cc-safe-setup 1.1.1 → 1.1.3

package/README.md

@@ -6,6 +6,8 @@
 
 **One command to make Claude Code safe for autonomous operation.**
 
+Not just a destructive command blocker — 7 hooks covering safety, quality, monitoring, and developer experience.
+
 ```bash
 npx cc-safe-setup
 ```
@@ -73,6 +75,19 @@ Safe to run multiple times. Existing settings are preserved. A backup is created
 
 **Requires:** [jq](https://jqlang.github.io/jq/) for JSON parsing (`brew install jq` / `apt install jq`).
 
+## Before / After
+
+Run `npx cc-health-check` to see the difference:
+
+| | Before | After |
+|---|--------|-------|
+| Safety Guards | 25% | **75%** |
+| Overall Score | 50/100 | **95/100** |
+| Destructive commands | Unprotected | Blocked |
+| Force push | Allowed | Blocked |
+| `.env` in git | Possible | Blocked |
+| Context warnings | None | 4-stage alerts |
+
 ## Configuration
 
 | Variable | Hook | Default |
@@ -96,7 +111,7 @@ npx cc-health-check
 
 cc-safe-setup gives you 7 essential hooks. For the complete autonomous operation toolkit:
 
-**[Claude Code Ops Kit](https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=github&utm_medium=readme&utm_campaign=safe-setup)** — 15 hooks + 6 templates + 3 exclusive tools + install.sh. Production-ready in 15 minutes.
+**[Claude Code Ops Kit](https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=github&utm_medium=readme&utm_campaign=safe-setup)** — 16 hooks + 6 templates + 3 exclusive tools + install.sh. Production-ready in 15 minutes.
 
 Or start with the free hooks: [claude-code-hooks](https://github.com/yurukusa/claude-code-hooks)
 
@@ -105,6 +120,12 @@ Or start with the free hooks: [claude-code-hooks](https://github.com/yurukusa/cl
 - [Japanese guide (Qiita)](https://qiita.com/yurukusa/items/a9714b33f5d974e8f1e8) — この記事の日本語解説
 - [The incident that inspired this tool](https://github.com/anthropics/claude-code/issues/36339) — NTFS junction rm -rf
 
+## Contributing
+
+Found a false positive? Open an [issue](https://github.com/yurukusa/cc-safe-setup/issues/new?template=false_positive.md). Want a new hook? Open a [feature request](https://github.com/yurukusa/cc-safe-setup/issues/new?template=bug_report.md).
+
+If cc-safe-setup saved your project from a destructive command, consider giving it a star — it helps others find this tool.
+
 ## License
 
 MIT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "1.1.1",
+  "version": "1.1.3",
   "description": "One command to make Claude Code safe for autonomous operation. 7 hooks: destructive blocker, branch guard, force-push protection, secret leak prevention, syntax checks, and more.",
   "main": "index.mjs",
   "bin": {
@@ -8,12 +8,25 @@
   },
   "keywords": [
     "claude-code",
+    "claude",
+    "anthropic",
     "ai",
     "safety",
     "hooks",
     "autonomous",
-    "cli"
+    "cli",
+    "pretooluse",
+    "guard",
+    "rm-rf",
+    "git-push",
+    "env",
+    "secrets",
+    "syntax-check",
+    "context-window"
   ],
+  "scripts": {
+    "test": "bash test.sh"
+  },
   "author": "yurukusa",
   "license": "MIT",
   "repository": {

package/.github/FUNDING.yml

@@ -1,3 +0,0 @@
-github: yurukusa
-ko_fi: yurukusa
-custom: ["https://yurukusa.github.io/cc-ops-kit-landing/?ref=safe-setup"]

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,20 +0,0 @@
----
-name: Bug Report
-about: Something isn't working as expected
-title: "[BUG] "
-labels: bug
----
-
-**What happened?**
-
-**What did you expect?**
-
-**Environment:**
-- OS: 
-- Node version: 
-- Claude Code version: 
-- jq installed: yes/no
-
-**Steps to reproduce:**
-1. `npx cc-safe-setup`
-2. ...

