cc-safe-setup 28.3.5 → 28.4.0

package/README.md

@@ -6,7 +6,7 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 313 examples = **321 hooks**. 45 CLI commands. 941 tests. 5 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
+8 built-in + 319 examples = **327 hooks**. 45 CLI commands. 955 tests. 5 languages. [**Getting Started**](https://yurukusa.github.io/cc-safe-setup/getting-started.html) · [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [**Recipes**](https://yurukusa.github.io/cc-safe-setup/recipes.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
 
 ```bash
 npx cc-safe-setup
@@ -110,6 +110,8 @@ Each hook exists because a real incident happened without it.
 | `--init-project` | Full project setup (hooks + CLAUDE.md + CI) |
 | `--score` | CI-friendly safety score (exit 1 if below threshold) |
 | `--test-hook <name>` | Test a specific hook with sample input |
+| `--simulate "cmd"` | Preview how all hooks react to a command |
+| `--protect <path>` | Block edits to a file or directory |
 | `--changelog` | Show what changed in each version |
 | `--report` | Generate safety report |
 | `--help` | Show help |
@@ -127,6 +129,11 @@ Each hook exists because a real incident happened without it.
 | Choose a safety level | `npx cc-safe-setup --profile strict` |
 | See what Claude blocked today | `npx cc-safe-setup --replay` |
 | Know why a hook exists | `npx cc-safe-setup --why destructive-guard` |
+| Block silent memory file edits | `npx cc-safe-setup --install-example memory-write-guard` |
+| Stop built-in skills editing opaquely | `npx cc-safe-setup --install-example skill-gate` |
+| Diagnose why hooks aren't working | `npx cc-safe-setup --doctor` |
+| Preview how hooks react to a command | `npx cc-safe-setup --simulate "git push origin main"` |
+| Protect a specific file from edits | `npx cc-safe-setup --protect .env` |
 | Migrate from Cursor/Windsurf | [Migration Guide](https://yurukusa.github.io/cc-safe-setup/migration-guide.html) |
 
 ## How It Works

package/examples/auto-compact-prep.sh

@@ -0,0 +1,31 @@
+INPUT=$(cat)
+STATE_DIR="${HOME}/.claude"
+COUNTER_FILE="${STATE_DIR}/session-call-count"
+PREP_FLAG="${STATE_DIR}/compact-prep-done"
+CHECKPOINT=".claude/pre-compact-checkpoint.md"
+COUNT=0
+[ -f "$COUNTER_FILE" ] && COUNT=$(cat "$COUNTER_FILE" 2>/dev/null || echo 0)
+if [ "$COUNT" -eq 0 ]; then
+    COUNT=1
+    echo "$COUNT" > "$COUNTER_FILE"
+else
+    COUNT=$((COUNT + 1))
+    echo "$COUNT" > "$COUNTER_FILE"
+fi
+THRESHOLD=${CC_COMPACT_PREP_THRESHOLD:-200}
+if (( COUNT >= THRESHOLD )) && [ ! -f "$PREP_FLAG" ]; then
+    mkdir -p "$(dirname "$CHECKPOINT")" 2>/dev/null
+    BRANCH=$(git branch --show-current 2>/dev/null || echo "?")
+    DIRTY=$(git status --porcelain 2>/dev/null | wc -l)
+    LAST_5=$(git log --oneline -5 2>/dev/null)
+    cat > "$CHECKPOINT" << CKPT
+Saved: $(date -Iseconds) | Tool call: #${COUNT}
+Branch: ${BRANCH} | Dirty files: ${DIRTY}
+${LAST_5}
+Read this file to understand what you were working on before context was compacted.
+Check git status and git log for current state. Continue from the last commit.
