cc-safe-setup 17.4.0 → 19.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +1 -1
  2. package/examples/cors-star-warn.sh +5 -0
  3. package/examples/git-hook-bypass-guard.sh +4 -0
  4. package/examples/git-merge-conflict-prevent.sh +5 -0
  5. package/examples/log-level-guard.sh +5 -0
  6. package/examples/max-file-delete-count.sh +4 -0
  7. package/examples/no-inline-style.sh +5 -0
  8. package/examples/no-magic-number.sh +5 -0
  9. package/examples/no-sensitive-log.sh +4 -0
  10. package/examples/sql-injection-detect.sh +5 -0
  11. package/examples/timezone-guard.sh +4 -0
  12. package/package.json +1 -1
package/README.md CHANGED
@@ -6,7 +6,7 @@
6
6
 
7
7
  **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
8
8
 
9
- 8 built-in + 124 examples = **165 hooks**. 45 CLI commands. 561 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
9
+ 8 built-in + 124 examples = **175 hooks**. 45 CLI commands. 561 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
10
10
 
11
11
  ```bash
12
12
  npx cc-safe-setup
package/examples/cors-star-warn.sh ADDED
@@ -0,0 +1,5 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ # PostToolUse matcher: Edit|Write
4
+ CONTENT=$(cat | jq -r ".tool_input.new_string // empty" 2>/dev/null); [ -n "$CONTENT" ] && echo "$CONTENT" | grep -q "Access-Control-Allow-Origin.*\*" && echo "WARNING: CORS wildcard (*) detected" >&2
5
+ exit 0
package/examples/git-hook-bypass-guard.sh ADDED
@@ -0,0 +1,4 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE "git\s+(commit|push|merge).*--no-verify"; then echo "WARNING: --no-verify bypasses git hooks" >&2; fi
4
+ exit 0
package/examples/git-merge-conflict-prevent.sh ADDED
@@ -0,0 +1,5 @@
1
+ INPUT=$(cat)
2
+ CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
3
+ [ -z "$CONTENT" ] && exit 0
4
+ COMMAND=$(echo "$INPUT" | jq -r ".tool_input.command // empty" 2>/dev/null); echo "$COMMAND" | grep -qE "git\s+merge" && echo "NOTE: Check if target branch is ahead before merging." >&2
5
+ exit 0
package/examples/log-level-guard.sh ADDED
@@ -0,0 +1,5 @@
1
+ INPUT=$(cat)
2
+ CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
3
+ [ -z "$CONTENT" ] && exit 0
4
+ FILE=$(echo "$INPUT" | jq -r ".tool_input.file_path // empty" 2>/dev/null); case "$FILE" in *test*|*spec*|*debug*) exit 0;; esac; echo "$CONTENT" | grep -qE "log\.debug|LOG_LEVEL.*DEBUG|logging\.DEBUG" && echo "NOTE: Debug logging in production code" >&2
5
+ exit 0
package/examples/max-file-delete-count.sh ADDED
@@ -0,0 +1,4 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE "^\s*rm\b"; then COUNT=$(echo "$COMMAND" | tr " " "\n" | grep -cvE "^-" | head -1); [ "$COUNT" -gt 5 ] && echo "WARNING: Deleting $COUNT files at once" >&2; fi
4
+ exit 0
package/examples/no-inline-style.sh ADDED
@@ -0,0 +1,5 @@
1
+ INPUT=$(cat)
2
+ CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
3
+ [ -z "$CONTENT" ] && exit 0
4
+ echo "$CONTENT" | grep -qE "style=\"|style={" && echo "NOTE: Inline styles detected. Consider CSS classes." >&2
5
+ exit 0
package/examples/no-magic-number.sh ADDED
@@ -0,0 +1,5 @@
1
+ INPUT=$(cat)
2
+ CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
3
+ [ -z "$CONTENT" ] && exit 0
4
+ echo "$CONTENT" | grep -qE "= [0-9]{4,}[^.0-9]|setTimeout\([^,]+,\s*[0-9]{4}" && echo "NOTE: Magic number detected. Consider using a named constant." >&2
5
+ exit 0
package/examples/no-sensitive-log.sh ADDED
@@ -0,0 +1,4 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qiE "console\.\(log\|warn\|error\).*password|log.*token|print.*secret"; then echo "WARNING: Logging sensitive data" >&2; fi
4
+ exit 0
package/examples/sql-injection-detect.sh ADDED
@@ -0,0 +1,5 @@
1
+ INPUT=$(cat)
2
+ CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
3
+ [ -z "$CONTENT" ] && exit 0
4
+ if echo "$CONTENT" | grep -qE "\".*\+.*\"|'.*\+.*'|f\".*{.*}.*WHERE|query\(.*\+"; then echo "WARNING: Possible SQL injection pattern" >&2; fi
5
+ exit 0
package/examples/timezone-guard.sh ADDED
@@ -0,0 +1,4 @@
1
+ COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
2
+ [ -z "$COMMAND" ] && exit 0
3
+ if echo "$COMMAND" | grep -qE "TZ=|--timezone" && ! echo "$COMMAND" | grep -q "UTC"; then echo "NOTE: Non-UTC timezone in command" >&2; fi
4
+ exit 0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cc-safe-setup",
3
- "version": "17.4.0",
3
+ "version": "19.0.0",
4
4
  "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
5
5
  "main": "index.mjs",
6
6
  "bin": {