cc-safe-setup 1.8.5 → 1.9.1

package/README.md

@@ -128,7 +128,13 @@ Or start with the free hooks: [claude-code-hooks](https://github.com/yurukusa/cl
 
 ## Examples
 
-Need custom hooks beyond the 8 built-in ones? See [`examples/`](examples/) for ready-to-use recipes:
+Need custom hooks beyond the 8 built-in ones? Install any example with one command:
+
+```bash
+npx cc-safe-setup --install-example block-database-wipe
+```
+
+Or browse all available examples in [`examples/`](examples/):
 
 - **auto-approve-git-read.sh** — Auto-approve `git status`, `git log`, even with `-C` flags
 - **auto-approve-ssh.sh** — Auto-approve safe SSH commands (`uptime`, `whoami`, etc.)
@@ -143,6 +149,7 @@ Need custom hooks beyond the 8 built-in ones? See [`examples/`](examples/) for r
 - **allowlist.sh** — Block everything not explicitly approved — inverse permission model ([#37471](https://github.com/anthropics/claude-code/issues/37471))
 - **protect-dotfiles.sh** — Block modifications to `~/.bashrc`, `~/.aws/`, `~/.ssh/` and chezmoi without diff ([#37478](https://github.com/anthropics/claude-code/issues/37478))
 - **scope-guard.sh** — Block file operations outside project directory — absolute paths, home, parent escapes ([#36233](https://github.com/anthropics/claude-code/issues/36233))
+- **auto-checkpoint.sh** — Auto-commit after every edit for rollback protection ([#34674](https://github.com/anthropics/claude-code/issues/34674))
 
 ## Learn More
 

package/examples/README.md

@@ -5,6 +5,7 @@ Custom hooks beyond the 8 built-in ones. Copy any file to `~/.claude/hooks/` and
 | Hook | Purpose | Related Issue |
 |------|---------|---------------|
 | **allowlist.sh** | Block everything not explicitly approved (inverse model) | [#37471](https://github.com/anthropics/claude-code/issues/37471) |
+| **auto-checkpoint.sh** | Auto-commit after edits for rollback protection | [#34674](https://github.com/anthropics/claude-code/issues/34674) |
 | **auto-approve-build.sh** | Auto-approve npm/yarn/cargo/go build, test, lint | |
 | **auto-approve-docker.sh** | Auto-approve docker build, compose, ps, logs | |
 | **auto-approve-git-read.sh** | Auto-approve `git status/log/diff` even with `-C` flags | [#36900](https://github.com/anthropics/claude-code/issues/36900) |
@@ -21,14 +22,16 @@ Custom hooks beyond the 8 built-in ones. Copy any file to `~/.claude/hooks/` and
 ## Quick Start
 
 ```bash
-# 1. Copy example to hooks directory
-cp examples/block-database-wipe.sh ~/.claude/hooks/
+# One command — copies hook, updates settings.json, makes executable
+npx cc-safe-setup --install-example block-database-wipe
+```
 
-# 2. Make executable
-chmod +x ~/.claude/hooks/block-database-wipe.sh
+Or manually:
 
-# 3. Add to settings.json
-# See each file's header comment for the JSON configuration
+```bash
+cp examples/block-database-wipe.sh ~/.claude/hooks/
+chmod +x ~/.claude/hooks/block-database-wipe.sh
+# Add to settings.json — see each file's header for the JSON config
 ```
 
 ## List from CLI

package/examples/auto-checkpoint.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+# auto-checkpoint.sh — Auto-commit after every edit for rollback protection
+#
+# Solves: Context compaction silently reverting uncommitted edits (#34674)
+# Also protects against: session crashes, token expiry, any unexpected death
+#
+# Creates lightweight checkpoint commits after every Edit/Write.
+# If anything goes wrong, you can recover with `git log` and `git cherry-pick`.
+#
+# Usage: Add to settings.json as a PostToolUse hook
+#
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "Edit|Write",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/auto-checkpoint.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+# Only checkpoint after Edit or Write
+[[ "$TOOL" != "Edit" && "$TOOL" != "Write" ]] && exit 0
+
+# Must be in a git repo
+git rev-parse --git-dir &>/dev/null || exit 0
+
+# Only commit if there are actual changes
+DIRTY=$(git status --porcelain 2>/dev/null | head -1)
+[[ -z "$DIRTY" ]] && exit 0
+
+# Create checkpoint commit
+git add -A 2>/dev/null
+git commit -m "checkpoint: auto-save $(date +%H:%M:%S)" --no-verify 2>/dev/null
+
+exit 0