+CKPT
+    touch "$PREP_FLAG"
+    echo "NOTICE: Context may compact soon (call #${COUNT}). Checkpoint saved to ${CHECKPOINT}" >&2
+fi
+exit 0

package/examples/auto-git-checkpoint.sh

@@ -0,0 +1,15 @@
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[[ "$TOOL" != "Edit" && "$TOOL" != "Write" ]] && exit 0
+[ -z "$FILE" ] && exit 0
+git rev-parse --git-dir >/dev/null 2>&1 || exit 0
+[ ! -f "$FILE" ] && exit 0
+CKPT_DIR=".claude/checkpoints"
+mkdir -p "$CKPT_DIR" 2>/dev/null
+BASENAME=$(basename "$FILE")
+TIMESTAMP=$(date +%H%M%S)
+CKPT_FILE="${CKPT_DIR}/${BASENAME}.${TIMESTAMP}.bak"
+cp "$FILE" "$CKPT_FILE" 2>/dev/null
+ls -t "${CKPT_DIR}/${BASENAME}".*.bak 2>/dev/null | tail -n +21 | xargs rm -f 2>/dev/null
+exit 0

package/examples/edit-verify.sh

@@ -0,0 +1,30 @@
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[[ "$TOOL" != "Edit" && "$TOOL" != "Write" ]] && exit 0
+[ -z "$FILE" ] && exit 0
+[ ! -f "$FILE" ] && { echo "WARNING: File does not exist after edit: $FILE" >&2; exit 0; }
+SIZE=$(wc -c < "$FILE" 2>/dev/null || echo 0)
+if [ "$SIZE" -eq 0 ]; then
+    echo "WARNING: File is empty after edit: $FILE (possible truncation)" >&2
+    exit 0
+fi
+if [ "$TOOL" = "Edit" ]; then
+    NEW_STR=$(echo "$INPUT" | jq -r '.tool_input.new_string // empty' 2>/dev/null)
+    if [ -n "$NEW_STR" ]; then
+        FIRST_LINE=$(echo "$NEW_STR" | head -1)
+        if [ -n "$FIRST_LINE" ] && ! grep -qF "$FIRST_LINE" "$FILE" 2>/dev/null; then
+            echo "WARNING: Edit may not have applied — new_string not found in $FILE" >&2
+        fi
+    fi
+fi
+if grep -qE '^(<<<<<<<|=======|>>>>>>>)' "$FILE" 2>/dev/null; then
+    echo "WARNING: Merge conflict markers detected in $FILE after edit" >&2
+fi
+if [ "$SIZE" -lt 10 ]; then
+    case "$FILE" in
+        *.json|*.yaml|*.yml|*.toml) ;; # Config files can be small
+        *) echo "WARNING: File suspiciously small ($SIZE bytes) after edit: $FILE" >&2 ;;
+    esac
+fi
+exit 0

package/examples/session-state-saver.sh

@@ -0,0 +1,30 @@
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+STATE_DIR="${HOME}/.claude"
+COUNTER_FILE="${STATE_DIR}/session-call-count"
+STATE_FILE=".claude/session-state.md"
+SAVE_INTERVAL=${CC_STATE_SAVE_INTERVAL:-50}
+mkdir -p "${STATE_DIR}" 2>/dev/null
+mkdir -p "$(dirname "${STATE_FILE}")" 2>/dev/null
+COUNT=0
+[ -f "$COUNTER_FILE" ] && COUNT=$(cat "$COUNTER_FILE" 2>/dev/null || echo 0)
+COUNT=$((COUNT + 1))
+echo "$COUNT" > "$COUNTER_FILE"
+if (( COUNT % SAVE_INTERVAL == 0 )); then
+    BRANCH=$(git branch --show-current 2>/dev/null || echo "unknown")
+    MODIFIED=$(git diff --name-only 2>/dev/null | head -10)
+    STAGED=$(git diff --cached --name-only 2>/dev/null | head -10)
+    RECENT_COMMITS=$(git log --oneline -5 2>/dev/null)
+    cat > "$STATE_FILE" << STATE
+Updated: $(date -Iseconds)
+${BRANCH}
+${MODIFIED:-none}
+${STAGED:-none}
+${RECENT_COMMITS:-none}
+${COUNT}
+---
+*Read this file after compaction to restore context.*
+STATE
+    echo "Session state saved (call #${COUNT})" >&2
+fi
+exit 0

package/examples/subagent-budget-guard.sh

@@ -0,0 +1,34 @@
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+[[ "$TOOL" != "Agent" ]] && exit 0
+MAX_AGENTS=${CC_MAX_SUBAGENTS:-5}
+TRACKER="${HOME}/.claude/active-agents"
+mkdir -p "$(dirname "$TRACKER")" 2>/dev/null
+NOW=$(date +%s)
+ACTIVE=0
+if [ -f "$TRACKER" ]; then
+    while IFS= read -r line; do
+        TS=$(echo "$line" | cut -d'|' -f1)
+        AGE=$(( NOW - TS ))
+        if (( AGE < 1800 )); then
+            ACTIVE=$((ACTIVE + 1))
+        fi
+    done < "$TRACKER"
+fi
+if (( ACTIVE >= MAX_AGENTS )); then
+    echo "BLOCKED: $ACTIVE active subagents (max: $MAX_AGENTS)." >&2
