cc-safe-setup 2.0.3 → 2.0.5

package/README.md

@@ -157,6 +157,8 @@ Or browse all available examples in [`examples/`](examples/):
 - **large-file-guard.sh** — Warn when Write tool creates files over 500KB
 - **commit-message-check.sh** — Warn on non-conventional commit messages (feat:, fix:, docs:, etc.)
 - **env-var-check.sh** — Block hardcoded API keys (sk-, ghp_, glpat-) in export commands
+- **timeout-guard.sh** — Warn before long-running commands (npm start, rails s, docker-compose up)
+- **branch-name-check.sh** — Warn on non-conventional branch names (feature/, fix/, etc.)
 
 ## Learn More
 

package/examples/README.md

@@ -41,10 +41,12 @@ npx cc-safe-setup --examples
 
 | Hook | Purpose | Issue |
 |------|---------|-------|
+| **branch-name-check.sh** | Warn on non-conventional branch names | |
 | **commit-message-check.sh** | Warn on non-conventional commit messages | |
 | **edit-guard.sh** | Block Edit/Write to protected files | [#37210](https://github.com/anthropics/claude-code/issues/37210) |
 | **enforce-tests.sh** | Warn when source changes without tests | |
 | **large-file-guard.sh** | Warn when Write creates files >500KB | |
+| **todo-check.sh** | Warn when committing files with TODO/FIXME | |
 
 ## Recovery
 

package/examples/branch-name-check.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# branch-name-check.sh — Warn when creating branches with non-standard names
+#
+# Checks for conventional branch naming (feature/, fix/, hotfix/, etc.)
+# and blocks branches with spaces, uppercase, or special characters.
+#
+# Usage: Add to settings.json as a PostToolUse hook
+#
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/branch-name-check.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[[ -z "$COMMAND" ]] && exit 0
+
+# Only check branch creation commands
+if ! echo "$COMMAND" | grep -qE 'git\s+(checkout\s+-b|branch|switch\s+-c)\s'; then
+    exit 0
+fi
+
+# Extract branch name
+BRANCH=$(echo "$COMMAND" | grep -oP '(?:checkout\s+-b|branch|switch\s+-c)\s+\K\S+')
+[[ -z "$BRANCH" ]] && exit 0
+
+# Check for spaces or special characters
+if echo "$BRANCH" | grep -qP '[^a-zA-Z0-9/_.-]'; then
+    echo "" >&2
+    echo "WARNING: Branch name contains special characters: $BRANCH" >&2
+    echo "Use only: a-z, 0-9, /, -, ., _" >&2
+fi
+
+# Check for conventional prefix
+if ! echo "$BRANCH" | grep -qE '^(feature|fix|hotfix|bugfix|release|chore|docs|refactor|test|ci)/'; then
+    echo "" >&2
+    echo "NOTE: Branch doesn't follow conventional naming." >&2
+    echo "Consider: feature/, fix/, hotfix/, chore/, docs/" >&2
+fi
+
+exit 0

package/examples/todo-check.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# todo-check.sh — Warn when committing files with TODO/FIXME/HACK comments
+#
+# PostToolUse hook that checks after git commit for remaining
+# TODO/FIXME/HACK markers in the committed files.
+#
+# Usage: Add to settings.json as a PostToolUse hook
+#
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/todo-check.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[[ -z "$COMMAND" ]] && exit 0
+
+# Only check after git commit
+if ! echo "$COMMAND" | grep -qE '^\s*git\s+commit\b'; then
+    exit 0
+fi
+
+# Must be in a git repo
+git rev-parse --git-dir &>/dev/null || exit 0
+
+# Check committed files for TODO/FIXME/HACK
+COMMITTED_FILES=$(git diff-tree --no-commit-id --name-only -r HEAD 2>/dev/null)
+[[ -z "$COMMITTED_FILES" ]] && exit 0
+
+TODO_COUNT=0
+while IFS= read -r file; do
+    if [ -f "$file" ]; then
+        MATCHES=$(grep -cnE '\bTODO\b|\bFIXME\b|\bHACK\b|\bXXX\b' "$file" 2>/dev/null || echo 0)
+        TODO_COUNT=$((TODO_COUNT + MATCHES))
+    fi
+done <<< "$COMMITTED_FILES"
+
+if (( TODO_COUNT > 0 )); then
+    echo "" >&2
+    echo "NOTE: $TODO_COUNT TODO/FIXME/HACK markers in committed files." >&2
+    echo "Run: git diff-tree --no-commit-id --name-only -r HEAD | xargs grep -n 'TODO\|FIXME\|HACK'" >&2
+fi
+
+exit 0

package/index.mjs

@@ -183,10 +183,10 @@ function status() {
   const exampleFiles = [
     'allowlist.sh', 'auto-approve-build.sh', 'auto-approve-docker.sh',
     'auto-approve-git-read.sh', 'auto-approve-python.sh', 'auto-approve-ssh.sh',
-    'auto-checkpoint.sh', 'auto-snapshot.sh', 'block-database-wipe.sh', 'commit-message-check.sh', 'env-var-check.sh',
+    'auto-checkpoint.sh', 'auto-snapshot.sh', 'block-database-wipe.sh', 'branch-name-check.sh', 'commit-message-check.sh', 'env-var-check.sh',
     'deploy-guard.sh', 'edit-guard.sh', 'enforce-tests.sh', 'git-config-guard.sh',
     'large-file-guard.sh', 'network-guard.sh', 'notify-waiting.sh',
-    'protect-dotfiles.sh', 'scope-guard.sh', 'test-before-push.sh',
+    'protect-dotfiles.sh', 'scope-guard.sh', 'test-before-push.sh', 'timeout-guard.sh',
   ];
   const installedExamples = exampleFiles.filter(f => existsSync(join(HOOKS_DIR, f)));
   if (installedExamples.length > 0) {
@@ -297,10 +297,12 @@ function examples() {
       'auto-approve-ssh.sh': 'Auto-approve safe SSH commands (uptime, whoami)',
     },
     'Quality': {
+      'branch-name-check.sh': 'Warn on non-conventional branch names',
       'commit-message-check.sh': 'Warn on non-conventional commit messages',
       'edit-guard.sh': 'Block Edit/Write to protected files (.env, credentials)',
       'enforce-tests.sh': 'Warn when source files change without test files',
       'large-file-guard.sh': 'Warn when Write creates files over 500KB',
+      'todo-check.sh': 'Warn when committing files with TODO/FIXME markers',
     },
     'Recovery': {
       'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
@@ -313,7 +315,7 @@ function examples() {
 
   console.log();
   console.log(c.bold + '  cc-safe-setup --examples' + c.reset);
-  console.log(c.dim + '  22 hooks beyond the 8 built-in ones' + c.reset);
+  console.log(c.dim + '  24 hooks beyond the 8 built-in ones' + c.reset);
   console.log();
 
   for (const [cat, hooks] of Object.entries(CATEGORIES)) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "2.0.3",
-  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 22 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
+  "version": "2.0.5",
+  "description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 24 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"