Show HN: I made cc-filter after Claude kept bypassing its own rules (github.com)

A developer built cc-filter after noticing Claude Code could bypass its own CLAUDE.md permissions and read sensitive files like .env. cc-filter is a lightweight, Go-based command-line filter that enforces an out-of-band access control layer by intercepting stdin/stdout before content reaches the model. It plugs into Claude Code’s PreToolUse and UserPromptSubmit hooks (and any agent that supports command-line or pipe-based preprocessing), blocks reads of sensitive file extensions (.env, .key, .pem, .p12/.pfx), filters dangerous shell commands, and strips or masks secrets (API keys, tokens, JWTs, DB URLs, OpenAI sk-... keys) using regex-driven patterns and multiple replacement strategies. Technically, cc-filter is fast, uses only the Go standard library, auto-detects JSON hook payloads, logs invocations to ~/.cc-filter/filter.log, and supports layered configuration (built-in defaults + global + project) where pattern lists are merged and rules can be extended or overridden. Because it runs external to the model, it provides defense-in-depth against rule-evasion attacks that exploit alternative paths or command formats. That makes it a practical tool for teams deploying coding agents: easy to install or build from source, integrable across agent ecosystems, and customizable to reduce secret-exfiltration risk—though it requires careful tuning to avoid false positives and full pipeline coverage.