npm - cc-safe-setup - Versions diffs - 2.4.0 → 2.5.0 - Mend

cc-safe-setup 2.4.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +8 -1
package/SAFETY_CHECKLIST.md +53 -0
package/audit-web/index.html +494 -38
package/docs/index.html +603 -0
package/examples/case-sensitive-guard.sh +145 -0
package/index.mjs +5 -1
package/package.json +2 -2

package/README.md CHANGED Viewed

@@ -130,7 +130,9 @@ Or start with the free hooks: [claude-code-hooks](https://github.com/yurukusa/cl
 ## Safety Audit
-Check what's missing in your setup:
+**[Try it in your browser](https://yurukusa.github.io/cc-safe-setup/)** — paste your settings.json, get a score instantly. Nothing leaves your browser.
+Or from the CLI:
 ```bash
 npx cc-safe-setup --audit
@@ -196,6 +198,11 @@ Or browse all available examples in [`examples/`](examples/):
 - **branch-name-check.sh** — Warn on non-conventional branch names (feature/, fix/, etc.)
 - **todo-check.sh** — Warn when committing files with TODO/FIXME/HACK markers
 - **path-traversal-guard.sh** — Block Edit/Write with `../../` path traversal and system directories
+- **case-sensitive-guard.sh** — Detect case-insensitive filesystems (exFAT, NTFS, HFS+) and block rm/mkdir that would collide due to case folding ([#37875](https://github.com/anthropics/claude-code/issues/37875))
+## Safety Checklist
+**[SAFETY_CHECKLIST.md](SAFETY_CHECKLIST.md)** — Copy-paste checklist for before/during/after autonomous sessions.
 ## Learn More

package/SAFETY_CHECKLIST.md ADDED Viewed

@@ -0,0 +1,53 @@
+# Claude Code Safety Checklist
+Use this checklist before running Claude Code autonomously. Copy to your project or CLAUDE.md.
+## Before First Session
+- [ ] Install safety hooks: `npx cc-safe-setup`
+- [ ] Run safety audit: `npx cc-safe-setup --audit` (target: score ≥ 80)
+- [ ] Create CLAUDE.md with project-specific rules
+- [ ] Verify .env files are in .gitignore
+- [ ] Ensure git remote is set (so work can be recovered)
+## Before Autonomous Mode
+- [ ] Create backup branch: `git checkout -b backup/before-autonomous-$(date +%Y%m%d)`
+- [ ] Commit all current work
+- [ ] Verify destructive-guard is blocking: `npx cc-safe-setup --verify`
+- [ ] Check branch-guard protects main/master
+- [ ] If using database: install `block-database-wipe`
+- [ ] If sensitive configs: install `protect-dotfiles`
+## During Session
+- [ ] Monitor context usage (context-monitor hook warns at 40%)
+- [ ] Check blocked-commands.log periodically
+- [ ] Verify commits have meaningful messages
+## After Session
+- [ ] Review git log for unexpected changes
+- [ ] Run test suite to catch regressions
+- [ ] Check if any .env files were modified
+- [ ] Review blocked-commands.log for patterns: `npx cc-safe-setup --learn`
+## Team Setup
+- [ ] Add GitHub Action to CI: `uses: yurukusa/cc-safe-setup@main`
+- [ ] Set threshold ≥ 70 for CI safety gate
+- [ ] Share `.safety-net.json` or hooks config across team
+- [ ] Document which hooks are required vs optional
+## Quick Reference
+| Risk | Prevention | Install |
+|------|-----------|---------|
+| `rm -rf /` | destructive-guard | `npx cc-safe-setup` |
+| Push to main | branch-guard | `npx cc-safe-setup` |
+| .env committed | secret-guard | `npx cc-safe-setup` |
+| Database wiped | block-database-wipe | `--install-example block-database-wipe` |
+| Dotfiles modified | protect-dotfiles | `--install-example protect-dotfiles` |
+| Deploy without commit | deploy-guard | `--install-example deploy-guard` |
+| Commit without tests | verify-before-commit | `--install-example verify-before-commit` |
+| Session crash data loss | session-checkpoint | `--install-example session-checkpoint` |