cc-safe-setup 1.9.7 → 2.0.1

package/README.md

@@ -154,6 +154,7 @@ Or browse all available examples in [`examples/`](examples/):
 - **deploy-guard.sh** — Block deploy commands when uncommitted changes exist ([#37314](https://github.com/anthropics/claude-code/issues/37314))
 - **network-guard.sh** — Warn on suspicious network commands sending file contents ([#37420](https://github.com/anthropics/claude-code/issues/37420))
 - **test-before-push.sh** — Block `git push` when tests haven't been run ([#36970](https://github.com/anthropics/claude-code/issues/36970))
+- **large-file-guard.sh** — Warn when Write tool creates files over 500KB
 
 ## Learn More
 

package/examples/README.md

@@ -1,46 +1,58 @@
 # Example Hooks
 
-Custom hooks beyond the 8 built-in ones. Copy any file to `~/.claude/hooks/` and add to `settings.json`.
-
-| Hook | Purpose | Related Issue |
-|------|---------|---------------|
-| **allowlist.sh** | Block everything not explicitly approved (inverse model) | [#37471](https://github.com/anthropics/claude-code/issues/37471) |
-| **auto-checkpoint.sh** | Auto-commit after edits for rollback protection | [#34674](https://github.com/anthropics/claude-code/issues/34674) |
-| **auto-approve-build.sh** | Auto-approve npm/yarn/cargo/go build, test, lint | |
-| **auto-approve-docker.sh** | Auto-approve docker build, compose, ps, logs | |
-| **auto-approve-git-read.sh** | Auto-approve `git status/log/diff` even with `-C` flags | [#36900](https://github.com/anthropics/claude-code/issues/36900) |
-| **auto-approve-python.sh** | Auto-approve pytest, mypy, ruff, black, isort | |
-| **auto-approve-ssh.sh** | Auto-approve safe SSH commands (uptime, whoami) | |
-| **auto-snapshot.sh** | Save file snapshots before edits (rollback protection) | [#37386](https://github.com/anthropics/claude-code/issues/37386) |
-| **block-database-wipe.sh** | Block destructive DB commands (Laravel, Django, Rails) | [#37405](https://github.com/anthropics/claude-code/issues/37405) |
-| **deploy-guard.sh** | Block deploy when uncommitted changes exist | [#37314](https://github.com/anthropics/claude-code/issues/37314) |
-| **edit-guard.sh** | Block Edit/Write to protected files | [#37210](https://github.com/anthropics/claude-code/issues/37210) |
-| **enforce-tests.sh** | Warn when source changes without test changes | |
-| **git-config-guard.sh** | Block git config --global modifications | [#37201](https://github.com/anthropics/claude-code/issues/37201) |
-| **large-file-guard.sh** | Warn when Write creates oversized files (>500KB) | |
-| **network-guard.sh** | Warn on suspicious network commands (data exfiltration) | [#37420](https://github.com/anthropics/claude-code/issues/37420) |
-| **notify-waiting.sh** | Desktop notification when Claude waits for input | |
-| **protect-dotfiles.sh** | Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/ | [#37478](https://github.com/anthropics/claude-code/issues/37478) |
-| **scope-guard.sh** | Block file operations outside project directory | [#36233](https://github.com/anthropics/claude-code/issues/36233) |
-| **test-before-push.sh** | Block git push when tests haven't passed | [#36970](https://github.com/anthropics/claude-code/issues/36970) |
+19 hooks beyond the 8 built-in ones, organized by category.
 
 ## Quick Start
 
 ```bash
 # One command — copies hook, updates settings.json, makes executable
 npx cc-safe-setup --install-example block-database-wipe
+
+# Browse all examples with categories
+npx cc-safe-setup --examples
 ```
 
-Or manually:
+## Safety Guards
+
+| Hook | Purpose | Issue |
+|------|---------|-------|
+| **allowlist.sh** | Block everything not explicitly approved | [#37471](https://github.com/anthropics/claude-code/issues/37471) |
+| **block-database-wipe.sh** | Block migrate:fresh, DROP DATABASE, Prisma reset | [#37405](https://github.com/anthropics/claude-code/issues/37405) |
+| **deploy-guard.sh** | Block deploy with uncommitted changes | [#37314](https://github.com/anthropics/claude-code/issues/37314) |
+| **git-config-guard.sh** | Block git config --global | [#37201](https://github.com/anthropics/claude-code/issues/37201) |
+| **network-guard.sh** | Warn on suspicious network commands | [#37420](https://github.com/anthropics/claude-code/issues/37420) |
+| **protect-dotfiles.sh** | Block changes to ~/.bashrc, ~/.aws/, ~/.ssh/ | [#37478](https://github.com/anthropics/claude-code/issues/37478) |
+| **scope-guard.sh** | Block operations outside project directory | [#36233](https://github.com/anthropics/claude-code/issues/36233) |
+| **test-before-push.sh** | Block git push without tests | [#36970](https://github.com/anthropics/claude-code/issues/36970) |
+
+## Auto-Approve
+
+| Hook | Purpose | Issue |
+|------|---------|-------|
+| **auto-approve-build.sh** | npm/yarn/cargo/go build, test, lint | |
+| **auto-approve-docker.sh** | docker build, compose, ps, logs | |
+| **auto-approve-git-read.sh** | git status/log/diff with -C flags | [#36900](https://github.com/anthropics/claude-code/issues/36900) |
+| **auto-approve-python.sh** | pytest, mypy, ruff, black, isort | |
+| **auto-approve-ssh.sh** | Safe SSH commands (uptime, whoami) | |
+
+## Quality
+
+| Hook | Purpose | Issue |
+|------|---------|-------|
+| **commit-message-check.sh** | Warn on non-conventional commit messages | |
+| **edit-guard.sh** | Block Edit/Write to protected files | [#37210](https://github.com/anthropics/claude-code/issues/37210) |
+| **enforce-tests.sh** | Warn when source changes without tests | |
+| **large-file-guard.sh** | Warn when Write creates files >500KB | |
 
