cc-safe-setup 10.7.0 → 10.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.mjs +65 -0
- package/package.json +1 -1
package/index.mjs
CHANGED
|
@@ -365,6 +365,21 @@ function examples() {
|
|
|
365
365
|
'git-config-guard.sh': 'Block git config --global modifications',
|
|
366
366
|
'case-sensitive-guard.sh': 'Detect case-insensitive FS collisions (exFAT/NTFS/HFS+)',
|
|
367
367
|
'compound-command-approver.sh': 'Auto-approve safe compound commands (cd && git log)',
|
|
368
|
+
'uncommitted-work-guard.sh': 'Block destructive git with uncommitted changes',
|
|
369
|
+
'no-deploy-friday.sh': 'Block deploys on Fridays',
|
|
370
|
+
'work-hours-guard.sh': 'Restrict risky operations outside business hours',
|
|
371
|
+
'symlink-guard.sh': 'Detect symlink/junction traversal in rm targets',
|
|
372
|
+
'env-source-guard.sh': 'Block sourcing .env files into shell',
|
|
373
|
+
'strict-allowlist.sh': 'Only allow explicitly permitted commands',
|
|
374
|
+
'overwrite-guard.sh': 'Warn before overwriting existing files',
|
|
375
|
+
'memory-write-guard.sh': 'Log writes to ~/.claude/ directory',
|
|
376
|
+
'worktree-guard.sh': 'Warn on destructive git in worktrees',
|
|
377
|
+
'no-curl-upload.sh': 'Warn on curl POST/upload commands',
|
|
378
|
+
'no-port-bind.sh': 'Warn on network port binding',
|
|
379
|
+
'docker-prune-guard.sh': 'Warn before docker system prune',
|
|
380
|
+
'pip-venv-guard.sh': 'Warn on pip install outside venv',
|
|
381
|
+
'no-git-amend-push.sh': 'Warn on amending pushed commits',
|
|
382
|
+
'typosquat-guard.sh': 'Detect npm/pip typosquatting attacks',
|
|
368
383
|
},
|
|
369
384
|
'Auto-Approve': {
|
|
370
385
|
'auto-approve-build.sh': 'Auto-approve npm/yarn/cargo/go build, test, lint',
|
|
@@ -372,6 +387,12 @@ function examples() {
|
|
|
372
387
|
'auto-approve-git-read.sh': 'Auto-approve git status/log/diff even with -C flags',
|
|
373
388
|
'auto-approve-python.sh': 'Auto-approve pytest, mypy, ruff, black, isort',
|
|
374
389
|
'auto-approve-ssh.sh': 'Auto-approve safe SSH commands (uptime, whoami)',
|
|
390
|
+
'auto-approve-go.sh': 'Auto-approve go build/test/vet/fmt',
|
|
391
|
+
'auto-approve-cargo.sh': 'Auto-approve cargo build/test/clippy',
|
|
392
|
+
'auto-approve-make.sh': 'Auto-approve make build/test/lint',
|
|
393
|
+
'auto-approve-gradle.sh': 'Auto-approve gradle/gradlew build/test',
|
|
394
|
+
'auto-approve-maven.sh': 'Auto-approve mvn compile/test/verify',
|
|
395
|
+
'permission-cache.sh': 'Auto-approve previously approved commands in session',
|
|
375
396
|
},
|
|
376
397
|
'Quality': {
|
|
377
398
|
'branch-name-check.sh': 'Warn on non-conventional branch names',
|
|
@@ -381,6 +402,28 @@ function examples() {
|
|
|
381
402
|
'large-file-guard.sh': 'Warn when Write creates files over 500KB',
|
|
382
403
|
'todo-check.sh': 'Warn when committing files with TODO/FIXME markers',
|
|
383
404
|
'verify-before-commit.sh': 'Block commit unless tests passed recently',
|
|
405
|
+
'test-deletion-guard.sh': 'Warn when removing test assertions',
|
|
406
|
+
'fact-check-gate.sh': 'Warn when docs reference unread source files',
|
|
407
|
+
'conflict-marker-guard.sh': 'Block commits with merge conflict markers',
|
|
408
|
+
'commit-quality-gate.sh': 'Warn on vague commit messages',
|
|
409
|
+
'commit-scope-guard.sh': 'Warn when committing 15+ files at once',
|
|
410
|
+
'require-issue-ref.sh': 'Warn when commit lacks issue reference',
|
|
411
|
+
