cc-safe-setup 28.4.0 → 28.4.2

package/README.md

@@ -6,13 +6,13 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 319 examples = **327 hooks**. 45 CLI commands. 955 tests. 5 languages. [**Getting Started**](https://yurukusa.github.io/cc-safe-setup/getting-started.html) · [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [**Recipes**](https://yurukusa.github.io/cc-safe-setup/recipes.html) · [Wizard](https://yurukusa.github.io/cc-safe-setup/wizard.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
-
 ```bash
 npx cc-safe-setup
 ```
 
-Installs 8 production-tested safety hooks in ~10 seconds. Zero dependencies. No manual configuration.
+Installs 8 safety hooks in ~10 seconds. Blocks `rm -rf /`, prevents pushes to main, catches secret leaks, validates syntax after every edit. Zero dependencies.
+
+[**Getting Started**](https://yurukusa.github.io/cc-safe-setup/getting-started.html) · [**All Tools**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [**Recipes**](https://yurukusa.github.io/cc-safe-setup/recipes.html) · [Validate your settings.json](https://yurukusa.github.io/cc-safe-setup/validator.html)
 
 ```
   cc-safe-setup

package/examples/claudemd-enforcer.sh

@@ -0,0 +1,42 @@
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+RESULT=$(echo "$INPUT" | jq -r '.tool_result // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if [ "${CC_REQUIRE_TESTS:-0}" = "1" ]; then
+    if echo "$COMMAND" | grep -qE '^\s*git\s+commit'; then
+        LAST_TEST=$(stat -c %Y coverage/.last-run.json 2>/dev/null || stat -c %Y test-results 2>/dev/null || echo 0)
+        NOW=$(date +%s)
+        if [ "$LAST_TEST" -eq 0 ] || [ $((NOW - LAST_TEST)) -gt 600 ]; then
+            echo "⚠ CLAUDE.md VIOLATION: Committed without running tests first" >&2
+        fi
+    fi
+fi
+if [ -n "${CC_ENFORCED_BRANCH}" ]; then
+    if echo "$COMMAND" | grep -qE "git\s+push.*${CC_ENFORCED_BRANCH}"; then
+        echo "⚠ CLAUDE.md VIOLATION: Pushed to protected branch '${CC_ENFORCED_BRANCH}'" >&2
+    fi
+fi
+if [ "${CC_NO_FORCE_PUSH:-1}" = "1" ]; then
+    if echo "$COMMAND" | grep -qE 'git\s+push.*--force'; then
+        echo "⚠ CLAUDE.md VIOLATION: Force push detected" >&2
+    fi
+fi
+MAX_FILES=${CC_MAX_FILES_PER_COMMIT:-20}
+if echo "$COMMAND" | grep -qE '^\s*git\s+commit'; then
+    STAGED=$(git diff --cached --name-only 2>/dev/null | wc -l)
+    if [ "$STAGED" -gt "$MAX_FILES" ]; then
+        echo "⚠ CLAUDE.md VIOLATION: Committing $STAGED files (max: $MAX_FILES)" >&2
+    fi
+fi
+if echo "$COMMAND" | grep -qE '^\s*git\s+add'; then
+    STAGED_FILES=$(git diff --cached --name-only 2>/dev/null)
+    for f in $STAGED_FILES; do
+        [ -f "$f" ] || continue
+        if grep -qE 'console\.log\(|debugger;|print\(' "$f" 2>/dev/null; then
+            echo "⚠ CLAUDE.md REMINDER: Debug statements found in staged file: $f" >&2
+            break
+        fi
+    done
+fi
+exit 0

package/examples/mcp-tool-guard.sh

@@ -0,0 +1,26 @@
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+echo "$TOOL" | grep -q '^mcp__' || exit 0
+if [ "${CC_MCP_WARN_ALL:-0}" = "1" ]; then
+    echo "NOTE: MCP tool call: $TOOL" >&2
+fi
+BLOCKED="${CC_MCP_BLOCKED_TOOLS:-}"
+if [ -n "$BLOCKED" ]; then
+    IFS=',' read -ra PATTERNS <<< "$BLOCKED"
+    for pattern in "${PATTERNS[@]}"; do
+        pattern=$(echo "$pattern" | xargs)  # trim whitespace
+        if [[ "$TOOL" == *"$pattern"* ]]; then
+            echo "BLOCKED: MCP tool $TOOL matches blocked pattern: $pattern" >&2
+            exit 2
+        fi
+    done
+fi
+case "$TOOL" in
+    *delete*|*remove*|*drop*|*destroy*|*purge*)
+        echo "WARNING: Potentially destructive MCP tool: $TOOL" >&2
+        ;;
+    *send_email*|*send_message*|*post*|*publish*)
+        echo "WARNING: MCP tool with external side effects: $TOOL" >&2
