCGuard tracks three operations in Claude Code:
- Edit: Tracks changed lines
- MultiEdit: Cumulative tracking across edits
- Write: Counts lines in new files as additions
CCGuard has two enforcement strategies:
- PreToolUse Only: Validates changes before they're applied
- Cumulative Tracking: Tracks additions/removals per operation
- Prevention: Blocks operations that would exceed threshold
- Project-Wide Tracking: Takes baseline snapshot of entire project
- PostToolUse Validation: Validates after changes are applied
- Automatic Reversion: Reverts changes if threshold is exceeded
- Git Integration: Uses git to revert files safely
- .gitignore Aware: Respects project's ignore patterns
Why Snapshot is Recommended: The snapshot strategy provides more robust session-wide tracking by monitoring the actual state of your entire codebase. Unlike the cumulative strategy which only tracks Edit/MultiEdit/Write operations, snapshot captures ALL changes including file deletions via bash commands, making it more accurate for enforcing net-negative LOC constraints.
With default settings (allowedPositiveLines: 0):
| Operation | Allowed? |
|---|---|
| Refactor 10 lines into 5 (-5 net) | β Allowed |
| Replace 3 functions with 1 concise function | β Allowed |
| Add new 20-line function without removal | β Blocked |
| Create new file without removals | β Blocked |
With positive buffer (allowedPositiveLines: 10):
| Operation | Allowed? |
|---|---|
| Add 8 lines, remove 0 (+8 net) | β Allowed |
| Add 15 lines, remove 0 (+15 net) | β Blocked |
| Session total: +5, new operation: +4 | β Allowed |
| Session total: +8, new operation: +5 | β Blocked |
Customize CCGuard with .ccguard.config.json in your project root:
{
"enforcement": {
"mode": "session-wide", // or "per-operation"
"strategy": "cumulative", // or "snapshot"
"ignoreEmptyLines": true,
"limitType": "hard" // or "soft" (default: "hard")
},
"whitelist": {
"patterns": [
"**/node_modules/**",
"**/dist/**",
"**/*.generated.*"
],
"extensions": [
".md",
".json",
".lock"
]
},
"thresholds": {
"allowedPositiveLines": 0
}
}-
Mode:
session-wide: Track cumulative LOC (default)per-operation: Check each operation individually
-
Strategy (for session-wide mode):
cumulative: Traditional counting of changes (default)snapshot: Project-wide snapshot tracking with automatic reversion
-
Limit Type:
hard: Block and revert operations that exceed threshold (default)soft: Allow operations but provide warnings and guidance
-
Thresholds:
allowedPositiveLines: Buffer for positive changes (default: 0)0= Strict net-negative enforcement10= Allow up to +10 lines net change- Applies to both session-wide and per-operation modes
- With soft limits, operations are allowed but warned when exceeded
-
Whitelist: Skip files by pattern or extension
-
Empty Lines: Optionally ignore empty lines (default: true)
- Start Fresh: Use
ccguard resetbefore new tasks. - Refactor First: Optimize code before additions.
- Think Modular: Create reusable components.
- Question New Code: Always assess necessity.
- Tracks changes only within a Claude Code session.
- Session statistics are not persistent across sessions.
- Changes outside Claude Code are not tracked.
CCGuard is very new and we welcome any new ideas that would make it better! We're excited to hear your suggestions for new features, better workflows, and creative use cases. Submit issues and pull requests on GitHub.
Inspired by tdd-guard.