package/index.mjs

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync } from 'fs';
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, copyFileSync } from 'fs';
 import { join, dirname } from 'path';
 import { homedir } from 'os';
 import { createInterface } from 'readline';
@@ -66,6 +66,8 @@ const HELP = process.argv.includes('--help') || process.argv.includes('-h');
 const STATUS = process.argv.includes('--status') || process.argv.includes('-s');
 const VERIFY = process.argv.includes('--verify') || process.argv.includes('-v');
 const EXAMPLES = process.argv.includes('--examples') || process.argv.includes('-e');
+const INSTALL_EXAMPLE_IDX = process.argv.findIndex(a => a === '--install-example');
+const INSTALL_EXAMPLE = INSTALL_EXAMPLE_IDX !== -1 ? process.argv[INSTALL_EXAMPLE_IDX + 1] : null;
 
 if (HELP) {
   console.log(`
@@ -78,6 +80,7 @@ if (HELP) {
     npx cc-safe-setup --dry-run    Preview without installing
     npx cc-safe-setup --uninstall  Remove all installed hooks
     npx cc-safe-setup --examples   List available example hooks
+    npx cc-safe-setup --install-example <name>  Install a specific example hook
     npx cc-safe-setup --help       Show this help
 
   Hooks installed:
@@ -266,6 +269,7 @@ function examples() {
     'allowlist.sh': 'Block everything not in allowlist (inverse permission model)',
     'protect-dotfiles.sh': 'Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/',
     'scope-guard.sh': 'Block file operations outside project directory',
+    'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
   };
 
   console.log();
@@ -286,11 +290,73 @@ function examples() {
   console.log();
 }
 
+async function installExample(name) {
+  const examplesDir = join(__dirname, 'examples');
+  const filename = name.endsWith('.sh') ? name : name + '.sh';
+  const srcPath = join(examplesDir, filename);
+
+  if (!existsSync(srcPath)) {
+    console.log();
+    console.log(c.red + '  Error: example "' + name + '" not found.' + c.reset);
+    console.log(c.dim + '  Run --examples to see available hooks.' + c.reset);
+    console.log();
+    process.exit(1);
+  }
+
+  const destPath = join(HOOKS_DIR, filename);
+  mkdirSync(HOOKS_DIR, { recursive: true });
+  copyFileSync(srcPath, destPath);
+  chmodSync(destPath, 0o755);
+
+  // Parse hook header for matcher and trigger
+  const content = readFileSync(srcPath, 'utf8');
+  let trigger = 'PreToolUse';
+  let matcher = 'Bash';
+
+  // Detect trigger from header comments
+  if (content.includes('PostToolUse')) trigger = 'PostToolUse';
+  if (content.includes('Notification')) trigger = 'Notification';
+  if (content.includes('Stop')) trigger = 'Stop';
+
+  // Detect matcher from header
+  const matcherMatch = content.match(/"matcher":\s*"([^"]*)"/);
+  if (matcherMatch) matcher = matcherMatch[1];
+
+  // Update settings.json
+  let settings = {};
+  if (existsSync(SETTINGS_PATH)) {
+    settings = JSON.parse(readFileSync(SETTINGS_PATH, 'utf8'));
+  }
+  if (!settings.hooks) settings.hooks = {};
+  if (!settings.hooks[trigger]) settings.hooks[trigger] = [];
+
+  const hookEntry = {
+    matcher: matcher,
+    hooks: [{ type: 'command', command: destPath }],
+  };
+
+  // Check if already installed
+  const existing = settings.hooks[trigger].find(h =>
+    h.hooks && h.hooks.some(hh => hh.command && hh.command.includes(filename))
+  );
+  if (!existing) {
+    settings.hooks[trigger].push(hookEntry);
+    writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2) + '\n');
+  }
+
+  console.log();
+  console.log(c.green + '  ✓' + c.reset + ' Installed ' + c.bold + filename + c.reset);
+  console.log(c.dim + '    → ' + destPath + c.reset);
+  console.log(c.dim + '    → settings.json updated (' + trigger + ', matcher: "' + matcher + '")' + c.reset);
+  console.log();
+}
+
 async function main() {
   if (UNINSTALL) return uninstall();
   if (VERIFY) return verify();
   if (STATUS) return status();
   if (EXAMPLES) return examples();
+  if (INSTALL_EXAMPLE) return installExample(INSTALL_EXAMPLE);
 
   console.log();
   console.log(c.bold + '  cc-safe-setup' + c.reset);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "1.8.5",
+  "version": "1.9.1",
   "description": "One command to make Claude Code safe for autonomous operation. 8 hooks: destructive blocker, branch guard, force-push protection, secret leak prevention, syntax checks, and more.",
   "main": "index.mjs",
   "bin": {