cc-safe-setup 2.0.3 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/examples/README.md +1 -0
- package/examples/branch-name-check.sh +46 -0
- package/index.mjs +3 -2
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -157,6 +157,7 @@ Or browse all available examples in [`examples/`](examples/):
|
|
|
157
157
|
- **large-file-guard.sh** — Warn when Write tool creates files over 500KB
|
|
158
158
|
- **commit-message-check.sh** — Warn on non-conventional commit messages (feat:, fix:, docs:, etc.)
|
|
159
159
|
- **env-var-check.sh** — Block hardcoded API keys (sk-, ghp_, glpat-) in export commands
|
|
160
|
+
- **timeout-guard.sh** — Warn before long-running commands (npm start, rails s, docker-compose up)
|
|
160
161
|
|
|
161
162
|
## Learn More
|
|
162
163
|
|
package/examples/README.md
CHANGED
|
@@ -41,6 +41,7 @@ npx cc-safe-setup --examples
|
|
|
41
41
|
|
|
42
42
|
| Hook | Purpose | Issue |
|
|
43
43
|
|------|---------|-------|
|
|
44
|
+
| **branch-name-check.sh** | Warn on non-conventional branch names | |
|
|
44
45
|
| **commit-message-check.sh** | Warn on non-conventional commit messages | |
|
|
45
46
|
| **edit-guard.sh** | Block Edit/Write to protected files | [#37210](https://github.com/anthropics/claude-code/issues/37210) |
|
|
46
47
|
| **enforce-tests.sh** | Warn when source changes without tests | |
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# branch-name-check.sh — Warn when creating branches with non-standard names
|
|
3
|
+
#
|
|
4
|
+
# Checks for conventional branch naming (feature/, fix/, hotfix/, etc.)
|
|
5
|
+
# and blocks branches with spaces, uppercase, or special characters.
|
|
6
|
+
#
|
|
7
|
+
# Usage: Add to settings.json as a PostToolUse hook
|
|
8
|
+
#
|
|
9
|
+
# {
|
|
10
|
+
# "hooks": {
|
|
11
|
+
# "PostToolUse": [{
|
|
12
|
+
# "matcher": "Bash",
|
|
13
|
+
# "hooks": [{ "type": "command", "command": "~/.claude/hooks/branch-name-check.sh" }]
|
|
14
|
+
# }]
|
|
15
|
+
# }
|
|
16
|
+
# }
|
|
17
|
+
|
|
18
|
+
INPUT=$(cat)
|
|
19
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
20
|
+
|
|
21
|
+
[[ -z "$COMMAND" ]] && exit 0
|
|
22
|
+
|
|
23
|
+
# Only check branch creation commands
|
|
24
|
+
if ! echo "$COMMAND" | grep -qE 'git\s+(checkout\s+-b|branch|switch\s+-c)\s'; then
|
|
25
|
+
exit 0
|
|
26
|
+
fi
|
|
27
|
+
|
|
28
|
+
# Extract branch name
|
|
29
|
+
BRANCH=$(echo "$COMMAND" | grep -oP '(?:checkout\s+-b|branch|switch\s+-c)\s+\K\S+')
|
|
30
|
+
[[ -z "$BRANCH" ]] && exit 0
|
|
31
|
+
|
|
32
|
+
# Check for spaces or special characters
|
|
33
|
+
if echo "$BRANCH" | grep -qP '[^a-zA-Z0-9/_.-]'; then
|
|
34
|
+
echo "" >&2
|
|
35
|
+
echo "WARNING: Branch name contains special characters: $BRANCH" >&2
|
|
36
|
+
echo "Use only: a-z, 0-9, /, -, ., _" >&2
|
|
37
|
+
fi
|
|
38
|
+
|
|
39
|
+
# Check for conventional prefix
|
|
40
|
+
if ! echo "$BRANCH" | grep -qE '^(feature|fix|hotfix|bugfix|release|chore|docs|refactor|test|ci)/'; then
|
|
41
|
+
echo "" >&2
|
|
42
|
+
echo "NOTE: Branch doesn't follow conventional naming." >&2
|
|
43
|
+
echo "Consider: feature/, fix/, hotfix/, chore/, docs/" >&2
|
|
44
|
+
fi
|
|
45
|
+
|
|
46
|
+
exit 0
|
package/index.mjs
CHANGED
|
@@ -186,7 +186,7 @@ function status() {
|
|
|
186
186
|
'auto-checkpoint.sh', 'auto-snapshot.sh', 'block-database-wipe.sh', 'commit-message-check.sh', 'env-var-check.sh',
|
|
187
187
|
'deploy-guard.sh', 'edit-guard.sh', 'enforce-tests.sh', 'git-config-guard.sh',
|
|
188
188
|
'large-file-guard.sh', 'network-guard.sh', 'notify-waiting.sh',
|
|
189
|
-
'protect-dotfiles.sh', 'scope-guard.sh', 'test-before-push.sh',
|
|
189
|
+
'protect-dotfiles.sh', 'scope-guard.sh', 'test-before-push.sh', 'timeout-guard.sh',
|
|
190
190
|
];
|
|
191
191
|
const installedExamples = exampleFiles.filter(f => existsSync(join(HOOKS_DIR, f)));
|
|
192
192
|
if (installedExamples.length > 0) {
|
|
@@ -297,6 +297,7 @@ function examples() {
|
|
|
297
297
|
'auto-approve-ssh.sh': 'Auto-approve safe SSH commands (uptime, whoami)',
|
|
298
298
|
},
|
|
299
299
|
'Quality': {
|
|
300
|
+
'branch-name-check.sh': 'Warn on non-conventional branch names',
|
|
300
301
|
'commit-message-check.sh': 'Warn on non-conventional commit messages',
|
|
301
302
|
'edit-guard.sh': 'Block Edit/Write to protected files (.env, credentials)',
|
|
302
303
|
'enforce-tests.sh': 'Warn when source files change without test files',
|
|
@@ -313,7 +314,7 @@ function examples() {
|
|
|
313
314
|
|
|
314
315
|
console.log();
|
|
315
316
|
console.log(c.bold + ' cc-safe-setup --examples' + c.reset);
|
|
316
|
-
console.log(c.dim + '
|
|
317
|
+
console.log(c.dim + ' 23 hooks beyond the 8 built-in ones' + c.reset);
|
|
317
318
|
console.log();
|
|
318
319
|
|
|
319
320
|
for (const [cat, hooks] of Object.entries(CATEGORIES)) {
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "2.0.
|
|
4
|
-
"description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks +
|
|
3
|
+
"version": "2.0.4",
|
|
4
|
+
"description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 23 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|
|
7
7
|
"cc-safe-setup": "index.mjs"
|