+        ;;
+esac
+exit 0

package/examples/prompt-injection-guard.sh

@@ -44,6 +44,28 @@ if echo "$OUTPUT" | grep -qP '<!--.*(?:execute|run|delete|remove).*-->'; then
     SUSPICIOUS=1
 fi
 
+# tool_runtime_configuration injection (GitHub #28586)
+if echo "$OUTPUT" | grep -qiE '<tool_runtime_configuration>|</tool_runtime_configuration>'; then
+    echo "WARNING: tool_runtime_configuration injection detected — can disable tools" >&2
+    SUSPICIOUS=1
+fi
+
+# MCP server instruction override (GitHub #30545)
+if echo "$OUTPUT" | grep -qiE 'override.*CLAUDE\.md|ignore.*project\s+rules|disregard.*instructions'; then
+    echo "WARNING: Possible MCP instruction override detected" >&2
+    SUSPICIOUS=1
+fi
+
+# Base64-encoded commands (obfuscated injection)
+if echo "$OUTPUT" | grep -qE '[A-Za-z0-9+/]{40,}={0,2}'; then
+    # Check if it decodes to something suspicious
+    DECODED=$(echo "$OUTPUT" | grep -oE '[A-Za-z0-9+/]{40,}={0,2}' | head -1 | base64 -d 2>/dev/null || true)
+    if echo "$DECODED" | grep -qiE 'rm\s+-rf|curl.*\|.*sh|eval|exec'; then
+        echo "WARNING: Base64-encoded command detected in tool output" >&2
+        SUSPICIOUS=1
+    fi
+fi
+
 if [ "$SUSPICIOUS" -eq 1 ]; then
     echo "Review the output carefully before acting on it." >&2
 fi

package/examples/test-before-commit.sh

@@ -0,0 +1,17 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+echo "$COMMAND" | grep -qE '^\s*git\s+commit' || exit 0
+RECENT=0
+TIMEOUT=${CC_TEST_TIMEOUT:-600}
+NOW=$(date +%s)
+for marker in coverage/.last-run.json test-results .nyc_output junit.xml; do
+    [ -e "$marker" ] || continue
+    MTIME=$(stat -c %Y "$marker" 2>/dev/null || echo 0)
+    [ $((NOW - MTIME)) -lt "$TIMEOUT" ] && RECENT=1 && break
+done
+if [ "$RECENT" -eq 0 ]; then
+    echo "BLOCKED: No recent test results (within $((TIMEOUT/60)) min)" >&2
+    echo "Run your test suite first, then commit." >&2
+    exit 2
+fi
+exit 0

package/examples/usage-warn.sh

@@ -0,0 +1,13 @@
+COUNTER="${HOME}/.claude/session-tool-count"
+COUNT=$(cat "$COUNTER" 2>/dev/null || echo 0)
+COUNT=$((COUNT + 1))
+echo "$COUNT" > "$COUNTER"
+WARN1=${CC_USAGE_WARN1:-100}
+WARN2=${CC_USAGE_WARN2:-200}
+WARN3=${CC_USAGE_WARN3:-300}
+case "$COUNT" in
+    "$WARN1") echo "NOTE: $COUNT tool calls this session" >&2 ;;
+    "$WARN2") echo "WARNING: $COUNT tool calls — consider wrapping up" >&2 ;;
+    "$WARN3") echo "ALERT: $COUNT tool calls — approaching typical session limit" >&2 ;;
+esac
+exit 0

package/index.mjs

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 
-import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, copyFileSync } from 'fs';
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, copyFileSync, unlinkSync } from 'fs';
 import { join, dirname } from 'path';
 import { homedir } from 'os';
 import { createInterface } from 'readline';
@@ -11,6 +11,9 @@ const HOME = homedir();
 const HOOKS_DIR = join(HOME, '.claude', 'hooks');
 const SETTINGS_PATH = join(HOME, '.claude', 'settings.json');
 
+// Convert Windows backslash paths to bash-compatible forward slashes
+const toBashPath = (p) => p.replace(/\\/g, '/');
+
 const c = {
   reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
   red: '\x1b[31m', green: '\x1b[32m', yellow: '\x1b[33m',
@@ -114,10 +117,15 @@ const SUGGEST = process.argv.includes('--suggest');
 const INIT_PROJECT = process.argv.includes('--init-project');
 const SCORE_ONLY = process.argv.includes('--score');
 const CHANGELOG_CMD = process.argv.includes('--changelog');
+const VALIDATE = process.argv.includes('--validate');
+const SAFE_MODE = process.argv.includes('--safe-mode');
+const SAFE_MODE_OFF = process.argv.includes('--safe-mode') && process.argv.includes('off');
 const SIMULATE_IDX = process.argv.findIndex(a => a === '--simulate');
