How to protect your files from AI coding agents

March 2026

If you're using Claude Code, Cursor, Aider, or Codex, you've given an AI agent the ability to run shell commands on your machine. That includes rm, git reset --hard, mv, and everything else.

Most of the time it works great. But AI agents make mistakes. They misinterpret your intent, hallucinate file paths, or take destructive shortcuts. And unlike a human, they don't hesitate before running rm -rf.

What can actually go wrong

Deleting the wrong files. You ask the agent to clean up test files and it rm -rf's your src directory instead.
Resetting git history. The agent runs git reset --hard HEAD~5 to fix a merge conflict, wiping your uncommitted changes.
Overwriting files with mv. The agent renames a file but the destination already exists. Your original is gone.
In-place edits gone wrong. The agent runs sed -i on the wrong file or with a bad pattern.
Cleaning git state. git checkout . or git clean -fd wipes all uncommitted work and untracked files.

The agent usually doesn't realize it made a mistake. It reports success and moves on.

Why existing protections don't help

Git only protects committed, tracked files. Uncommitted changes and untracked files are unprotected.

Agent confirmation prompts add friction. Many people run agents in autonomous mode to avoid them.

Time Machine / backups are periodic. If the agent deleted something 30 seconds ago and your last backup was an hour ago, it's gone.

trash-cli only catches rm. Doesn't help with git reset --hard, mv overwrites, or sed -i.

The shell hook approach

Every command an AI agent runs goes through your shell. A preexec hook that intercepts destructive commands catches agent commands the same way it catches yours.

oops does exactly this. When it sees a destructive command, it backs up the affected files using hard links (instant, no extra disk space) before the command runs. The agent doesn't know oops exists.

# Agent ran a destructive command ~ $ git reset --hard HEAD~3 ▲ git reset --hard # You notice the damage ~ $ oops ✓ Undid: git reset --hard Applied stash: stash@{0}

What it catches

rm / rm -rf
mv overwrites
sed -i
git reset --hard
git checkout .
git clean -fd
git branch -D
chmod / chown
File redirects (> file)

Non-destructive commands pass through with zero overhead.

Install

curl -fsSL oops-cli.com/install.sh | bash

macOS and Linux. zsh, bash, fish. Then just use your AI agent normally. When something goes wrong, type oops.

oops-cli.com · GitHub · Docs