Installation¶

Requirements¶

Python 3.10+

Install¶

pip install nah
nah install

That's it. nah registers itself as a PreToolUse hook in Claude Code's settings.json and creates a read-only hook script at ~/.claude/hooks/nah_guard.py.

Don't use bypass mode

Don't use --dangerously-skip-permissions. In bypass mode, hooks fire asynchronously — commands execute before nah can block them.

Recommended setup¶

Allow-list the read and execute tools — nah guards them via hooks:

{
  "permissions": {
    "allow": ["Bash", "Read", "Glob", "Grep"]
  }
}

For Write and Edit, your call — nah's content inspection runs either way.

Optional dependencies¶

pip install nah[config]    # YAML config support (pyyaml)

The core hook has zero external dependencies — it runs on Python's stdlib only. The config extra adds pyyaml for YAML config file parsing.

Update¶

After upgrading nah via pip:

pip install --upgrade nah
nah update

nah update unlocks the hook script, overwrites it with the new version, and re-locks it (chmod 444).

Uninstall¶

nah uninstall
pip uninstall nah

nah uninstall removes hook entries from settings.json and deletes the hook script.

Verify installation¶

nah --version              # check installed version
nah test "git status"      # dry-run classification
nah config path            # show config file locations

See it in action¶

Run the security demo inside Claude Code:

/nah-demo

25 live cases across 8 threat categories — remote code execution, data exfiltration, obfuscated commands, and more. Takes ~5 minutes.

--dangerously-skip-permissions?

nah