cc-safe-setup 1.8.3 → 1.8.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +1 -0
  2. package/examples/README.md +1 -0
  3. package/examples/block-database-wipe.sh +8 -2
  4. package/examples/scope-guard.sh +56 -0
  5. package/index.mjs +1 -0
  6. package/package.json +1 -1
package/README.md CHANGED
@@ -142,6 +142,7 @@ Need custom hooks beyond the 8 built-in ones? See [`examples/`](examples/) for r
142
142
  - **auto-snapshot.sh** — Auto-save file snapshots before edits for rollback protection ([#37386](https://github.com/anthropics/claude-code/issues/37386) [#37457](https://github.com/anthropics/claude-code/issues/37457))
143
143
  - **allowlist.sh** — Block everything not explicitly approved — inverse permission model ([#37471](https://github.com/anthropics/claude-code/issues/37471))
144
144
  - **protect-dotfiles.sh** — Block modifications to `~/.bashrc`, `~/.aws/`, `~/.ssh/` and chezmoi without diff ([#37478](https://github.com/anthropics/claude-code/issues/37478))
145
+ - **scope-guard.sh** — Block file operations outside project directory — absolute paths, home, parent escapes ([#36233](https://github.com/anthropics/claude-code/issues/36233))
145
146
 
146
147
  ## Learn More
147
148
 
package/examples/README.md CHANGED
@@ -16,6 +16,7 @@ Custom hooks beyond the 8 built-in ones. Copy any file to `~/.claude/hooks/` and
16
16
  | **enforce-tests.sh** | Warn when source changes without test changes | |
17
17
  | **notify-waiting.sh** | Desktop notification when Claude waits for input | |
18
18
  | **protect-dotfiles.sh** | Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/ | [#37478](https://github.com/anthropics/claude-code/issues/37478) |
19
+ | **scope-guard.sh** | Block file operations outside project directory | [#36233](https://github.com/anthropics/claude-code/issues/36233) |
19
20
 
20
21
  ## Quick Start
21
22
 
package/examples/block-database-wipe.sh CHANGED
@@ -6,10 +6,10 @@
6
6
  # - Django: flush, sqlflush
7
7
  # - Rails: db:drop, db:reset
8
8
  # - Raw SQL: DROP DATABASE, TRUNCATE
9
+ # - Prisma: migrate reset, db push --force-reset
9
10
  # - PostgreSQL: dropdb
10
11
  #
11
- # Born from GitHub Issue #37405 (SQLite database wiped)
12
- # and #37439 (Laravel migrate:fresh on production DB)
12
+ # Born from GitHub Issues #37405, #37439, #34729
13
13
  #
14
14
  # Usage: Add to settings.json as a PreToolUse hook
15
15
  #
@@ -61,6 +61,12 @@ if echo "$COMMAND" | grep -qiE 'DROP\s+(DATABASE|TABLE|SCHEMA)|TRUNCATE\s+TABLE|
61
61
  exit 2
62
62
  fi
63
63
 
64
+ # Prisma destructive commands
65
+ if echo "$COMMAND" | grep -qiE 'prisma\s+migrate\s+reset|prisma\s+db\s+push\s+--force-reset'; then
66
+ echo "BLOCKED: Destructive Prisma database command" >&2
67
+ exit 2
68
+ fi
69
+
64
70
  # PostgreSQL CLI
65
71
  if echo "$COMMAND" | grep -qE '^\s*dropdb\s'; then
66
72
  echo "BLOCKED: dropdb command" >&2
package/examples/scope-guard.sh ADDED
@@ -0,0 +1,56 @@
1
+ #!/bin/bash
2
+ # scope-guard.sh — Block file operations outside the project directory
3
+ #
4
+ # Solves: Claude Code deleting files on Desktop, in ~/Applications,
5
+ # or anywhere outside the working directory (#36233, #36339)
6
+ #
7
+ # Usage: Add to settings.json as a PreToolUse hook
8
+ #
9
+ # {
10
+ # "hooks": {
11
+ # "PreToolUse": [{
12
+ # "matcher": "Bash",
13
+ # "hooks": [{ "type": "command", "command": "~/.claude/hooks/scope-guard.sh" }]
14
+ # }]
15
+ # }
16
+ # }
17
+
18
+ INPUT=$(cat)
19
+ TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
20
+ CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
21
+
22
+ [[ "$TOOL" != "Bash" ]] && exit 0
23
+ [[ -z "$CMD" ]] && exit 0
24
+
25
+ # Skip string output commands
26
+ if echo "$CMD" | grep -qE '^\s*(echo|printf|cat\s*<<)'; then
27
+ exit 0
28
+ fi
29
+
30
+ # Check for destructive commands with paths outside project
31
+ if echo "$CMD" | grep -qE '\brm\b.*(-[a-zA-Z]*[rf]|--(recursive|force))'; then
32
+ # Block absolute paths
33
+ if echo "$CMD" | grep -qE '\brm\b[^|;]*\s+/[a-zA-Z]'; then
34
+ echo "BLOCKED: rm with absolute path" >&2
35
+ echo "Command: $CMD" >&2
36
+ exit 2
37
+ fi
38
+ # Block home directory paths
39
+ if echo "$CMD" | grep -qE '\brm\b[^|;]*\s+~/'; then
40
+ echo "BLOCKED: rm targeting home directory" >&2
41
+ exit 2
42
+ fi
43
+ # Block parent directory escapes
44
+ if echo "$CMD" | grep -qE '\brm\b[^|;]*\s+\.\./'; then
45
+ echo "BLOCKED: rm escaping project directory" >&2
46
+ exit 2
47
+ fi
48
+ fi
49
+
50
+ # Block targeting well-known user/system directories
51
+ if echo "$CMD" | grep -qiE '\b(rm|del|Remove-Item)\b.*(Desktop|Applications|Documents|Downloads|Library|Keychain|\.aws|\.ssh)'; then
52
+ echo "BLOCKED: targeting system/user directory" >&2
53
+ exit 2
54
+ fi
55
+
56
+ exit 0
package/index.mjs CHANGED
@@ -265,6 +265,7 @@ function examples() {
265
265
  'auto-snapshot.sh': 'Auto-save file snapshots before edits (rollback protection)',
266
266
  'allowlist.sh': 'Block everything not in allowlist (inverse permission model)',
267
267
  'protect-dotfiles.sh': 'Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/',
268
+ 'scope-guard.sh': 'Block file operations outside project directory',
268
269
  };
269
270
 
270
271
  console.log();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cc-safe-setup",
3
- "version": "1.8.3",
3
+ "version": "1.8.5",
4
4
  "description": "One command to make Claude Code safe for autonomous operation. 8 hooks: destructive blocker, branch guard, force-push protection, secret leak prevention, syntax checks, and more.",
5
5
  "main": "index.mjs",
6
6
  "bin": {