cc-safe-setup 1.9.6 → 1.9.7

package/README.md

@@ -153,6 +153,7 @@ Or browse all available examples in [`examples/`](examples/):
 - **git-config-guard.sh** — Block `git config --global` modifications without consent ([#37201](https://github.com/anthropics/claude-code/issues/37201))
 - **deploy-guard.sh** — Block deploy commands when uncommitted changes exist ([#37314](https://github.com/anthropics/claude-code/issues/37314))
 - **network-guard.sh** — Warn on suspicious network commands sending file contents ([#37420](https://github.com/anthropics/claude-code/issues/37420))
+- **test-before-push.sh** — Block `git push` when tests haven't been run ([#36970](https://github.com/anthropics/claude-code/issues/36970))
 
 ## Learn More
 

package/examples/README.md

@@ -17,6 +17,7 @@ Custom hooks beyond the 8 built-in ones. Copy any file to `~/.claude/hooks/` and
 | **edit-guard.sh** | Block Edit/Write to protected files | [#37210](https://github.com/anthropics/claude-code/issues/37210) |
 | **enforce-tests.sh** | Warn when source changes without test changes | |
 | **git-config-guard.sh** | Block git config --global modifications | [#37201](https://github.com/anthropics/claude-code/issues/37201) |
+| **large-file-guard.sh** | Warn when Write creates oversized files (>500KB) | |
 | **network-guard.sh** | Warn on suspicious network commands (data exfiltration) | [#37420](https://github.com/anthropics/claude-code/issues/37420) |
 | **notify-waiting.sh** | Desktop notification when Claude waits for input | |
 | **protect-dotfiles.sh** | Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/ | [#37478](https://github.com/anthropics/claude-code/issues/37478) |

package/examples/large-file-guard.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# large-file-guard.sh — Warn when Write tool creates oversized files
+#
+# Solves: Claude generating multi-MB files that bloat the repo,
+# or accidentally writing binary/base64 data to source files.
+#
+# This is a PostToolUse hook — it checks AFTER the write happens
+# and warns if the file is suspiciously large.
+#
+# Usage: Add to settings.json as a PostToolUse hook
+#
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "Write",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/large-file-guard.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+[[ "$TOOL" != "Write" ]] && exit 0
+[[ -z "$FILE" || ! -f "$FILE" ]] && exit 0
+
+# Check file size (default threshold: 500KB)
+MAX_SIZE=${CC_MAX_FILE_SIZE:-512000}
+FILE_SIZE=$(stat -c %s "$FILE" 2>/dev/null || stat -f %z "$FILE" 2>/dev/null || echo 0)
+
+if (( FILE_SIZE > MAX_SIZE )); then
+    SIZE_KB=$((FILE_SIZE / 1024))
+    echo "" >&2
+    echo "WARNING: Large file written: $FILE (${SIZE_KB}KB)" >&2
+    echo "This may indicate generated binary/base64 data in a source file." >&2
+    echo "Threshold: $((MAX_SIZE / 1024))KB (set CC_MAX_FILE_SIZE to adjust)" >&2
+fi
+
+exit 0

package/index.mjs

@@ -294,6 +294,7 @@ function examples() {
     'deploy-guard.sh': 'Block deploy when uncommitted changes exist',
     'network-guard.sh': 'Warn on suspicious network commands (data exfiltration)',
     'test-before-push.sh': 'Block git push when tests have not passed',
+    'large-file-guard.sh': 'Warn when Write creates files over 500KB',
   };
 
   console.log();

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "1.9.6",
-  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 18 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
+  "version": "1.9.7",
+  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 19 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"