+    echo "Wait for existing agents to complete before spawning more." >&2
+    echo "Override: CC_MAX_SUBAGENTS=10" >&2
+    exit 2
+fi
+echo "${NOW}|agent" >> "$TRACKER"
+if [ -f "$TRACKER" ]; then
+    TMP=$(mktemp)
+    while IFS= read -r line; do
+        TS=$(echo "$line" | cut -d'|' -f1)
+        AGE=$(( NOW - TS ))
+        (( AGE < 1800 )) && echo "$line"
+    done < "$TRACKER" > "$TMP"
+    mv "$TMP" "$TRACKER"
+fi
+exit 0

package/index.mjs

@@ -114,6 +114,10 @@ const SUGGEST = process.argv.includes('--suggest');
 const INIT_PROJECT = process.argv.includes('--init-project');
 const SCORE_ONLY = process.argv.includes('--score');
 const CHANGELOG_CMD = process.argv.includes('--changelog');
+const SIMULATE_IDX = process.argv.findIndex(a => a === '--simulate');
+const SIMULATE_CMD = SIMULATE_IDX !== -1 ? process.argv.slice(SIMULATE_IDX + 1).join(' ') : null;
+const PROTECT_IDX = process.argv.findIndex(a => a === '--protect');
+const PROTECT_PATH = PROTECT_IDX !== -1 ? process.argv[PROTECT_IDX + 1] : null;
 const TEST_HOOK_IDX = process.argv.findIndex(a => a === '--test-hook');
 const TEST_HOOK = TEST_HOOK_IDX !== -1 ? process.argv[TEST_HOOK_IDX + 1] : null;
 const WHY_IDX = process.argv.findIndex(a => a === '--why');
@@ -147,6 +151,8 @@ if (HELP) {
     npx cc-safe-setup --diff <file>   Compare your settings with another file
     npx cc-safe-setup --lint       Static analysis of hook configuration
     npx cc-safe-setup --doctor     Diagnose why hooks aren't working
+    npx cc-safe-setup --simulate "rm -rf /"  See how hooks react to a command
+    npx cc-safe-setup --protect .env         Block edits to a specific file/dir
     npx cc-safe-setup --watch      Live dashboard of blocked commands
     npx cc-safe-setup --create "<desc>"  Generate a custom hook from description
     npx cc-safe-setup --test-hook <name>  Test a specific hook with sample inputs
@@ -4260,6 +4266,218 @@ async function watch() {
   }
 }
 
+async function protect(targetPath) {
+  const { resolve, basename } = await import('path');
+
+  console.log();
+  console.log(c.bold + '  cc-safe-setup --protect' + c.reset);
+
+  // Normalize path
+  const normalized = targetPath.replace(/\\/g, '/');
+  const safeName = basename(normalized).replace(/[^a-zA-Z0-9._-]/g, '_');
+  const hookName = `protect-${safeName}.sh`;
+  const hookPath = join(HOOKS_DIR, hookName);
+
+  // Generate hook script
+  const isDir = normalized.endsWith('/');
+  const pattern = isDir ? `*${normalized}*` : normalized;
+
+  const script = `#!/bin/bash
+# Auto-generated by: npx cc-safe-setup --protect ${targetPath}
+# Blocks Edit/Write to: ${normalized}
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+[[ "$TOOL" != "Edit" && "$TOOL" != "Write" ]] && exit 0
+[ -z "$FILE" ] && exit 0
+
+${isDir
+  ? `if [[ "$FILE" == *"${normalized}"* ]]; then`
+  : `if [[ "$FILE" == *"${normalized}" ]] || [[ "$FILE" == *"/${normalized}" ]]; then`
+}
+    jq -n '{"decision":"block","reason":"Protected path: ${normalized}"}'
+    exit 0
+fi
+
+exit 0
+`;
+
+  // Write hook
+  mkdirSync(HOOKS_DIR, { recursive: true });
+  writeFileSync(hookPath, script);
+  chmodSync(hookPath, 0o755);
+  console.log(c.green + '  + ' + c.reset + 'Created ' + hookName);
+
+  // Register in settings.json
+  let settings = {};
+  if (existsSync(SETTINGS_PATH)) {
+    try { settings = JSON.parse(readFileSync(SETTINGS_PATH, 'utf-8')); } catch {}
+  }
+  if (!settings.hooks) settings.hooks = {};
+  if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
+
+  // Find or create Edit|Write matcher
+  let editMatcher = settings.hooks.PreToolUse.find(e => e.matcher === 'Edit|Write');
+  if (!editMatcher) {
+    editMatcher = { matcher: 'Edit|Write', hooks: [] };
+    settings.hooks.PreToolUse.push(editMatcher);
+  }
+
+  const hookCmd = `bash ${hookPath}`;
+  if (!editMatcher.hooks.some(h => h.command === hookCmd)) {
+    editMatcher.hooks.push({ type: 'command', command: hookCmd });
+  }
+
+  writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2));
+  console.log(c.green + '  + ' + c.reset + 'Registered in settings.json');
+
+  console.log();
+  console.log(c.bold + '  Protected: ' + c.reset + c.blue + normalized + c.reset);
+  console.log(c.dim + '  Edit and Write to this path will be blocked.' + c.reset);
+  console.log(c.dim + '  Restart Claude Code to activate.' + c.reset);
+  console.log();
+
+  // Show how to unprotect
+  console.log(c.dim + '  To unprotect: rm ' + hookPath + c.reset);
+  console.log(c.dim + '  Then remove the entry from ~/.claude/settings.json' + c.reset);
+  console.log();
+}
+
+async function simulate(command) {
+  const { spawnSync } = await import('child_process');
+  const { readdirSync } = await import('fs');
+
+  console.log();
+  console.log(c.bold + '  cc-safe-setup --simulate' + c.reset);
+  console.log(c.dim + '  Simulating how hooks would react to:' + c.reset);
+  console.log(c.blue + '  $ ' + command + c.reset);
+  console.log();
+
+  // Build fake PreToolUse JSON for Bash
+  const fakeInput = JSON.stringify({
+    tool_name: 'Bash',
+    tool_input: { command }
+  });
+
+  // Read settings to find registered hooks
+  let settings = {};
+  if (existsSync(SETTINGS_PATH)) {
+    try { settings = JSON.parse(readFileSync(SETTINGS_PATH, 'utf-8')); } catch {}
+  }
+
+  const hookEntries = settings.hooks?.PreToolUse || [];
+  let tested = 0;
+  let approved = 0;
+  let blocked = 0;
+  let passthrough = 0;
+
+  for (const entry of hookEntries) {
+    const matcher = entry.matcher || '';
+    // Check if matcher includes Bash (or matches all)
+    if (matcher && !matcher.match(/Bash/i) && matcher !== '') continue;
+
+    for (const h of (entry.hooks || [])) {
+      if (h.type !== 'command') continue;
+      const cmd = h.command;
+
+      // Extract script name for display
+      const parts = cmd.split(/\s+/);
+      const scriptPath = parts[parts.length - 1];
+      const scriptName = scriptPath.split('/').pop().replace('.sh', '');
+
+      // Resolve path
+      const resolved = scriptPath.replace(/^~/, HOME);
+      if (!existsSync(resolved)) {
+        console.log(c.yellow + '  ? ' + c.reset + scriptName + c.dim + ' (script not found)' + c.reset);
+        continue;
+      }
+
+      tested++;
+
+      // Run the hook with fake input
+      const result = spawnSync('bash', [resolved], {
+        input: fakeInput,
+        timeout: 5000,
+        stdio: ['pipe', 'pipe', 'pipe'],
+      });
+
+      const stdout = (result.stdout || '').toString().trim();
+      const stderr = (result.stderr || '').toString().trim();
+      const exitCode = result.status;
+
+      if (exitCode === 2) {
+        blocked++;
+        console.log(c.red + '  ✗ BLOCK ' + c.reset + c.bold + scriptName + c.reset);
+        if (stderr) console.log(c.dim + '    ' + stderr.split('\n')[0] + c.reset);
+      } else if (stdout.includes('"approve"') || stdout.includes('"decision":"approve"')) {
+        approved++;
+        let reason = '';
+        try { reason = JSON.parse(stdout).reason || JSON.parse(stdout).decision; } catch {}
+        console.log(c.green + '  ✓ APPROVE ' + c.reset + scriptName + (reason ? c.dim + ' (' + reason + ')' + c.reset : ''));
+      } else {
+        passthrough++;
+        console.log(c.dim + '  · pass    ' + scriptName + c.reset);
+      }
+    }
+  }
+
+  // Also check installed hook scripts not in settings
+  if (existsSync(HOOKS_DIR)) {
+    const hookFiles = readdirSync(HOOKS_DIR).filter(f => f.endsWith('.sh'));
+    const registeredScripts = new Set();
+    for (const entry of hookEntries) {
+      for (const h of (entry.hooks || [])) {
+        if (h.command) registeredScripts.add(h.command.split('/').pop().replace('.sh', ''));
+      }
+    }
+
+    const unregistered = hookFiles.filter(f => !registeredScripts.has(f.replace('.sh', '')));
+    if (unregistered.length > 0) {
+      console.log();
+      console.log(c.dim + '  Unregistered hooks (not in settings.json):' + c.reset);
+      for (const f of unregistered.slice(0, 5)) {
+        const resolved = join(HOOKS_DIR, f);
+        const result = spawnSync('bash', [resolved], {
+          input: fakeInput,
+          timeout: 5000,
+          stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        const exitCode = result.status;
+        const stdout = (result.stdout || '').toString().trim();
+        const name = f.replace('.sh', '');
+
+        if (exitCode === 2) {
+          console.log(c.red + '  ✗ BLOCK ' + c.reset + name + c.dim + ' (unregistered)' + c.reset);
+        } else if (stdout.includes('"approve"')) {
+          console.log(c.green + '  ✓ APPROVE ' + c.reset + name + c.dim + ' (unregistered)' + c.reset);
+        } else {
+          console.log(c.dim + '  · pass    ' + name + ' (unregistered)' + c.reset);
+        }
+      }
+      if (unregistered.length > 5) {
+        console.log(c.dim + '    ... and ' + (unregistered.length - 5) + ' more' + c.reset);
+      }
+    }
+  }
+
+  // Summary
+  console.log();
+  console.log(c.bold + '  Summary: ' + c.reset +
+    (blocked > 0 ? c.red + blocked + ' blocked' + c.reset + ' · ' : '') +
+    (approved > 0 ? c.green + approved + ' approved' + c.reset + ' · ' : '') +
+    passthrough + ' passthrough');
+
+  if (blocked > 0) {
+    console.log(c.red + '  → This command would be BLOCKED' + c.reset);
+  } else if (approved > 0) {
+    console.log(c.green + '  → This command would be auto-approved (no prompt)' + c.reset);
+  } else {
+    console.log(c.dim + '  → This command would trigger a permission prompt' + c.reset);
+  }
+  console.log();
+}
+
 async function doctor() {
   const { execSync, spawnSync } = await import('child_process');
   const { statSync, readdirSync } = await import('fs');
@@ -4579,6 +4797,8 @@ async function main() {
   if (SCAN) return scan();
   if (FULL) return fullSetup();
   if (DOCTOR) return doctor();
+  if (SIMULATE_CMD) return simulate(SIMULATE_CMD);
+  if (PROTECT_PATH) return protect(PROTECT_PATH);
   if (WATCH) return watch();
   if (TEST_HOOK_IDX !== -1) return testHook(TEST_HOOK);
   if (SAVE_PROFILE_IDX !== -1) return saveProfile(SAVE_PROFILE);
@@ -4707,7 +4927,7 @@ async function main() {
   console.log('  ' + c.dim + 'Restart Claude Code to activate.' + c.reset);
   console.log('  ' + c.dim + 'Verify:' + c.reset + ' ' + c.blue + 'npx cc-health-check' + c.reset);
   console.log();
-  console.log('  ' + c.dim + 'Full kit (16 hooks + templates + tools):' + c.reset);
+  console.log('  ' + c.dim + 'Need more? 16 hooks + templates for autonomous teams:' + c.reset);
   console.log('  https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=npm&utm_medium=cli&utm_campaign=safe-setup');
   console.log();
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "28.3.5",
+  "version": "28.4.0",
   "description": "One command to make Claude Code safe. 327 hooks (8 built-in + 319 examples). 45 CLI commands. 941 tests. 5 languages.",
   "main": "index.mjs",
   "bin": {