 const SIMULATE_CMD = SIMULATE_IDX !== -1 ? process.argv.slice(SIMULATE_IDX + 1).join(' ') : null;
 const PROTECT_IDX = process.argv.findIndex(a => a === '--protect');
 const PROTECT_PATH = PROTECT_IDX !== -1 ? process.argv[PROTECT_IDX + 1] : null;
+const RULES_IDX = process.argv.findIndex(a => a === '--rules');
+const RULES_FILE = RULES_IDX !== -1 ? (process.argv[RULES_IDX + 1] || '.claude/rules.yaml') : null;
 const TEST_HOOK_IDX = process.argv.findIndex(a => a === '--test-hook');
 const TEST_HOOK = TEST_HOOK_IDX !== -1 ? process.argv[TEST_HOOK_IDX + 1] : null;
 const WHY_IDX = process.argv.findIndex(a => a === '--why');
@@ -127,51 +135,43 @@ if (HELP) {
   console.log(`
   cc-safe-setup — Make Claude Code safe for autonomous operation
 
-  Usage:
-    npx cc-safe-setup              Install 8 safety hooks
-    npx cc-safe-setup --status     Check installed hooks
-    npx cc-safe-setup --verify     Test each hook with sample inputs
-    npx cc-safe-setup --dry-run    Preview without installing
-    npx cc-safe-setup --uninstall  Remove all installed hooks
-    npx cc-safe-setup --examples   List 30 example hooks (5 categories)
-    npx cc-safe-setup --install-example <name>  Install a specific example
-    npx cc-safe-setup --full       Complete setup: hooks + scan + audit + badge
-    npx cc-safe-setup --audit      Safety score (0-100) with fixes
-    npx cc-safe-setup --audit --fix  Auto-fix missing protections
-    npx cc-safe-setup --audit --json  Machine-readable output for CI/CD
-    npx cc-safe-setup --scan       Detect tech stack, recommend hooks
-    npx cc-safe-setup --learn      Learn from your block history
-    npx cc-safe-setup --generate-ci   Generate GitHub Actions workflow for safety checks
-    npx cc-safe-setup --migrate       Detect hooks from other projects, suggest replacements
-    npx cc-safe-setup --compare <a> <b>  Compare two hooks side-by-side
-    npx cc-safe-setup --issues        Show GitHub Issues each hook addresses
-    npx cc-safe-setup --dashboard     Real-time status dashboard
-    npx cc-safe-setup --benchmark     Measure hook execution time
-    npx cc-safe-setup --share         Generate shareable URL for your setup
-    npx cc-safe-setup --diff <file>   Compare your settings with another file
-    npx cc-safe-setup --lint       Static analysis of hook configuration
-    npx cc-safe-setup --doctor     Diagnose why hooks aren't working
-    npx cc-safe-setup --simulate "rm -rf /"  See how hooks react to a command
-    npx cc-safe-setup --protect .env         Block edits to a specific file/dir
-    npx cc-safe-setup --watch      Live dashboard of blocked commands
-    npx cc-safe-setup --create "<desc>"  Generate a custom hook from description
-    npx cc-safe-setup --test-hook <name>  Test a specific hook with sample inputs
-    npx cc-safe-setup --save-profile <name>  Save current hooks as a named profile
-    npx cc-safe-setup --changelog       Show what changed in recent versions
-    npx cc-safe-setup --score           Print safety score (0-100) and exit
-    npx cc-safe-setup --init-project    Complete project setup (CLAUDE.md + hooks + CI + .gitignore)
-    npx cc-safe-setup --suggest        Analyze project and predict risks → suggest hooks
-    npx cc-safe-setup --why <hook>     Why this hook exists (real incident + issue link)
-    npx cc-safe-setup --replay         Replay blocked commands timeline (demo/review)
-    npx cc-safe-setup --guard "<rule>"  Instantly enforce a rule (generate + install + activate)
-    npx cc-safe-setup --diff-hooks <path>  Compare hooks between two settings files
-    npx cc-safe-setup --from-claudemd  Convert CLAUDE.md rules into hooks
-    npx cc-safe-setup --health        Hook health dashboard (size, permissions, age)
-    npx cc-safe-setup --migrate-from <tool>  Migrate from safety-net/hooks-mastery/etc.
