cc-safe-setup 28.3.3 → 28.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -2
- package/examples/check-git-hooks-compat.sh +18 -0
- package/examples/no-large-commit.sh +14 -0
- package/examples/no-sleep-in-hooks.sh +14 -0
- package/index.mjs +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -64,7 +64,7 @@ Claude Code ships with no safety hooks by default. This tool fixes that.
|
|
|
64
64
|
|
|
65
65
|
Each hook exists because a real incident happened without it.
|
|
66
66
|
|
|
67
|
-
## All
|
|
67
|
+
## All 45 Commands
|
|
68
68
|
|
|
69
69
|
| Command | What It Does |
|
|
70
70
|
|---------|-------------|
|
|
@@ -87,7 +87,7 @@ Each hook exists because a real incident happened without it.
|
|
|
87
87
|
| `--scan [--apply]` | Tech stack detection |
|
|
88
88
|
| `--export / --import` | Team config sharing |
|
|
89
89
|
| `--verify` | Test each hook |
|
|
90
|
-
| `--install-example <name>` | Install from
|
|
90
|
+
| `--install-example <name>` | Install from 316 examples |
|
|
91
91
|
| `--examples [filter]` | Browse examples by keyword |
|
|
92
92
|
| `--full` | All-in-one setup |
|
|
93
93
|
| `--status` | Check installed hooks |
|
|
@@ -107,6 +107,11 @@ Each hook exists because a real incident happened without it.
|
|
|
107
107
|
| `--why <hook>` | Show real incident behind hook |
|
|
108
108
|
| `--migrate-from <tool>` | Migrate from other hook tools |
|
|
109
109
|
| `--diff-hooks [path]` | Compare hook configurations |
|
|
110
|
+
| `--init-project` | Full project setup (hooks + CLAUDE.md + CI) |
|
|
111
|
+
| `--score` | CI-friendly safety score (exit 1 if below threshold) |
|
|
112
|
+
| `--test-hook <name>` | Test a specific hook with sample input |
|
|
113
|
+
| `--changelog` | Show what changed in each version |
|
|
114
|
+
| `--report` | Generate safety report |
|
|
110
115
|
| `--help` | Show help |
|
|
111
116
|
|
|
112
117
|
## Quick Start by Scenario
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
INPUT=$(cat)
|
|
2
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
3
|
+
[ -z "$COMMAND" ] && exit 0
|
|
4
|
+
echo "$COMMAND" | grep -qE '(git\s+commit|git\s+push|husky|lint-staged|pre-commit)' || exit 0
|
|
5
|
+
if [ -d ".git/hooks" ]; then
|
|
6
|
+
ACTIVE=$(find .git/hooks -maxdepth 1 -type f -executable ! -name "*.sample" 2>/dev/null | wc -l)
|
|
7
|
+
if [ "$ACTIVE" -gt 0 ]; then
|
|
8
|
+
echo "NOTE: $ACTIVE active git hooks found in .git/hooks/" >&2
|
|
9
|
+
echo "Ensure CC hooks and git hooks don't duplicate checks." >&2
|
|
10
|
+
fi
|
|
11
|
+
fi
|
|
12
|
+
if [ -d ".husky" ]; then
|
|
13
|
+
HUSKY=$(find .husky -maxdepth 1 -type f -executable 2>/dev/null | wc -l)
|
|
14
|
+
if [ "$HUSKY" -gt 0 ]; then
|
|
15
|
+
echo "NOTE: Husky detected with $HUSKY hooks. CC hooks run separately." >&2
|
|
16
|
+
fi
|
|
17
|
+
fi
|
|
18
|
+
exit 0
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
INPUT=$(cat)
|
|
2
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
3
|
+
[ -z "$COMMAND" ] && exit 0
|
|
4
|
+
echo "$COMMAND" | grep -qE '^\s*git\s+commit\b' || exit 0
|
|
5
|
+
STAGED=$(git diff --cached --name-only 2>/dev/null | wc -l)
|
|
6
|
+
MAX=${CC_MAX_COMMIT_FILES:-20}
|
|
7
|
+
if [ "$STAGED" -gt "$MAX" ]; then
|
|
8
|
+
echo "WARNING: Committing $STAGED files (threshold: $MAX)." >&2
|
|
9
|
+
echo "Consider splitting into smaller, focused commits." >&2
|
|
10
|
+
echo "Staged files:" >&2
|
|
11
|
+
git diff --cached --name-only 2>/dev/null | head -10 >&2
|
|
12
|
+
[ "$STAGED" -gt 10 ] && echo "... and $((STAGED - 10)) more" >&2
|
|
13
|
+
fi
|
|
14
|
+
exit 0
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
INPUT=$(cat)
|
|
2
|
+
FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
|
|
3
|
+
[ -z "$FILE" ] && exit 0
|
|
4
|
+
case "$FILE" in
|
|
5
|
+
*/.claude/hooks/*.sh|*/hooks/*.sh) ;;
|
|
6
|
+
*) exit 0 ;;
|
|
7
|
+
esac
|
|
8
|
+
[ ! -f "$FILE" ] && exit 0
|
|
9
|
+
if grep -qE '^\s*sleep\s+[0-9]' "$FILE" 2>/dev/null; then
|
|
10
|
+
echo "WARNING: Hook contains sleep command: $FILE" >&2
|
|
11
|
+
echo "Sleep in hooks causes Claude Code to hang or timeout." >&2
|
|
12
|
+
echo "Remove sleep calls or use non-blocking alternatives." >&2
|
|
13
|
+
fi
|
|
14
|
+
exit 0
|
package/index.mjs
CHANGED
|
@@ -2391,7 +2391,7 @@ async function shield() {
|
|
|
2391
2391
|
if (existsSync(join(cwd, '.env'))) extras.push('env-source-guard');
|
|
2392
2392
|
|
|
2393
2393
|
// Always include these for maximum safety
|
|
2394
|
-
extras.push('scope-guard', 'no-sudo-guard', 'protect-claudemd');
|
|
2394
|
+
extras.push('scope-guard', 'no-sudo-guard', 'protect-claudemd', 'memory-write-guard', 'skill-gate', 'auto-approve-test', 'auto-approve-readonly');
|
|
2395
2395
|
|
|
2396
2396
|
for (const ex of extras) {
|
|
2397
2397
|
const exPath = join(__dirname, 'examples', `${ex}.sh`);
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "28.3.
|
|
4
|
-
"description": "One command to make Claude Code safe.
|
|
3
|
+
"version": "28.3.5",
|
|
4
|
+
"description": "One command to make Claude Code safe. 327 hooks (8 built-in + 319 examples). 45 CLI commands. 941 tests. 5 languages.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|
|
7
7
|
"cc-safe-setup": "index.mjs"
|