cc-safe-setup 1.9.7 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +1 -0
  2. package/index.mjs +38 -26
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -154,6 +154,7 @@ Or browse all available examples in [`examples/`](examples/):
154
154
  - **deploy-guard.sh** — Block deploy commands when uncommitted changes exist ([#37314](https://github.com/anthropics/claude-code/issues/37314))
155
155
  - **network-guard.sh** — Warn on suspicious network commands sending file contents ([#37420](https://github.com/anthropics/claude-code/issues/37420))
156
156
  - **test-before-push.sh** — Block `git push` when tests haven't been run ([#36970](https://github.com/anthropics/claude-code/issues/36970))
157
+ - **large-file-guard.sh** — Warn when Write tool creates files over 500KB
157
158
 
158
159
  ## Learn More
159
160
 
package/index.mjs CHANGED
@@ -275,38 +275,50 @@ async function verify() {
275
275
 
276
276
  function examples() {
277
277
  const examplesDir = join(__dirname, 'examples');
278
- const EXAMPLE_DESCRIPTIONS = {
279
- 'auto-approve-build.sh': 'Auto-approve npm/yarn/cargo/go build, test, lint commands',
280
- 'auto-approve-docker.sh': 'Auto-approve docker build, compose, ps, logs commands',
281
- 'auto-approve-git-read.sh': 'Auto-approve git status/log/diff even with -C flags',
282
- 'auto-approve-ssh.sh': 'Auto-approve safe SSH commands (uptime, whoami, etc.)',
283
- 'block-database-wipe.sh': 'Block destructive DB commands (migrate:fresh, DROP DATABASE)',
284
- 'edit-guard.sh': 'Block Edit/Write to protected files (.env, credentials)',
285
- 'enforce-tests.sh': 'Warn when source files change without test files',
286
- 'notify-waiting.sh': 'Desktop notification when Claude waits for input',
287
- 'auto-approve-python.sh': 'Auto-approve pytest, mypy, ruff, black, isort commands',
288
- 'auto-snapshot.sh': 'Auto-save file snapshots before edits (rollback protection)',
289
- 'allowlist.sh': 'Block everything not in allowlist (inverse permission model)',
290
- 'protect-dotfiles.sh': 'Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/',
291
- 'scope-guard.sh': 'Block file operations outside project directory',
292
- 'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
293
- 'git-config-guard.sh': 'Block git config --global modifications',
294
- 'deploy-guard.sh': 'Block deploy when uncommitted changes exist',
295
- 'network-guard.sh': 'Warn on suspicious network commands (data exfiltration)',
296
- 'test-before-push.sh': 'Block git push when tests have not passed',
297
- 'large-file-guard.sh': 'Warn when Write creates files over 500KB',
278
+ const CATEGORIES = {
279
+ 'Safety Guards': {
280
+ 'allowlist.sh': 'Block everything not in allowlist (inverse permission model)',
281
+ 'block-database-wipe.sh': 'Block destructive DB commands (migrate:fresh, DROP DATABASE, Prisma)',
282
+ 'deploy-guard.sh': 'Block deploy when uncommitted changes exist',
283
+ 'network-guard.sh': 'Warn on suspicious network commands (data exfiltration)',
284
+ 'protect-dotfiles.sh': 'Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/',
285
+ 'scope-guard.sh': 'Block file operations outside project directory',
286
+ 'test-before-push.sh': 'Block git push when tests have not passed',
287
+ 'git-config-guard.sh': 'Block git config --global modifications',
288
+ },
289
+ 'Auto-Approve': {
290
+ 'auto-approve-build.sh': 'Auto-approve npm/yarn/cargo/go build, test, lint',
291
+ 'auto-approve-docker.sh': 'Auto-approve docker build, compose, ps, logs',
292
+ 'auto-approve-git-read.sh': 'Auto-approve git status/log/diff even with -C flags',
293
+ 'auto-approve-python.sh': 'Auto-approve pytest, mypy, ruff, black, isort',
294
+ 'auto-approve-ssh.sh': 'Auto-approve safe SSH commands (uptime, whoami)',
295
+ },
296
+ 'Quality': {
297
+ 'edit-guard.sh': 'Block Edit/Write to protected files (.env, credentials)',
298
+ 'enforce-tests.sh': 'Warn when source files change without test files',
299
+ 'large-file-guard.sh': 'Warn when Write creates files over 500KB',
300
+ },
301
+ 'Recovery': {
302
+ 'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
303
+ 'auto-snapshot.sh': 'Auto-save file snapshots before edits (rollback protection)',
304
+ },
305
+ 'UX': {
306
+ 'notify-waiting.sh': 'Desktop notification when Claude waits for input',
307
+ },
298
308
  };
299
309
 
300
310
  console.log();
301
311
  console.log(c.bold + ' cc-safe-setup --examples' + c.reset);
302
- console.log(c.dim + ' Custom hooks beyond the 8 built-in ones' + c.reset);
312
+ console.log(c.dim + ' 19 hooks beyond the 8 built-in ones' + c.reset);
303
313
  console.log();
304
314
 
305
- for (const [file, desc] of Object.entries(EXAMPLE_DESCRIPTIONS)) {
306
- const fullPath = join(examplesDir, file);
307
- const exists = existsSync(fullPath);
308
- console.log(' ' + c.green + '*' + c.reset + ' ' + c.bold + file + c.reset);
309
- console.log(' ' + c.dim + desc + c.reset);
315
+ for (const [cat, hooks] of Object.entries(CATEGORIES)) {
316
+ console.log(' ' + c.bold + c.blue + cat + c.reset);
317
+ for (const [file, desc] of Object.entries(hooks)) {
318
+ console.log(' ' + c.green + '*' + c.reset + ' ' + c.bold + file + c.reset);
319
+ console.log(' ' + c.dim + desc + c.reset);
320
+ }
321
+ console.log();
310
322
  }
311
323
 
312
324
  console.log();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cc-safe-setup",
3
- "version": "1.9.7",
3
+ "version": "2.0.0",
4
4
  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 19 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
5
5
  "main": "index.mjs",
6
6
  "bin": {