cc-safe-setup 12.1.0 → 12.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# kubernetes-guard.sh — Block destructive kubectl commands
|
|
3
|
+
# TRIGGER: PreToolUse MATCHER: "Bash"
|
|
4
|
+
COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
5
|
+
[ -z "$COMMAND" ] && exit 0
|
|
6
|
+
if echo "$COMMAND" | grep -qE '\bkubectl\s+delete\s+(namespace|ns|node)\b'; then
|
|
7
|
+
echo "BLOCKED: kubectl delete namespace/node is highly destructive" >&2
|
|
8
|
+
exit 2
|
|
9
|
+
fi
|
|
10
|
+
if echo "$COMMAND" | grep -qE '\bkubectl\s+delete\s+.*--all\b'; then
|
|
11
|
+
echo "WARNING: kubectl delete --all affects all resources in scope" >&2
|
|
12
|
+
fi
|
|
13
|
+
exit 0
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# ================================================================
|
|
3
|
+
# post-compact-restore.sh — Restore context after /compact
|
|
4
|
+
# ================================================================
|
|
5
|
+
# PURPOSE:
|
|
6
|
+
# After /compact, Claude loses track of the current branch,
|
|
7
|
+
# recent files, and task state. This Stop hook outputs key
|
|
8
|
+
# state info to stderr so Claude sees it in the next turn.
|
|
9
|
+
#
|
|
10
|
+
# TRIGGER: Stop MATCHER: ""
|
|
11
|
+
#
|
|
12
|
+
# Reads .claude/session-snapshot.md if it exists (from context-snapshot).
|
|
13
|
+
# Falls back to git state.
|
|
14
|
+
# ================================================================
|
|
15
|
+
|
|
16
|
+
# Check if we're in a post-compact state (tool count reset or snapshot exists)
|
|
17
|
+
SNAPSHOT=".claude/session-snapshot.md"
|
|
18
|
+
|
|
19
|
+
if [ -f "$SNAPSHOT" ]; then
|
|
20
|
+
echo "" >&2
|
|
21
|
+
echo "=== Session State (from snapshot) ===" >&2
|
|
22
|
+
cat "$SNAPSHOT" | head -20 >&2
|
|
23
|
+
echo "===================================" >&2
|
|
24
|
+
exit 0
|
|
25
|
+
fi
|
|
26
|
+
|
|
27
|
+
# Fallback: basic git state
|
|
28
|
+
BRANCH=$(git branch --show-current 2>/dev/null)
|
|
29
|
+
if [ -n "$BRANCH" ]; then
|
|
30
|
+
DIRTY=$(git status --porcelain 2>/dev/null | wc -l)
|
|
31
|
+
LAST=$(git log --oneline -1 2>/dev/null)
|
|
32
|
+
echo "" >&2
|
|
33
|
+
echo "Branch: $BRANCH | Uncommitted: $DIRTY | Last: $LAST" >&2
|
|
34
|
+
fi
|
|
35
|
+
|
|
36
|
+
exit 0
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# ================================================================
|
|
3
|
+
# ssh-key-protect.sh — Block reading/copying SSH private keys
|
|
4
|
+
# ================================================================
|
|
5
|
+
# PURPOSE:
|
|
6
|
+
# Prevents Claude from reading SSH private keys (id_rsa, id_ed25519)
|
|
7
|
+
# or copying them elsewhere. A prompt injection in a cloned repo
|
|
8
|
+
# could instruct Claude to exfiltrate keys.
|
|
9
|
+
#
|
|
10
|
+
# TRIGGER: PreToolUse MATCHER: "Bash"
|
|
11
|
+
# ================================================================
|
|
12
|
+
|
|
13
|
+
COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
14
|
+
[ -z "$COMMAND" ] && exit 0
|
|
15
|
+
|
|
16
|
+
# Detect reading SSH keys
|
|
17
|
+
if echo "$COMMAND" | grep -qE '\b(cat|head|tail|less|more|base64|xxd)\s+.*\.(ssh|gnupg)/(id_|.*_key)'; then
|
|
18
|
+
echo "BLOCKED: Reading SSH/GPG private key" >&2
|
|
19
|
+
exit 2
|
|
20
|
+
fi
|
|
21
|
+
|
|
22
|
+
# Detect copying SSH keys
|
|
23
|
+
if echo "$COMMAND" | grep -qE '\b(cp|mv|scp|rsync)\s+.*\.ssh/(id_|.*_key)'; then
|
|
24
|
+
echo "BLOCKED: Copying SSH private key" >&2
|
|
25
|
+
exit 2
|
|
26
|
+
fi
|
|
27
|
+
|
|
28
|
+
# Detect encoding keys for exfiltration
|
|
29
|
+
if echo "$COMMAND" | grep -qE 'base64.*\.ssh|\.ssh.*base64|cat.*id_rsa|cat.*id_ed25519'; then
|
|
30
|
+
echo "BLOCKED: Potential SSH key exfiltration" >&2
|
|
31
|
+
exit 2
|
|
32
|
+
fi
|
|
33
|
+
|
|
34
|
+
exit 0
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# terraform-guard.sh — Warn before terraform destroy/apply
|
|
3
|
+
# TRIGGER: PreToolUse MATCHER: "Bash"
|
|
4
|
+
COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
5
|
+
[ -z "$COMMAND" ] && exit 0
|
|
6
|
+
if echo "$COMMAND" | grep -qE '\bterraform\s+destroy\b'; then
|
|
7
|
+
echo "BLOCKED: terraform destroy is irreversible" >&2
|
|
8
|
+
exit 2
|
|
9
|
+
fi
|
|
10
|
+
if echo "$COMMAND" | grep -qE '\bterraform\s+apply\b' && ! echo "$COMMAND" | grep -q '\-auto-approve'; then
|
|
11
|
+
echo "NOTE: terraform apply detected. Review the plan carefully." >&2
|
|
12
|
+
fi
|
|
13
|
+
exit 0
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "12.
|
|
3
|
+
"version": "12.3.0",
|
|
4
4
|
"description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|