cc-safe-setup 1.9.4 → 1.9.6

package/README.md

@@ -151,11 +151,13 @@ Or browse all available examples in [`examples/`](examples/):
 - **scope-guard.sh** — Block file operations outside project directory — absolute paths, home, parent escapes ([#36233](https://github.com/anthropics/claude-code/issues/36233))
 - **auto-checkpoint.sh** — Auto-commit after every edit for rollback protection ([#34674](https://github.com/anthropics/claude-code/issues/34674))
 - **git-config-guard.sh** — Block `git config --global` modifications without consent ([#37201](https://github.com/anthropics/claude-code/issues/37201))
+- **deploy-guard.sh** — Block deploy commands when uncommitted changes exist ([#37314](https://github.com/anthropics/claude-code/issues/37314))
+- **network-guard.sh** — Warn on suspicious network commands sending file contents ([#37420](https://github.com/anthropics/claude-code/issues/37420))
 
 ## Learn More
 
 - [Official Hooks Reference](https://code.claude.com/docs/en/hooks) — Claude Code hooks documentation
-- [Hooks Cookbook](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 15 ready-to-use recipes from real GitHub Issues
+- [Hooks Cookbook](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 16 ready-to-use recipes from real GitHub Issues
 - [Japanese guide (Qiita)](https://qiita.com/yurukusa/items/a9714b33f5d974e8f1e8) — この記事の日本語解説
 - [The incident that inspired this tool](https://github.com/anthropics/claude-code/issues/36339) — NTFS junction rm -rf
 

package/examples/README.md

@@ -17,9 +17,11 @@ Custom hooks beyond the 8 built-in ones. Copy any file to `~/.claude/hooks/` and
 | **edit-guard.sh** | Block Edit/Write to protected files | [#37210](https://github.com/anthropics/claude-code/issues/37210) |
 | **enforce-tests.sh** | Warn when source changes without test changes | |
 | **git-config-guard.sh** | Block git config --global modifications | [#37201](https://github.com/anthropics/claude-code/issues/37201) |
+| **network-guard.sh** | Warn on suspicious network commands (data exfiltration) | [#37420](https://github.com/anthropics/claude-code/issues/37420) |
 | **notify-waiting.sh** | Desktop notification when Claude waits for input | |
 | **protect-dotfiles.sh** | Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/ | [#37478](https://github.com/anthropics/claude-code/issues/37478) |
 | **scope-guard.sh** | Block file operations outside project directory | [#36233](https://github.com/anthropics/claude-code/issues/36233) |
+| **test-before-push.sh** | Block git push when tests haven't passed | [#36970](https://github.com/anthropics/claude-code/issues/36970) |
 
 ## Quick Start
 

package/examples/network-guard.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# network-guard.sh — Warn on network commands that send file contents
+#
+# Solves: Prompt injection causing data exfiltration via curl/wget (#37420)
+# This is a warning hook (exit 0), not a blocker (exit 2),
+# because legitimate commands like gh pr create also match.
+#
+# Usage: Add to settings.json as a PreToolUse hook
+#
+# {
+#   "hooks": {
+#     "PreToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/network-guard.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[[ -z "$COMMAND" ]] && exit 0
+
+# Skip safe network commands
+if echo "$COMMAND" | grep -qE '^\s*(gh\s|git\s|npm\s|pip\s|curl\s+-s\s+https://api\.|wget\s+-q)'; then
+    exit 0
+fi
+
+# Warn on commands that POST file contents to external URLs
+if echo "$COMMAND" | grep -qE 'curl\s.*(-d\s+@|-F\s+file=|--data-binary\s+@|--upload-file)'; then
+    echo "" >&2
+    echo "⚠ SECURITY: curl sending file contents to external URL" >&2
+    echo "Command: $COMMAND" >&2
+    echo "$(date -Iseconds) NETWORK-WARN: $COMMAND" >> "${HOME}/.claude/security-audit.log" 2>/dev/null
+fi
+
+# Warn on wget/curl POST to non-standard domains
+if echo "$COMMAND" | grep -qE 'curl\s.*-X\s*POST' && ! echo "$COMMAND" | grep -qE '(github\.com|api\.anthropic|localhost|127\.0\.0\.1)'; then
+    echo "" >&2
+    echo "⚠ SECURITY: POST request to external domain" >&2
+    echo "Command: $COMMAND" >&2
+    echo "$(date -Iseconds) NETWORK-WARN: $COMMAND" >> "${HOME}/.claude/security-audit.log" 2>/dev/null
+fi
+
+# Warn on piping sensitive files to network commands
+if echo "$COMMAND" | grep -qE '(cat|base64)\s+.*(\.env|credentials|\.pem|\.key|id_rsa).*\|.*(curl|wget|nc|ncat)'; then
+    echo "" >&2
+    echo "⚠ SECURITY: Sensitive file piped to network command" >&2
+    echo "Command: $COMMAND" >&2
+    echo "$(date -Iseconds) NETWORK-WARN: $COMMAND" >> "${HOME}/.claude/security-audit.log" 2>/dev/null
+fi
+
+exit 0

package/examples/test-before-push.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+# test-before-push.sh — Block git push when tests haven't passed
+#
+# Solves: Claude pushing code that hasn't been tested (#36970)
+#
+# Checks for a test result marker file. If tests haven't been run
+# (or failed), blocks the push.
+#
+# Usage: Add to settings.json as a PreToolUse hook
+#
+# {
+#   "hooks": {
+#     "PreToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/test-before-push.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[[ -z "$COMMAND" ]] && exit 0
+
+# Only check git push commands
+if ! echo "$COMMAND" | grep -qE '^\s*git\s+push\b'; then
+    exit 0
+fi
+
+# Skip if no test framework is detected
+HAS_TESTS=0
+[ -f "package.json" ] && grep -q '"test"' package.json 2>/dev/null && HAS_TESTS=1
+[ -f "pytest.ini" ] || [ -f "pyproject.toml" ] && HAS_TESTS=1
+[ -f "Makefile" ] && grep -q "^test:" Makefile 2>/dev/null && HAS_TESTS=1
+
+if (( HAS_TESTS == 0 )); then
+    exit 0  # No test framework detected, allow push
+fi
+
+# Check for test result marker
+MARKER="/tmp/cc-tests-passed-$(pwd | md5sum | cut -c1-8)"
+if [ -f "$MARKER" ]; then
+    # Tests passed within the last hour
+    MARKER_AGE=$(( $(date +%s) - $(stat -c %Y "$MARKER" 2>/dev/null || echo 0) ))
+    if (( MARKER_AGE < 3600 )); then
+        exit 0  # Tests passed recently
+    fi
+fi
+
+echo "BLOCKED: Run tests before pushing." >&2
+echo "Tests haven't been run (or results are stale)." >&2
+echo "" >&2
+echo "Run your test suite, then try pushing again." >&2
+echo "The test runner should create: $MARKER" >&2
+exit 2

package/index.mjs

@@ -292,6 +292,8 @@ function examples() {
     'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
     'git-config-guard.sh': 'Block git config --global modifications',
     'deploy-guard.sh': 'Block deploy when uncommitted changes exist',
+    'network-guard.sh': 'Warn on suspicious network commands (data exfiltration)',
+    'test-before-push.sh': 'Block git push when tests have not passed',
   };
 
   console.log();

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "1.9.4",
-  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 16 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
+  "version": "1.9.6",
+  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 18 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"