cc-safe-setup 1.5.1 → 1.5.3

package/README.md

@@ -82,6 +82,8 @@ Safe to run multiple times. Existing settings are preserved. A backup is created
 
 **Note:** Hooks are skipped when Claude Code runs with `--bare` or `--dangerously-skip-permissions`. These modes bypass all safety hooks by design.
 
+**Known limitation:** In headless mode (`-p` / `--print`), hook exit code 2 may not block tool execution ([#36071](https://github.com/anthropics/claude-code/issues/36071)). For CI pipelines, use interactive mode with hooks rather than `-p` mode.
+
 ## Before / After
 
 Run `npx cc-health-check` to see the difference:
@@ -116,7 +118,7 @@ npx cc-health-check
 
 ## Full Kit
 
-cc-safe-setup gives you 7 essential hooks. For the complete autonomous operation toolkit:
+cc-safe-setup gives you 8 essential hooks. For the complete autonomous operation toolkit:
 
 **[Claude Code Ops Kit](https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=github&utm_medium=readme&utm_campaign=safe-setup)** — 16 hooks + 5 templates + 3 exclusive tools + install.sh. Production-ready in 15 minutes.
 
@@ -124,20 +126,36 @@ Or start with the free hooks: [claude-code-hooks](https://github.com/yurukusa/cl
 
 ## Examples
 
-Need custom hooks beyond the 7 built-in ones? See [`examples/`](examples/) for ready-to-use recipes:
+Need custom hooks beyond the 8 built-in ones? See [`examples/`](examples/) for ready-to-use recipes:
 
 - **auto-approve-git-read.sh** — Auto-approve `git status`, `git log`, even with `-C` flags
 - **auto-approve-ssh.sh** — Auto-approve safe SSH commands (`uptime`, `whoami`, etc.)
 - **enforce-tests.sh** — Warn when source files change without corresponding test files
 - **notify-waiting.sh** — Desktop notification when Claude Code waits for input (macOS/Linux/WSL2)
+- **edit-guard.sh** — Block Edit/Write to protected files (defense-in-depth for [#37210](https://github.com/anthropics/claude-code/issues/37210))
+- **auto-approve-build.sh** — Auto-approve npm/yarn/cargo/go/python build, test, and lint commands
 
 ## Learn More
 
 - [Official Hooks Reference](https://code.claude.com/docs/en/hooks) — Claude Code hooks documentation
-- [Hooks Cookbook](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 8 ready-to-use recipes from real GitHub Issues
+- [Hooks Cookbook](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 9 ready-to-use recipes from real GitHub Issues
 - [Japanese guide (Qiita)](https://qiita.com/yurukusa/items/a9714b33f5d974e8f1e8) — この記事の日本語解説
 - [The incident that inspired this tool](https://github.com/anthropics/claude-code/issues/36339) — NTFS junction rm -rf
 
+## FAQ
+
+**Q: I installed hooks but Claude says "Unknown skill: claude-code-hooks:setup"**
+
+cc-safe-setup installs **hooks**, not skills or plugins. Hooks run automatically in the background — you don't invoke them manually. After install + restart, try running a dangerous command; the hook will block it silently.
+
+**Q: `cc-health-check` says to run `cc-safe-setup` but I already did**
+
+cc-safe-setup covers Safety Guards (75-100%) and Monitoring (context-monitor). The other health check dimensions (Code Quality, Recovery, Coordination) require additional CLAUDE.md configuration or manual hook installation from [claude-code-hooks](https://github.com/yurukusa/claude-code-hooks).
+
+**Q: Will hooks slow down Claude Code?**
+
+No. Each hook runs in ~10ms. They only fire on specific events (before tool use, after edits, on stop). No polling, no background processes.
+
 ## Contributing
 
 Found a false positive? Open an [issue](https://github.com/yurukusa/cc-safe-setup/issues/new?template=false_positive.md). Want a new hook? Open a [feature request](https://github.com/yurukusa/cc-safe-setup/issues/new?template=bug_report.md).

