cc-safe-setup 18.0.0 → 20.0.0

package/README.md

@@ -6,7 +6,7 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 124 examples = **170 hooks**. 45 CLI commands. 561 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
+8 built-in + 124 examples = **180 hooks**. 45 CLI commands. 561 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
 
 ```bash
 npx cc-safe-setup

package/examples/check-port-availability.sh

@@ -0,0 +1,4 @@
+CONTENT=$(cat | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+COMMAND=$(cat | jq -r ".tool_input.command // empty" 2>/dev/null); echo "$COMMAND" | grep -qE "listen\(|--port|:3000|:8080" && echo "NOTE: Check port availability before starting server" >&2
+exit 0

package/examples/git-merge-conflict-prevent.sh

@@ -0,0 +1,5 @@
+INPUT=$(cat)
+CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+COMMAND=$(echo "$INPUT" | jq -r ".tool_input.command // empty" 2>/dev/null); echo "$COMMAND" | grep -qE "git\s+merge" && echo "NOTE: Check if target branch is ahead before merging." >&2
+exit 0

package/examples/log-level-guard.sh

@@ -0,0 +1,5 @@
+INPUT=$(cat)
+CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+FILE=$(echo "$INPUT" | jq -r ".tool_input.file_path // empty" 2>/dev/null); case "$FILE" in *test*|*spec*|*debug*) exit 0;; esac; echo "$CONTENT" | grep -qE "log\.debug|LOG_LEVEL.*DEBUG|logging\.DEBUG" && echo "NOTE: Debug logging in production code" >&2
+exit 0

package/examples/no-absolute-import.sh

@@ -0,0 +1,4 @@
+CONTENT=$(cat | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+if echo "$CONTENT" | grep -qE "from ['\"]/|require\(['\"]/"; then echo "NOTE: Absolute import path detected" >&2; fi
+exit 0

package/examples/no-console-error-swallow.sh

@@ -0,0 +1,4 @@
+CONTENT=$(cat | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+if echo "$CONTENT" | grep -qE "catch\s*\([^)]*\)\s*\{[\s\n]*\}|except:[\s\n]*pass"; then echo "WARNING: Empty catch/except block swallows errors" >&2; fi
+exit 0

package/examples/no-hardcoded-url.sh

@@ -0,0 +1,4 @@
+CONTENT=$(cat | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+if echo "$CONTENT" | grep -qE "http://localhost:[0-9]+|http://127\.0\.0\.1"; then echo "NOTE: Hardcoded localhost URL — use env var instead" >&2; fi
+exit 0

package/examples/no-inline-style.sh

@@ -0,0 +1,5 @@
+INPUT=$(cat)
+CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+echo "$CONTENT" | grep -qE "style=\"|style={" && echo "NOTE: Inline styles detected. Consider CSS classes." >&2
+exit 0

package/examples/no-magic-number.sh

@@ -0,0 +1,5 @@
+INPUT=$(cat)
+CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+echo "$CONTENT" | grep -qE "= [0-9]{4,}[^.0-9]|setTimeout\([^,]+,\s*[0-9]{4}" && echo "NOTE: Magic number detected. Consider using a named constant." >&2
+exit 0

package/examples/readme-exists-check.sh

@@ -0,0 +1,4 @@
+CONTENT=$(cat | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+COMMAND=$(cat | jq -r ".tool_input.command // empty" 2>/dev/null); echo "$COMMAND" | grep -qE "git\s+commit" && [ ! -f "README.md" ] && echo "NOTE: No README.md in project" >&2
+exit 0

package/examples/sql-injection-detect.sh

@@ -0,0 +1,5 @@
+INPUT=$(cat)
+CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+if echo "$CONTENT" | grep -qE "\".*\+.*\"|'.*\+.*'|f\".*{.*}.*WHERE|query\(.*\+"; then echo "WARNING: Possible SQL injection pattern" >&2; fi
+exit 0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "18.0.0",
+  "version": "20.0.0",
   "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
   "main": "index.mjs",
   "bin": {