package/.github/ISSUE_TEMPLATE/false_positive.md

@@ -1,12 +0,0 @@
----
-name: False Positive
-about: A safe command was blocked
-title: "[FALSE POSITIVE] "
-labels: false-positive
----
-
-**Which hook blocked the command?**
-
-**What was the command?**
-
-**Why should it be allowed?**

package/.github/workflows/test.yml

@@ -1,14 +0,0 @@
-name: Tests
-on: [push, pull_request]
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-      - run: sudo apt-get install -y jq
-      - run: node index.mjs --help
-      - run: node index.mjs --dry-run
-      - run: bash test.sh

package/test.sh

@@ -1,135 +0,0 @@
-#!/bin/bash
-# cc-safe-setup hook tests
-# Run: bash test.sh
-# All hooks are tested by piping JSON input and checking exit codes
-
-set -euo pipefail
-
-PASS=0
-FAIL=0
-SCRIPTS_JSON="$(dirname "$0")/scripts.json"
-
-# Extract hook scripts from scripts.json
-extract_hook() {
-    python3 -c "import json; print(json.load(open('$SCRIPTS_JSON'))['$1'])" > "/tmp/test-$1.sh"
-    chmod +x "/tmp/test-$1.sh"
-}
-
-test_hook() {
-    local name="$1" input="$2" expected_exit="$3" desc="$4"
-    local actual_exit=0
-    echo "$input" | bash "/tmp/test-$name.sh" > /dev/null 2>/dev/null || actual_exit=$?
-    if [ "$actual_exit" -eq "$expected_exit" ]; then
-        echo "  PASS: $desc"
-        PASS=$((PASS + 1))
-    else
-        echo "  FAIL: $desc (expected exit $expected_exit, got $actual_exit)"
-        FAIL=$((FAIL + 1))
-    fi
-}
-
-echo "cc-safe-setup hook tests"
-echo "========================"
-echo ""
-
-# --- destructive-guard ---
-echo "destructive-guard:"
-extract_hook "destructive-guard"
-test_hook "destructive-guard" '{"tool_input":{"command":"ls -la"}}' 0 "safe command passes"
-test_hook "destructive-guard" '{"tool_input":{"command":"rm -rf /"}}' 2 "rm -rf / blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"rm -rf ~/"}}' 2 "rm -rf ~/ blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"rm -rf ../"}}' 2 "rm -rf ../ blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"rm -rf node_modules"}}' 0 "rm -rf node_modules allowed"
-test_hook "destructive-guard" '{"tool_input":{"command":"git reset --hard"}}' 2 "git reset --hard blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"git reset --soft HEAD~1"}}' 0 "git reset --soft allowed"
-test_hook "destructive-guard" '{"tool_input":{"command":"git clean -fd"}}' 2 "git clean -fd blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"chmod -R 777 /"}}' 2 "chmod 777 / blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"find / -delete"}}' 2 "find / -delete blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"echo git reset --hard"}}' 0 "git reset in echo not blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"sudo rm -rf /home"}}' 2 "sudo rm -rf blocked"
-test_hook "destructive-guard" '{"tool_input":{"command":"sudo apt install jq"}}' 0 "safe sudo command allowed"
-echo ""
-
-# --- branch-guard ---
-echo "branch-guard:"
-extract_hook "branch-guard"
-test_hook "branch-guard" '{"tool_input":{"command":"git push origin feature-branch"}}' 0 "push to feature allowed"
-test_hook "branch-guard" '{"tool_input":{"command":"git push -u origin my-branch"}}' 0 "push -u to branch allowed"
-test_hook "branch-guard" '{"tool_input":{"command":"git push origin main"}}' 2 "push to main blocked"
-test_hook "branch-guard" '{"tool_input":{"command":"git push origin master"}}' 2 "push to master blocked"
-test_hook "branch-guard" '{"tool_input":{"command":"git push --force origin feature"}}' 2 "force push blocked"