'no-console-log.sh': 'Warn on console.log in production code',
|
|
412
|
+
'no-eval.sh': 'Warn on eval() usage (security risk)',
|
|
413
|
+
'no-wildcard-import.sh': 'Warn on import * patterns',
|
|
414
|
+
'no-todo-ship.sh': 'Warn on TODO/FIXME in commits',
|
|
415
|
+
'test-coverage-guard.sh': 'Warn when code grows without tests',
|
|
416
|
+
'ci-skip-guard.sh': 'Warn on [skip ci] and --no-verify',
|
|
417
|
+
'debug-leftover-guard.sh': 'Detect debugger/pdb/binding.pry in staged code',
|
|
418
|
+
'typescript-strict-guard.sh': 'Warn when tsconfig strict mode disabled',
|
|
419
|
+
'sensitive-regex-guard.sh': 'Detect ReDoS-vulnerable regex patterns',
|
|
420
|
+
'git-author-guard.sh': 'Verify git author is configured',
|
|
421
|
+
'git-blame-context.sh': 'Show file ownership before major edits',
|
|
422
|
+
'import-cycle-warn.sh': 'Detect circular import patterns',
|
|
423
|
+
'env-drift-guard.sh': 'Detect .env vs .env.example mismatch',
|
|
424
|
+
'package-script-guard.sh': 'Warn when package.json scripts change',
|
|
425
|
+
'lockfile-guard.sh': 'Warn when lockfiles modified in commits',
|
|
426
|
+
'git-lfs-guard.sh': 'Suggest Git LFS for large files',
|
|
384
427
|
},
|
|
385
428
|
'Recovery': {
|
|
386
429
|
'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
|
|
@@ -410,6 +453,28 @@ function examples() {
|
|
|
410
453
|
'max-file-count-guard.sh': 'Warn when 20+ files created per session',
|
|
411
454
|
'protect-claudemd.sh': 'Block edits to CLAUDE.md and settings files',
|
|
412
455
|
'reinject-claudemd.sh': 'Re-inject CLAUDE.md rules after compaction',
|
|
456
|
+
'token-budget-guard.sh': 'Block when estimated cost exceeds budget',
|
|
457
|
+
'output-length-guard.sh': 'Warn when tool output exceeds 50KB',
|
|
458
|
+
'error-memory-guard.sh': 'Block retries of already-failed commands',
|
|
459
|
+
'parallel-edit-guard.sh': 'Detect concurrent edits to same file',
|
|
460
|
+
'large-read-guard.sh': 'Warn before catting large files',
|
|
461
|
+
'context-snapshot.sh': 'Auto-save session state before context loss',
|
|
462
|
+
'compact-reminder.sh': 'Suggest /compact after N tool calls',
|
|
463
|
+
'revert-helper.sh': 'Show undo command when session ends',
|
|
464
|
+
'hardcoded-secret-detector.sh': 'Detect AWS keys, passwords, JWT in code',
|
|
465
|
+
'prompt-injection-guard.sh': 'Detect injection patterns in tool output',
|
|
466
|
+
'verify-before-done.sh': 'Warn when committing without running tests',
|
|
467
|
+
'disk-space-guard.sh': 'Warn when disk space is low',
|
|
468
|
+
'changelog-reminder.sh': 'Remind to update CHANGELOG on version bump',
|
|
469
|
+
'rate-limit-guard.sh': 'Detect rapid-fire tool calls',
|
|
470
|
+
'stale-env-guard.sh': 'Warn when .env is 90+ days old',
|
|
471
|
+
'node-version-guard.sh': 'Detect .nvmrc version mismatch',
|
|
472
|
+
'auto-stash-before-pull.sh': 'Warn before pull/merge with dirty tree',
|
|
473
|
+
'license-check.sh': 'Note missing license headers in source files',
|
|
474
|
+
'backup-before-refactor.sh': 'Auto-stash before large refactors',
|
|
475
|
+
'file-size-limit.sh': 'Block creating files over 1MB',
|
|
476
|
+
'branch-naming-convention.sh': 'Enforce feat/fix/chore branch prefixes',
|
|
477
|
+
'pr-description-check.sh': 'Ensure PRs have description body',
|
|
413
478
|
},
|
|
414
479
|
};
|
|
415
480
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "10.
|
|
3
|
+
"version": "10.8.0",
|
|
4
4
|
"description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|