-```bash
-cp examples/block-database-wipe.sh ~/.claude/hooks/
-chmod +x ~/.claude/hooks/block-database-wipe.sh
-# Add to settings.json — see each file's header for the JSON config
-```
+## Recovery
 
-## List from CLI
+| Hook | Purpose | Issue |
+|------|---------|-------|
+| **auto-checkpoint.sh** | Auto-commit after edits (compaction protection) | [#34674](https://github.com/anthropics/claude-code/issues/34674) |
+| **auto-snapshot.sh** | Save file copies before edits | [#37386](https://github.com/anthropics/claude-code/issues/37386) |
 
-```bash
-npx cc-safe-setup --examples
-```
+## UX
+
+| Hook | Purpose | Issue |
+|------|---------|-------|
+| **notify-waiting.sh** | Desktop notification when Claude waits | |

package/examples/commit-message-check.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# commit-message-check.sh — Warn when commit messages don't follow conventions
+#
+# Checks for conventional commits format (feat:, fix:, docs:, etc.)
+# and minimum message length.
+#
+# This is a PostToolUse hook — it checks AFTER git commit runs
+# and warns if the message doesn't follow conventions.
+#
+# Usage: Add to settings.json as a PostToolUse hook
+#
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/commit-message-check.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[[ -z "$COMMAND" ]] && exit 0
+
+# Only check after git commit
+if ! echo "$COMMAND" | grep -qE '^\s*git\s+commit\b'; then
+    exit 0
+fi
+
+# Must be in a git repo
+git rev-parse --git-dir &>/dev/null || exit 0
+
+# Get the last commit message
+MSG=$(git log -1 --pretty=%s 2>/dev/null)
+[[ -z "$MSG" ]] && exit 0
+
+# Check conventional commit format
+if ! echo "$MSG" | grep -qE '^(feat|fix|docs|style|refactor|test|chore|perf|ci|build|revert)(\(.+\))?(!)?:'; then
+    echo "" >&2
+    echo "NOTE: Commit message doesn't follow conventional commits format." >&2
+    echo "Expected: feat|fix|docs|chore|...: description" >&2
+    echo "Got: $MSG" >&2
+fi
+
+# Check minimum length
+if (( ${#MSG} < 10 )); then
+    echo "" >&2
+    echo "NOTE: Commit message is very short (${#MSG} chars)." >&2
+    echo "Consider adding more context." >&2
+fi
+
+exit 0

package/index.mjs

@@ -79,8 +79,8 @@ if (HELP) {
     npx cc-safe-setup --verify     Test each hook with sample inputs
     npx cc-safe-setup --dry-run    Preview without installing
     npx cc-safe-setup --uninstall  Remove all installed hooks
-    npx cc-safe-setup --examples   List available example hooks
-    npx cc-safe-setup --install-example <name>  Install a specific example hook
+    npx cc-safe-setup --examples   List 19 example hooks (5 categories)
+    npx cc-safe-setup --install-example <name>  Install a specific example
     npx cc-safe-setup --help       Show this help
 
   Hooks installed:
@@ -185,7 +185,8 @@ function status() {
     'auto-approve-git-read.sh', 'auto-approve-python.sh', 'auto-approve-ssh.sh',
     'auto-checkpoint.sh', 'auto-snapshot.sh', 'block-database-wipe.sh',
     'deploy-guard.sh', 'edit-guard.sh', 'enforce-tests.sh', 'git-config-guard.sh',
-    'notify-waiting.sh', 'protect-dotfiles.sh', 'scope-guard.sh',
+    'large-file-guard.sh', 'network-guard.sh', 'notify-waiting.sh',
+    'protect-dotfiles.sh', 'scope-guard.sh', 'test-before-push.sh',
   ];
   const installedExamples = exampleFiles.filter(f => existsSync(join(HOOKS_DIR, f)));
   if (installedExamples.length > 0) {
@@ -275,38 +276,51 @@ async function verify() {
 
