cc-safe-setup 17.0.0 → 17.2.0

package/README.md

@@ -6,7 +6,7 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 124 examples = **160 hooks**. 44 CLI commands. 561 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
+8 built-in + 124 examples = **164 hooks**. 44 CLI commands. 561 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
 
 ```bash
 npx cc-safe-setup

package/examples/git-message-length.sh

@@ -0,0 +1,4 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+echo "$COMMAND" | grep -qE "git\s+commit\s+-m" || exit 0; MSG=$(echo "$COMMAND" | grep -oP "(?<=-m\s[\x27\x22])[^\x27\x22]+"); [ ${#MSG} -lt 10 ] && echo "WARNING: Commit message too short (${#MSG} chars)" >&2
+exit 0

package/examples/no-localhost-expose.sh

@@ -0,0 +1,4 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if echo "$COMMAND" | grep -qE "0\.0\.0\.0|INADDR_ANY|--host\s+0"; then echo "WARNING: Binding to all interfaces exposes service to network" >&2; fi
+exit 0

package/examples/no-package-downgrade.sh

@@ -0,0 +1,4 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if echo "$COMMAND" | grep -qE "npm\s+install\s+\S+@[0-9]" && echo "$COMMAND" | grep -qE "@[0-1]\."; then echo "WARNING: Possible package downgrade" >&2; fi
+exit 0

package/examples/output-pii-detect.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# output-pii-detect.sh — Detect PII/sensitive data in tool output
+# TRIGGER: PostToolUse  MATCHER: ""
+OUTPUT=$(cat | jq -r '.tool_result // empty' 2>/dev/null)
+[ -z "$OUTPUT" ] && exit 0
+# Check for email addresses
+if echo "$OUTPUT" | grep -qE '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}'; then
+    echo "NOTE: Email address detected in output" >&2
+fi
+# Check for IP addresses (non-localhost)
+if echo "$OUTPUT" | grep -qE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' | grep -vE '127\.0\.0\.1|0\.0\.0\.0|localhost'; then
+    echo "NOTE: IP address detected in output" >&2
+fi
+exit 0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "17.0.0",
+  "version": "17.2.0",
   "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
   "main": "index.mjs",
   "bin": {