-test_hook "branch-guard" '{"tool_input":{"command":"git push -f origin feature"}}' 2 "force push -f blocked"
-test_hook "branch-guard" '{"tool_input":{"command":"git push --force-with-lease origin feature"}}' 2 "force-with-lease blocked"
-test_hook "branch-guard" '{"tool_input":{"command":"git status"}}' 0 "non-push git command passes"
-test_hook "branch-guard" '{"tool_input":{"command":"npm install"}}' 0 "non-git command passes"
-echo ""
-
-# --- secret-guard ---
-echo "secret-guard:"
-extract_hook "secret-guard"
-test_hook "secret-guard" '{"tool_input":{"command":"git add src/index.js"}}' 0 "git add normal file allowed"
-test_hook "secret-guard" '{"tool_input":{"command":"git add .env"}}' 2 "git add .env blocked"
-test_hook "secret-guard" '{"tool_input":{"command":"git add .env.local"}}' 2 "git add .env.local blocked"
-test_hook "secret-guard" '{"tool_input":{"command":"git add credentials.json"}}' 2 "git add credentials.json blocked"
-test_hook "secret-guard" '{"tool_input":{"command":"git add id_rsa"}}' 2 "git add id_rsa blocked"
-test_hook "secret-guard" '{"tool_input":{"command":"git add server.key"}}' 2 "git add .key file blocked"
-test_hook "secret-guard" '{"tool_input":{"command":"npm install"}}' 0 "non-git command passes"
-test_hook "secret-guard" '{"tool_input":{"command":"git commit -m test"}}' 0 "git commit passes"
-echo ""
-
-# --- comment-strip ---
-echo "comment-strip:"
-extract_hook "comment-strip"
-# comment-strip outputs JSON on stdout when it modifies, exit 0 always
-local_exit=0
-result=$(echo '{"tool_input":{"command":"# check status\ngit status"}}' | bash /tmp/test-comment-strip.sh 2>/dev/null) || local_exit=$?
-if [ "$local_exit" -eq 0 ] && echo "$result" | python3 -c "import json,sys; d=json.load(sys.stdin); assert 'git status' in d['hookSpecificOutput']['updatedInput']['command']" 2>/dev/null; then
-    echo "  PASS: strips comment, returns clean command"
-    PASS=$((PASS + 1))
-else
-    echo "  FAIL: comment stripping"
-    FAIL=$((FAIL + 1))
-fi
-result2=$(echo '{"tool_input":{"command":"git status"}}' | bash /tmp/test-comment-strip.sh 2>/dev/null) || true
-if [ -z "$result2" ]; then
-    echo "  PASS: no-comment command passes through unchanged"
-    PASS=$((PASS + 1))
-else
-    echo "  FAIL: should pass through without modification"
-    FAIL=$((FAIL + 1))
-fi
-echo ""
-
-# --- cd-git-allow ---
-echo "cd-git-allow:"
-extract_hook "cd-git-allow"
-local_exit=0
-result=$(echo '{"tool_input":{"command":"cd /tmp && git log"}}' | bash /tmp/test-cd-git-allow.sh 2>/dev/null) || local_exit=$?
-if [ "$local_exit" -eq 0 ] && echo "$result" | grep -q "permissionDecision"; then
-    echo "  PASS: cd+git log auto-approved"
-    PASS=$((PASS + 1))
-else
-    echo "  FAIL: cd+git log should be auto-approved"
-    FAIL=$((FAIL + 1))
-fi
-result2=$(echo '{"tool_input":{"command":"cd /tmp && git push origin main"}}' | bash /tmp/test-cd-git-allow.sh 2>/dev/null) || true
-if ! echo "$result2" | grep -q "permissionDecision" 2>/dev/null; then
-    echo "  PASS: cd+git push NOT auto-approved"
-    PASS=$((PASS + 1))
-else
-    echo "  FAIL: cd+git push should not be auto-approved"
-    FAIL=$((FAIL + 1))
-fi
-test_hook "cd-git-allow" '{"tool_input":{"command":"npm install"}}' 0 "non-cd command passes"
-echo ""
-
-# --- Summary ---
-echo "========================"
-TOTAL=$((PASS + FAIL))
-echo "Results: $PASS/$TOTAL passed"
-if [ "$FAIL" -gt 0 ]; then
-    echo "FAILURES: $FAIL"
-    exit 1
-else
-    echo "All tests passed!"
-fi