 function examples() {
   const examplesDir = join(__dirname, 'examples');
-  const EXAMPLE_DESCRIPTIONS = {
-    'auto-approve-build.sh': 'Auto-approve npm/yarn/cargo/go build, test, lint commands',
-    'auto-approve-docker.sh': 'Auto-approve docker build, compose, ps, logs commands',
-    'auto-approve-git-read.sh': 'Auto-approve git status/log/diff even with -C flags',
-    'auto-approve-ssh.sh': 'Auto-approve safe SSH commands (uptime, whoami, etc.)',
-    'block-database-wipe.sh': 'Block destructive DB commands (migrate:fresh, DROP DATABASE)',
-    'edit-guard.sh': 'Block Edit/Write to protected files (.env, credentials)',
-    'enforce-tests.sh': 'Warn when source files change without test files',
-    'notify-waiting.sh': 'Desktop notification when Claude waits for input',
-    'auto-approve-python.sh': 'Auto-approve pytest, mypy, ruff, black, isort commands',
-    'auto-snapshot.sh': 'Auto-save file snapshots before edits (rollback protection)',
-    'allowlist.sh': 'Block everything not in allowlist (inverse permission model)',
-    'protect-dotfiles.sh': 'Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/',
-    'scope-guard.sh': 'Block file operations outside project directory',
-    'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
-    'git-config-guard.sh': 'Block git config --global modifications',
-    'deploy-guard.sh': 'Block deploy when uncommitted changes exist',
-    'network-guard.sh': 'Warn on suspicious network commands (data exfiltration)',
-    'test-before-push.sh': 'Block git push when tests have not passed',
-    'large-file-guard.sh': 'Warn when Write creates files over 500KB',
+  const CATEGORIES = {
+    'Safety Guards': {
+      'allowlist.sh': 'Block everything not in allowlist (inverse permission model)',
+      'block-database-wipe.sh': 'Block destructive DB commands (migrate:fresh, DROP DATABASE, Prisma)',
+      'deploy-guard.sh': 'Block deploy when uncommitted changes exist',
+      'network-guard.sh': 'Warn on suspicious network commands (data exfiltration)',
+      'protect-dotfiles.sh': 'Block modifications to ~/.bashrc, ~/.aws/, ~/.ssh/',
+      'scope-guard.sh': 'Block file operations outside project directory',
+      'test-before-push.sh': 'Block git push when tests have not passed',
+      'git-config-guard.sh': 'Block git config --global modifications',
+    },
+    'Auto-Approve': {
+      'auto-approve-build.sh': 'Auto-approve npm/yarn/cargo/go build, test, lint',
+      'auto-approve-docker.sh': 'Auto-approve docker build, compose, ps, logs',
+      'auto-approve-git-read.sh': 'Auto-approve git status/log/diff even with -C flags',
+      'auto-approve-python.sh': 'Auto-approve pytest, mypy, ruff, black, isort',
+      'auto-approve-ssh.sh': 'Auto-approve safe SSH commands (uptime, whoami)',
+    },
+    'Quality': {
+      'commit-message-check.sh': 'Warn on non-conventional commit messages',
+      'edit-guard.sh': 'Block Edit/Write to protected files (.env, credentials)',
+      'enforce-tests.sh': 'Warn when source files change without test files',
+      'large-file-guard.sh': 'Warn when Write creates files over 500KB',
+    },
+    'Recovery': {
+      'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
+      'auto-snapshot.sh': 'Auto-save file snapshots before edits (rollback protection)',
+    },
+    'UX': {
+      'notify-waiting.sh': 'Desktop notification when Claude waits for input',
+    },
   };
 
   console.log();
   console.log(c.bold + '  cc-safe-setup --examples' + c.reset);
-  console.log(c.dim + '  Custom hooks beyond the 8 built-in ones' + c.reset);
+  console.log(c.dim + '  19 hooks beyond the 8 built-in ones' + c.reset);
   console.log();
 
-  for (const [file, desc] of Object.entries(EXAMPLE_DESCRIPTIONS)) {
-    const fullPath = join(examplesDir, file);
-    const exists = existsSync(fullPath);
-    console.log('  ' + c.green + '*' + c.reset + ' ' + c.bold + file + c.reset);
-    console.log('    ' + c.dim + desc + c.reset);
+  for (const [cat, hooks] of Object.entries(CATEGORIES)) {
+    console.log('  ' + c.bold + c.blue + cat + c.reset);
+    for (const [file, desc] of Object.entries(hooks)) {
+      console.log('  ' + c.green + '*' + c.reset + ' ' + c.bold + file + c.reset);
+      console.log('    ' + c.dim + desc + c.reset);
+    }
+    console.log();
   }
 
   console.log();

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "1.9.7",
-  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 19 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
+  "version": "2.0.1",
+  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 20 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"