-    npx cc-safe-setup --team         Set up project-level hooks (commit to repo for team)
-    npx cc-safe-setup --profile <level>  Switch safety profile (strict/standard/minimal)
-    npx cc-safe-setup --analyze     Analyze what Claude did in your last session
-    npx cc-safe-setup --shield     Maximum safety in one command (fix + scan + install + CLAUDE.md)
+  Quick Start:
+    npx cc-safe-setup              Install 8 safety hooks (30 sec)
+    npx cc-safe-setup --shield     Maximum safety — one command
+    npx cc-safe-setup --doctor     Diagnose hook problems
+
+  Protect:
+    --protect .env                 Block edits to a specific file
+    --guard "never delete prod"    Enforce a rule from plain English
+    --simulate "rm -rf /"          Preview how hooks react to a command
+    --validate                     Check all hooks for errors (auto-fix)
+    --safe-mode                    Emergency: disable all hooks
+
+  Install & Configure:
+    --install-example <name>       Install from 300+ example hooks
+    --examples                     Browse examples by category
+    --from-claudemd                Convert CLAUDE.md rules into hooks
+    --rules [file]                 Compile YAML rules into hooks
+    --team                         Set up project-level hooks for git
+    --profile <level>              Switch profile (strict/standard/minimal)
+    --shield                       Full setup: hooks + scan + CLAUDE.md
+
+  Diagnose & Monitor:
+    --status / --verify            Check installed hooks / test them
+    --doctor                       13-point diagnostic
+    --audit [--fix] [--json]       Safety score 0-100
+    --watch                        Live blocked command feed
+    --health                       Hook health dashboard
+    --suggest                      Predict risks from project analysis
+
+  Manage:
+    --dry-run / --uninstall        Preview / remove hooks
+    --export / --import            Share configuration
+    --diff <file>                  Compare settings
+    --lint                         Static analysis of config
+
+  More: --create, --why, --replay, --score, --changelog, --analyze,
+        --benchmark, --dashboard, --migrate-from, --init-project
     npx cc-safe-setup --quickfix   Auto-detect and fix common Claude Code problems
     npx cc-safe-setup --stats      Block statistics and patterns report
     npx cc-safe-setup --export     Export hooks config for team sharing
@@ -305,6 +305,8 @@ function status() {
     console.log('  ' + c.dim + '+ ' + installedExamples.length + ' example hooks' + c.reset);
   }
   console.log();
+  console.log(c.dim + '  Tip: --validate to check health · --simulate "cmd" to test · --shield for max safety' + c.reset);
+  console.log();
 
   // Exit code for CI: 0 = all installed, 1 = missing hooks
   if (missing > 0) process.exit(1);
@@ -615,7 +617,7 @@ async function installExample(name) {
 
   const hookEntry = {
     matcher: matcher,
-    hooks: [{ type: 'command', command: destPath }],
+    hooks: [{ type: 'command', command: toBashPath(destPath) }],
   };
 
   // Check if already installed
@@ -2214,7 +2216,7 @@ async function profile(level) {
 
   // Register all hooks in settings
   const hookFiles = prof.hooks.filter(h => existsSync(join(HOOKS_DIR, `${h}.sh`)));
-  const bashHooks = hookFiles.map(h => ({ type: 'command', command: `bash ${join(HOOKS_DIR, h + '.sh')}` }));
+  const bashHooks = hookFiles.map(h => ({ type: 'command', command: `bash ${toBashPath(join(HOOKS_DIR, h + '.sh'))}` }));
 
   // Simplified: put all under PreToolUse Bash for now
   if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
@@ -3881,7 +3883,7 @@ exit 0`,
   if (!existing.some(cmd => cmd.includes(matched.name))) {
     settings.hooks[matched.trigger].push({
       matcher: matched.matcher,
-      hooks: [{ type: 'command', command: hookPath }],
