cc-safe-setup 2.3.0 → 2.5.0

package/README.md

@@ -130,7 +130,9 @@ Or start with the free hooks: [claude-code-hooks](https://github.com/yurukusa/cl
 
 ## Safety Audit
 
-Check what's missing in your setup:
+**[Try it in your browser](https://yurukusa.github.io/cc-safe-setup/)** — paste your settings.json, get a score instantly. Nothing leaves your browser.
+
+Or from the CLI:
 
 ```bash
 npx cc-safe-setup --audit
@@ -138,6 +140,29 @@ npx cc-safe-setup --audit
 
 Analyzes 9 safety dimensions and gives you a score (0-100) with one-command fixes for each risk.
 
+### CI Integration (GitHub Action)
+
+```yaml
+# .github/workflows/safety.yml
+- uses: yurukusa/cc-safe-setup@main
+  with:
+    threshold: 70  # CI fails if score drops below this
+```
+
+### Project Scanner
+
+```bash
+npx cc-safe-setup --scan         # detect tech stack, recommend hooks
+npx cc-safe-setup --scan --apply # auto-create CLAUDE.md with project rules
+```
+
+### Self-Learning Safety
+
+```bash
+npx cc-safe-setup --learn        # analyze your block history for patterns
+npx cc-safe-setup --learn --apply # auto-generate custom hooks from patterns
+```
+
 ## Examples
 
 Need custom hooks beyond the 8 built-in ones? Install any example with one command:
@@ -173,6 +198,11 @@ Or browse all available examples in [`examples/`](examples/):
 - **branch-name-check.sh** — Warn on non-conventional branch names (feature/, fix/, etc.)
 - **todo-check.sh** — Warn when committing files with TODO/FIXME/HACK markers
 - **path-traversal-guard.sh** — Block Edit/Write with `../../` path traversal and system directories
+- **case-sensitive-guard.sh** — Detect case-insensitive filesystems (exFAT, NTFS, HFS+) and block rm/mkdir that would collide due to case folding ([#37875](https://github.com/anthropics/claude-code/issues/37875))
+
+## Safety Checklist
+
+**[SAFETY_CHECKLIST.md](SAFETY_CHECKLIST.md)** — Copy-paste checklist for before/during/after autonomous sessions.
 
 ## Learn More
 

package/SAFETY_CHECKLIST.md

@@ -0,0 +1,53 @@
+# Claude Code Safety Checklist
+
+Use this checklist before running Claude Code autonomously. Copy to your project or CLAUDE.md.
+
+## Before First Session
+
+- [ ] Install safety hooks: `npx cc-safe-setup`
+- [ ] Run safety audit: `npx cc-safe-setup --audit` (target: score ≥ 80)
+- [ ] Create CLAUDE.md with project-specific rules
+- [ ] Verify .env files are in .gitignore
+- [ ] Ensure git remote is set (so work can be recovered)
+
+## Before Autonomous Mode
+
+- [ ] Create backup branch: `git checkout -b backup/before-autonomous-$(date +%Y%m%d)`
+- [ ] Commit all current work
+- [ ] Verify destructive-guard is blocking: `npx cc-safe-setup --verify`
+- [ ] Check branch-guard protects main/master
+- [ ] If using database: install `block-database-wipe`
+- [ ] If sensitive configs: install `protect-dotfiles`
+
+## During Session
+
+- [ ] Monitor context usage (context-monitor hook warns at 40%)
+- [ ] Check blocked-commands.log periodically
+- [ ] Verify commits have meaningful messages
+
+## After Session
+
+- [ ] Review git log for unexpected changes
+- [ ] Run test suite to catch regressions
+- [ ] Check if any .env files were modified
+- [ ] Review blocked-commands.log for patterns: `npx cc-safe-setup --learn`
+
+## Team Setup
+
+- [ ] Add GitHub Action to CI: `uses: yurukusa/cc-safe-setup@main`
+- [ ] Set threshold ≥ 70 for CI safety gate
+- [ ] Share `.safety-net.json` or hooks config across team
+- [ ] Document which hooks are required vs optional
+
+## Quick Reference
+
+| Risk | Prevention | Install |
+|------|-----------|---------|
+| `rm -rf /` | destructive-guard | `npx cc-safe-setup` |
+| Push to main | branch-guard | `npx cc-safe-setup` |
+| .env committed | secret-guard | `npx cc-safe-setup` |
+| Database wiped | block-database-wipe | `--install-example block-database-wipe` |
+| Dotfiles modified | protect-dotfiles | `--install-example protect-dotfiles` |
+| Deploy without commit | deploy-guard | `--install-example deploy-guard` |
+| Commit without tests | verify-before-commit | `--install-example verify-before-commit` |
+| Session crash data loss | session-checkpoint | `--install-example session-checkpoint` |

package/action.yml

@@ -0,0 +1,34 @@
+name: 'Claude Code Safety Audit'
+description: 'Check your Claude Code safety setup and fail CI if score is below threshold'
+branding:
+  icon: 'shield'
+  color: 'green'
+
+inputs:
+  threshold:
+    description: 'Minimum safety score (0-100). CI fails if below this.'
+    required: false
+    default: '70'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Run safety audit
+      shell: bash
+      run: |
+        echo "::group::Claude Code Safety Audit"
+        npx cc-safe-setup@latest --audit 2>&1 | tee /tmp/audit-output.txt
+        echo "::endgroup::"
+
+        # Extract score
+        SCORE=$(grep -oP 'Safety Score: \K\d+' /tmp/audit-output.txt || echo "0")
+        THRESHOLD="${{ inputs.threshold }}"
+
+        echo "Safety Score: $SCORE / 100 (threshold: $THRESHOLD)"
+
+        if [ "$SCORE" -lt "$THRESHOLD" ]; then
+          echo "::error::Safety score $SCORE is below threshold $THRESHOLD. Run 'npx cc-safe-setup --audit --fix' to improve."
+          exit 1
+        else
+          echo "::notice::Safety score $SCORE meets threshold $THRESHOLD ✓"
+        fi