nah is an open-source PreToolUse hook for Claude Code that adds context-aware permission control beyond simple allow/deny. It intercepts every tool call (Bash, Read, Write, Edit, Glob, Grep, MCP) before execution, classifying commands by action type using a deterministic structural classifier. Dangerous operations like `rm ~/.bashrc`, `git push --force`, or reading `~/.ssh/id_rsa` are blocked or require confirmation, while safe operations flow through silently. For ambiguous cases, it can optionally route to an LLM (Ollama, OpenRouter, OpenAI, Anthropic, Snowflake Cortex). Configuration supports global and per-project YAML files with 20 built-in action types, custom classifications, sensitive path rules, and three profiles (full, minimal, none). All decisions are logged and inspectable via CLI.
Sort: