cc-safe-setup 12.7.0 → 13.1.0

package/README.md

@@ -6,7 +6,7 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 124 examples = **135 hooks**. 42 CLI commands. 561 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
+8 built-in + 124 examples = **137 hooks**. 43 CLI commands. 561 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
 
 ```bash
 npx cc-safe-setup

package/examples/dotenv-validate.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+# dotenv-validate.sh — Validate .env syntax after edits
+# TRIGGER: PostToolUse  MATCHER: "Edit|Write"
+FILE=$(cat | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+case "$FILE" in *.env|*.env.*) ;; *) exit 0 ;; esac
+[ ! -f "$FILE" ] && exit 0
+# Check for common .env syntax errors
+ERRORS=0
+while IFS= read -r line; do
+    [ -z "$line" ] || [[ "$line" =~ ^# ]] && continue
+    if ! echo "$line" | grep -qE '^[A-Z_][A-Z0-9_]*='; then
+        echo "WARNING: Invalid .env line: $line" >&2
+        ERRORS=$((ERRORS+1))
+    fi
+done < "$FILE"
+[ "$ERRORS" -gt 0 ] && echo "$ERRORS syntax error(s) in $FILE" >&2
+exit 0

package/examples/readme-update-reminder.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# readme-update-reminder.sh — Remind to update README when APIs change
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+echo "$COMMAND" | grep -qE '^\s*git\s+commit' || exit 0
+# Check if API-related files changed but README didn't
+API_FILES=$(git diff --cached --name-only 2>/dev/null | grep -cE '(routes|api|endpoint|handler|controller)' || echo 0)
+README_CHANGED=$(git diff --cached --name-only 2>/dev/null | grep -c 'README' || echo 0)
+if [ "$API_FILES" -gt 0 ] && [ "$README_CHANGED" -eq 0 ]; then
+    echo "NOTE: API files changed but README was not updated." >&2
+    echo "Consider updating API documentation." >&2
+fi
+exit 0

package/index.mjs

@@ -111,6 +111,7 @@ const SAVE_PROFILE = SAVE_PROFILE_IDX !== -1 ? process.argv[SAVE_PROFILE_IDX + 1
 const CREATE_IDX = process.argv.findIndex(a => a === '--create');
 const CREATE_DESC = CREATE_IDX !== -1 ? process.argv.slice(CREATE_IDX + 1).join(' ') : null;
 const SUGGEST = process.argv.includes('--suggest');
+const INIT_PROJECT = process.argv.includes('--init-project');
 const TEST_HOOK_IDX = process.argv.findIndex(a => a === '--test-hook');
 const TEST_HOOK = TEST_HOOK_IDX !== -1 ? process.argv[TEST_HOOK_IDX + 1] : null;
 const WHY_IDX = process.argv.findIndex(a => a === '--why');
@@ -148,6 +149,7 @@ if (HELP) {
     npx cc-safe-setup --create "<desc>"  Generate a custom hook from description
     npx cc-safe-setup --test-hook <name>  Test a specific hook with sample inputs
     npx cc-safe-setup --save-profile <name>  Save current hooks as a named profile
+    npx cc-safe-setup --init-project    Complete project setup (CLAUDE.md + hooks + CI + .gitignore)
     npx cc-safe-setup --suggest        Analyze project and predict risks → suggest hooks
     npx cc-safe-setup --why <hook>     Why this hook exists (real incident + issue link)
     npx cc-safe-setup --replay         Replay blocked commands timeline (demo/review)
@@ -1070,6 +1072,68 @@ async function saveProfile(name) {
   console.log();
 }
 
+async function initProject() {
+  console.log();
+  console.log(c.bold + '  cc-safe-setup --init-project' + c.reset);
+  console.log(c.dim + '  Complete Claude Code setup for this project' + c.reset);
+  console.log();
+
+  const cwd = process.cwd();
+  let steps = 0;
+
+  // Step 1: Shield (hooks + stack detection + settings)
+  console.log(c.bold + '  Step 1: Safety hooks' + c.reset);
+  await shield();
+  steps++;
+
+  // Step 2: .gitignore — add .claude/settings.local.json
+  console.log(c.bold + '  Step 2: .gitignore' + c.reset);
+  const gitignorePath = join(cwd, '.gitignore');
+  if (existsSync(gitignorePath)) {
+    const gi = readFileSync(gitignorePath, 'utf-8');
+    const additions = [];
+    if (!gi.includes('.claude/settings.local.json')) additions.push('.claude/settings.local.json');
+    if (!gi.includes('.env')) additions.push('.env');
+    if (!gi.includes('.env.local')) additions.push('.env.local');
+    if (additions.length > 0) {
+      writeFileSync(gitignorePath, gi.trimEnd() + '\n\n# Claude Code\n' + additions.join('\n') + '\n');
+      console.log(c.green + `  +` + c.reset + ` Added ${additions.length} entries to .gitignore`);
+    } else {
+      console.log(c.dim + '  ✓ .gitignore already configured' + c.reset);
+    }
+  } else {
+    writeFileSync(gitignorePath, '# Claude Code\n.claude/settings.local.json\n.env\n.env.local\nnode_modules/\n');
+    console.log(c.green + '  +' + c.reset + ' Created .gitignore');
+  }
+  steps++;
+  console.log();
+
+  // Step 3: Generate CI workflow
+  console.log(c.bold + '  Step 3: CI workflow' + c.reset);
+  const ciPath = join(cwd, '.github', 'workflows', 'claude-code-safety.yml');
+  if (!existsSync(ciPath)) {
+    generateCI();
+  } else {
+    console.log(c.dim + '  ✓ CI workflow already exists' + c.reset);
+  }
+  steps++;
+  console.log();
+
+  // Step 4: Risk analysis
+  console.log(c.bold + '  Step 4: Risk analysis' + c.reset);
+  await suggest();
+  steps++;
+
+  // Summary
+  console.log();
+  console.log(c.bold + c.green + '  ✓ Project initialized!' + c.reset);
+  console.log(c.dim + `  ${steps} steps completed.` + c.reset);
+  console.log();
+  console.log(c.dim + '  Next: git add .claude/ CLAUDE.md .github/ .gitignore' + c.reset);
+  console.log(c.dim + '  Then: git commit -m "chore: initialize Claude Code safety"' + c.reset);
+  console.log();
+}
+
 async function suggest() {
   const { execSync } = await import('child_process');
   const { readdirSync } = await import('fs');
@@ -4434,6 +4498,7 @@ async function main() {
   if (WATCH) return watch();
   if (TEST_HOOK_IDX !== -1) return testHook(TEST_HOOK);
   if (SAVE_PROFILE_IDX !== -1) return saveProfile(SAVE_PROFILE);
+  if (INIT_PROJECT) return initProject();
   if (SUGGEST) return suggest();
   if (WHY_IDX !== -1) return why(WHY_HOOK);
   if (REPLAY) return replay();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "12.7.0",
+  "version": "13.1.0",
   "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
   "main": "index.mjs",
   "bin": {