cc-safe-setup 1.9.5 → 1.9.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/examples/README.md +1 -0
- package/examples/test-before-push.sh +55 -0
- package/index.mjs +1 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -152,6 +152,7 @@ Or browse all available examples in [`examples/`](examples/):
|
|
|
152
152
|
- **auto-checkpoint.sh** — Auto-commit after every edit for rollback protection ([#34674](https://github.com/anthropics/claude-code/issues/34674))
|
|
153
153
|
- **git-config-guard.sh** — Block `git config --global` modifications without consent ([#37201](https://github.com/anthropics/claude-code/issues/37201))
|
|
154
154
|
- **deploy-guard.sh** — Block deploy commands when uncommitted changes exist ([#37314](https://github.com/anthropics/claude-code/issues/37314))
|
|
155
|
+
- **network-guard.sh** — Warn on suspicious network commands sending file contents ([#37420](https://github.com/anthropics/claude-code/issues/37420))
|
|
155
156
|
|
|
156
157
|
## Learn More
|
|
157
158
|
|
package/examples/README.md
CHANGED
|
@@ -21,6 +21,7 @@ Custom hooks beyond the 8 built-in ones. Copy any file to `~/.claude/hooks/` and
|
|
|
21
21
|
| **notify-waiting.sh** | Desktop notification when Claude waits for input | |
|
|
22
22
|
| **protect-dotfiles.sh** | Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/ | [#37478](https://github.com/anthropics/claude-code/issues/37478) |
|
|
23
23
|
| **scope-guard.sh** | Block file operations outside project directory | [#36233](https://github.com/anthropics/claude-code/issues/36233) |
|
|
24
|
+
| **test-before-push.sh** | Block git push when tests haven't passed | [#36970](https://github.com/anthropics/claude-code/issues/36970) |
|
|
24
25
|
|
|
25
26
|
## Quick Start
|
|
26
27
|
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# test-before-push.sh — Block git push when tests haven't passed
|
|
3
|
+
#
|
|
4
|
+
# Solves: Claude pushing code that hasn't been tested (#36970)
|
|
5
|
+
#
|
|
6
|
+
# Checks for a test result marker file. If tests haven't been run
|
|
7
|
+
# (or failed), blocks the push.
|
|
8
|
+
#
|
|
9
|
+
# Usage: Add to settings.json as a PreToolUse hook
|
|
10
|
+
#
|
|
11
|
+
# {
|
|
12
|
+
# "hooks": {
|
|
13
|
+
# "PreToolUse": [{
|
|
14
|
+
# "matcher": "Bash",
|
|
15
|
+
# "hooks": [{ "type": "command", "command": "~/.claude/hooks/test-before-push.sh" }]
|
|
16
|
+
# }]
|
|
17
|
+
# }
|
|
18
|
+
# }
|
|
19
|
+
|
|
20
|
+
INPUT=$(cat)
|
|
21
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
22
|
+
|
|
23
|
+
[[ -z "$COMMAND" ]] && exit 0
|
|
24
|
+
|
|
25
|
+
# Only check git push commands
|
|
26
|
+
if ! echo "$COMMAND" | grep -qE '^\s*git\s+push\b'; then
|
|
27
|
+
exit 0
|
|
28
|
+
fi
|
|
29
|
+
|
|
30
|
+
# Skip if no test framework is detected
|
|
31
|
+
HAS_TESTS=0
|
|
32
|
+
[ -f "package.json" ] && grep -q '"test"' package.json 2>/dev/null && HAS_TESTS=1
|
|
33
|
+
[ -f "pytest.ini" ] || [ -f "pyproject.toml" ] && HAS_TESTS=1
|
|
34
|
+
[ -f "Makefile" ] && grep -q "^test:" Makefile 2>/dev/null && HAS_TESTS=1
|
|
35
|
+
|
|
36
|
+
if (( HAS_TESTS == 0 )); then
|
|
37
|
+
exit 0 # No test framework detected, allow push
|
|
38
|
+
fi
|
|
39
|
+
|
|
40
|
+
# Check for test result marker
|
|
41
|
+
MARKER="/tmp/cc-tests-passed-$(pwd | md5sum | cut -c1-8)"
|
|
42
|
+
if [ -f "$MARKER" ]; then
|
|
43
|
+
# Tests passed within the last hour
|
|
44
|
+
MARKER_AGE=$(( $(date +%s) - $(stat -c %Y "$MARKER" 2>/dev/null || echo 0) ))
|
|
45
|
+
if (( MARKER_AGE < 3600 )); then
|
|
46
|
+
exit 0 # Tests passed recently
|
|
47
|
+
fi
|
|
48
|
+
fi
|
|
49
|
+
|
|
50
|
+
echo "BLOCKED: Run tests before pushing." >&2
|
|
51
|
+
echo "Tests haven't been run (or results are stale)." >&2
|
|
52
|
+
echo "" >&2
|
|
53
|
+
echo "Run your test suite, then try pushing again." >&2
|
|
54
|
+
echo "The test runner should create: $MARKER" >&2
|
|
55
|
+
exit 2
|
package/index.mjs
CHANGED
|
@@ -293,6 +293,7 @@ function examples() {
|
|
|
293
293
|
'git-config-guard.sh': 'Block git config --global modifications',
|
|
294
294
|
'deploy-guard.sh': 'Block deploy when uncommitted changes exist',
|
|
295
295
|
'network-guard.sh': 'Warn on suspicious network commands (data exfiltration)',
|
|
296
|
+
'test-before-push.sh': 'Block git push when tests have not passed',
|
|
296
297
|
};
|
|
297
298
|
|
|
298
299
|
console.log();
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "1.9.
|
|
4
|
-
"description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks +
|
|
3
|
+
"version": "1.9.6",
|
|
4
|
+
"description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 18 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|
|
7
7
|
"cc-safe-setup": "index.mjs"
|