safe-rm v1.0.0

safe-rm v1.0.0 — Initial Release

Email approval for risky rm commands. Built for AI coding agents on production servers.

What's Included

• Python client (client/safe-rm) — wraps rm with risk detection and approval workflow
• Express.js server (server/) — manages approval requests with HMAC-signed tokens
• n8n workflow templates — email notification workflows (SMTP and Gmail)
• Claude Code integration — hook system for general tool approvals, not just rm
• Comprehensive docs — installation, configuration, architecture, and security audit

Key Features

• Risk detection: recursive deletes, force flags, protected paths, glob patterns, file count thresholds
• Hard-blocked paths: /, ~, ., .. always blocked
• HMAC-SHA256 signed requests with timing-safe token comparison
• One-time-use approve/deny/stop tokens with configurable expiry
• Source IP filtering (only AI agent sessions require approval)
• Auto-approve windows from your email
• Session stop capability
• Dry-run mode for testing

Quick Start

1. Deploy the approval server
2. Install the client on your VPS
3. Set up email notifications via n8n

See the README for details.