package/examples/auto-approve-build.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# auto-approve-build.sh — Auto-approve build and test commands
+#
+# Solves: Permission prompts for npm/yarn/pnpm build/test/lint commands
+#         that slow down autonomous workflows
+#
+# Usage: Add to settings.json as a PreToolUse hook
+#
+# {
+#   "hooks": {
+#     "PreToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/auto-approve-build.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+[ "$TOOL" != "Bash" ] && exit 0
+
+CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$CMD" ] && exit 0
+
+# Auto-approve safe build/test/lint commands
+if echo "$CMD" | grep -qE '^\s*(npm|yarn|pnpm|bun|npx)\s+(run\s+)?(build|test|lint|check|typecheck|format|dev|start|ci)'; then
+    echo '{"decision":"approve"}'
+    exit 0
+fi
+
+# Auto-approve cargo/go/make build commands
+if echo "$CMD" | grep -qE '^\s*(cargo\s+(build|test|check|clippy|fmt)|go\s+(build|test|vet|fmt)|make\s+(build|test|check|lint))'; then
+    echo '{"decision":"approve"}'
+    exit 0
+fi
+
+# Auto-approve python test/lint
+if echo "$CMD" | grep -qE '^\s*(python|python3)\s+(-m\s+)?(pytest|unittest|mypy|ruff|black|isort|flake8)'; then
+    echo '{"decision":"approve"}'
+    exit 0
+fi
+
+exit 0

package/examples/edit-guard.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# edit-guard.sh — Block Edit/Write to protected files
+#
+# Solves: PreToolUse deny being ignored for Edit/Write tools (#37210)
+# Uses chmod as defense-in-depth — makes file read-only before deny
+#
+# GitHub Issue: #37210
+#
+# Usage: Add to settings.json as a PreToolUse hook
+#
+# {
+#   "hooks": {
+#     "PreToolUse": [{
+#       "matcher": "",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/edit-guard.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+# Only check Edit and Write tools
+if [[ "$TOOL" != "Edit" && "$TOOL" != "Write" ]]; then
+    exit 0
+fi
+
+# Define protected patterns (customize these)
+PROTECTED_PATTERNS=(
+    "*.env*"
+    "*credentials*"
+    "*secrets*"
+    "*.pem"
+    "*.key"
+    "*/.claude/settings.json"
+)
+
+for pattern in "${PROTECTED_PATTERNS[@]}"; do
+    if [[ "$FILE" == $pattern ]]; then
+        # Defense-in-depth: make file read-only
+        chmod 444 "$FILE" 2>/dev/null
+        echo "BLOCKED: Edit/Write denied for protected file: $FILE" >&2
+        exit 2
+    fi
+done
+
+exit 0

package/index.mjs

@@ -203,6 +203,10 @@ async function verify() {
     { hook: 'secret-guard', input: '{"tool_input":{"command":"git add .env"}}', expect: 2, desc: 'blocks git add .env' },
     { hook: 'secret-guard', input: '{"tool_input":{"command":"git add src/app.js"}}', expect: 0, desc: 'allows git add safe files' },
     { hook: 'api-error-alert', input: '{"stop_reason":"user"}', expect: 0, desc: 'ignores normal stops' },
+    { hook: 'destructive-guard', input: '{"tool_input":{"command":"cd /tmp && rm -rf /"}}', expect: 2, desc: 'blocks compound rm -rf' },
+    { hook: 'branch-guard', input: '{"tool_input":{"command":"git push --force origin feature"}}', expect: 2, desc: 'blocks force-push' },
+    { hook: 'destructive-guard', input: '{"tool_input":{"command":"git reset --hard HEAD~5"}}', expect: 2, desc: 'blocks git reset --hard' },
+    { hook: 'destructive-guard', input: '{"tool_input":{"command":"sudo rm -rf /var"}}', expect: 2, desc: 'blocks sudo + destructive' },
   ];
 
   let pass = 0, fail = 0;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "1.5.1",
+  "version": "1.5.3",
   "description": "One command to make Claude Code safe for autonomous operation. 8 hooks: destructive blocker, branch guard, force-push protection, secret leak prevention, syntax checks, and more.",
   "main": "index.mjs",
   "bin": {