cc-safe-setup 2.0.4 → 2.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/examples/README.md +1 -0
- package/examples/todo-check.sh +49 -0
- package/index.mjs +3 -2
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -158,6 +158,7 @@ Or browse all available examples in [`examples/`](examples/):
|
|
|
158
158
|
- **commit-message-check.sh** — Warn on non-conventional commit messages (feat:, fix:, docs:, etc.)
|
|
159
159
|
- **env-var-check.sh** — Block hardcoded API keys (sk-, ghp_, glpat-) in export commands
|
|
160
160
|
- **timeout-guard.sh** — Warn before long-running commands (npm start, rails s, docker-compose up)
|
|
161
|
+
- **branch-name-check.sh** — Warn on non-conventional branch names (feature/, fix/, etc.)
|
|
161
162
|
|
|
162
163
|
## Learn More
|
|
163
164
|
|
package/examples/README.md
CHANGED
|
@@ -46,6 +46,7 @@ npx cc-safe-setup --examples
|
|
|
46
46
|
| **edit-guard.sh** | Block Edit/Write to protected files | [#37210](https://github.com/anthropics/claude-code/issues/37210) |
|
|
47
47
|
| **enforce-tests.sh** | Warn when source changes without tests | |
|
|
48
48
|
| **large-file-guard.sh** | Warn when Write creates files >500KB | |
|
|
49
|
+
| **todo-check.sh** | Warn when committing files with TODO/FIXME | |
|
|
49
50
|
|
|
50
51
|
## Recovery
|
|
51
52
|
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# todo-check.sh — Warn when committing files with TODO/FIXME/HACK comments
|
|
3
|
+
#
|
|
4
|
+
# PostToolUse hook that checks after git commit for remaining
|
|
5
|
+
# TODO/FIXME/HACK markers in the committed files.
|
|
6
|
+
#
|
|
7
|
+
# Usage: Add to settings.json as a PostToolUse hook
|
|
8
|
+
#
|
|
9
|
+
# {
|
|
10
|
+
# "hooks": {
|
|
11
|
+
# "PostToolUse": [{
|
|
12
|
+
# "matcher": "Bash",
|
|
13
|
+
# "hooks": [{ "type": "command", "command": "~/.claude/hooks/todo-check.sh" }]
|
|
14
|
+
# }]
|
|
15
|
+
# }
|
|
16
|
+
# }
|
|
17
|
+
|
|
18
|
+
INPUT=$(cat)
|
|
19
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
20
|
+
|
|
21
|
+
[[ -z "$COMMAND" ]] && exit 0
|
|
22
|
+
|
|
23
|
+
# Only check after git commit
|
|
24
|
+
if ! echo "$COMMAND" | grep -qE '^\s*git\s+commit\b'; then
|
|
25
|
+
exit 0
|
|
26
|
+
fi
|
|
27
|
+
|
|
28
|
+
# Must be in a git repo
|
|
29
|
+
git rev-parse --git-dir &>/dev/null || exit 0
|
|
30
|
+
|
|
31
|
+
# Check committed files for TODO/FIXME/HACK
|
|
32
|
+
COMMITTED_FILES=$(git diff-tree --no-commit-id --name-only -r HEAD 2>/dev/null)
|
|
33
|
+
[[ -z "$COMMITTED_FILES" ]] && exit 0
|
|
34
|
+
|
|
35
|
+
TODO_COUNT=0
|
|
36
|
+
while IFS= read -r file; do
|
|
37
|
+
if [ -f "$file" ]; then
|
|
38
|
+
MATCHES=$(grep -cnE '\bTODO\b|\bFIXME\b|\bHACK\b|\bXXX\b' "$file" 2>/dev/null || echo 0)
|
|
39
|
+
TODO_COUNT=$((TODO_COUNT + MATCHES))
|
|
40
|
+
fi
|
|
41
|
+
done <<< "$COMMITTED_FILES"
|
|
42
|
+
|
|
43
|
+
if (( TODO_COUNT > 0 )); then
|
|
44
|
+
echo "" >&2
|
|
45
|
+
echo "NOTE: $TODO_COUNT TODO/FIXME/HACK markers in committed files." >&2
|
|
46
|
+
echo "Run: git diff-tree --no-commit-id --name-only -r HEAD | xargs grep -n 'TODO\|FIXME\|HACK'" >&2
|
|
47
|
+
fi
|
|
48
|
+
|
|
49
|
+
exit 0
|
package/index.mjs
CHANGED
|
@@ -183,7 +183,7 @@ function status() {
|
|
|
183
183
|
const exampleFiles = [
|
|
184
184
|
'allowlist.sh', 'auto-approve-build.sh', 'auto-approve-docker.sh',
|
|
185
185
|
'auto-approve-git-read.sh', 'auto-approve-python.sh', 'auto-approve-ssh.sh',
|
|
186
|
-
'auto-checkpoint.sh', 'auto-snapshot.sh', 'block-database-wipe.sh', 'commit-message-check.sh', 'env-var-check.sh',
|
|
186
|
+
'auto-checkpoint.sh', 'auto-snapshot.sh', 'block-database-wipe.sh', 'branch-name-check.sh', 'commit-message-check.sh', 'env-var-check.sh',
|
|
187
187
|
'deploy-guard.sh', 'edit-guard.sh', 'enforce-tests.sh', 'git-config-guard.sh',
|
|
188
188
|
'large-file-guard.sh', 'network-guard.sh', 'notify-waiting.sh',
|
|
189
189
|
'protect-dotfiles.sh', 'scope-guard.sh', 'test-before-push.sh', 'timeout-guard.sh',
|
|
@@ -302,6 +302,7 @@ function examples() {
|
|
|
302
302
|
'edit-guard.sh': 'Block Edit/Write to protected files (.env, credentials)',
|
|
303
303
|
'enforce-tests.sh': 'Warn when source files change without test files',
|
|
304
304
|
'large-file-guard.sh': 'Warn when Write creates files over 500KB',
|
|
305
|
+
'todo-check.sh': 'Warn when committing files with TODO/FIXME markers',
|
|
305
306
|
},
|
|
306
307
|
'Recovery': {
|
|
307
308
|
'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
|
|
@@ -314,7 +315,7 @@ function examples() {
|
|
|
314
315
|
|
|
315
316
|
console.log();
|
|
316
317
|
console.log(c.bold + ' cc-safe-setup --examples' + c.reset);
|
|
317
|
-
console.log(c.dim + '
|
|
318
|
+
console.log(c.dim + ' 24 hooks beyond the 8 built-in ones' + c.reset);
|
|
318
319
|
console.log();
|
|
319
320
|
|
|
320
321
|
for (const [cat, hooks] of Object.entries(CATEGORIES)) {
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "2.0.
|
|
4
|
-
"description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks +
|
|
3
|
+
"version": "2.0.5",
|
|
4
|
+
"description": "One command to make Claude Code safe for autonomous operation. 8 built-in hooks + 24 installable examples. Destructive blocker, branch guard, database wipe protection, dotfile guard, and more.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|
|
7
7
|
"cc-safe-setup": "index.mjs"
|