+      hooks: [{ type: 'command', command: toBashPath(hookPath) }],
     });
     writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2));
     console.log(c.green + '  ✓ Registered in settings.json' + c.reset);
@@ -4266,6 +4268,334 @@ async function watch() {
   }
 }
 
+async function validateHooks() {
+  const { spawnSync } = await import('child_process');
+  const { readdirSync, renameSync } = await import('fs');
+
+  console.log();
+  console.log(c.bold + '  cc-safe-setup --validate' + c.reset);
+  console.log(c.dim + '  Checking all hooks for syntax errors and dangerous exit codes...' + c.reset);
+  console.log();
+
+  if (!existsSync(HOOKS_DIR)) {
+    console.log(c.yellow + '  No hooks directory found.' + c.reset);
+    return;
+  }
+
+  const disabledDir = join(HOME, '.claude', 'hooks-disabled');
+  const hooks = readdirSync(HOOKS_DIR).filter(f => f.endsWith('.sh'));
+  let ok = 0, dangerous = 0;
+
+  for (const h of hooks) {
+    const path = join(HOOKS_DIR, h);
+    const name = h.replace('.sh', '');
+
+    // 1. Syntax check
+    const syntax = spawnSync('bash', ['-n', path], { stdio: 'pipe', timeout: 5000 });
+    if (syntax.status !== 0) {
+      mkdirSync(disabledDir, { recursive: true });
+      renameSync(path, join(disabledDir, h));
+      console.log(c.red + '  ✗ ' + name + c.reset + ' — SYNTAX ERROR (exit ' + syntax.status + ')');
+      console.log(c.dim + '    Moved to hooks-disabled/. A syntax error exit 2 blocks ALL tools.' + c.reset);
+      dangerous++;
+      continue;
+    }
+
+    // 2. Empty input test — exit 2 = would block all tools
+    const test = spawnSync('bash', [path], {
+      input: '{}', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe']
+    });
+    if (test.status === 2) {
+      mkdirSync(disabledDir, { recursive: true });
+      renameSync(path, join(disabledDir, h));
+      console.log(c.red + '  ✗ ' + name + c.reset + ' — BLOCKS on empty input (exit 2)');
+      console.log(c.dim + '    Moved to hooks-disabled/.' + c.reset);
+      dangerous++;
+      continue;
+    }
+
+    ok++;
+    console.log(c.green + '  ✓ ' + c.reset + name);
+  }
+
+  console.log();
+  if (dangerous > 0) {
+    console.log(c.red + '  ' + dangerous + ' dangerous hook(s) disabled.' + c.reset);
+    console.log(c.dim + '  Restart Claude Code to apply. Disabled hooks are in ~/.claude/hooks-disabled/' + c.reset);
+  } else {
+    console.log(c.green + '  All ' + ok + ' hooks passed validation.' + c.reset);
+  }
+  console.log();
+}
+
+async function safeMode(enable) {
+  const { readdirSync, renameSync, rmdirSync } = await import('fs');
+  const disabledDir = join(HOME, '.claude', 'hooks-disabled');
+  const backupSettings = join(HOME, '.claude', 'settings-backup.json');
+
+  console.log();
+  if (enable) {
+    console.log(c.bold + '  cc-safe-setup --safe-mode' + c.reset);
+    console.log(c.dim + '  Disabling all hooks...' + c.reset);
+
+    if (!existsSync(HOOKS_DIR)) {
+      console.log(c.yellow + '  No hooks to disable.' + c.reset);
+      return;
+    }
+
+    mkdirSync(disabledDir, { recursive: true });
+    const hooks = readdirSync(HOOKS_DIR).filter(f => f.endsWith('.sh'));
+    for (const h of hooks) {
+      renameSync(join(HOOKS_DIR, h), join(disabledDir, h));
+    }
+
+    // Backup settings and clear hooks
+    if (existsSync(SETTINGS_PATH)) {
+      const settings = readFileSync(SETTINGS_PATH, 'utf-8');
+      writeFileSync(backupSettings, settings);
+      const parsed = JSON.parse(settings);
+      parsed.hooks = {};
+      writeFileSync(SETTINGS_PATH, JSON.stringify(parsed, null, 2));
+    }
+
+    console.log(c.green + '  Safe mode ON.' + c.reset + ' ' + hooks.length + ' hooks disabled.');
+    console.log(c.dim + '  Restart Claude Code. Run --safe-mode off to restore.' + c.reset);
+  } else {
+    console.log(c.bold + '  cc-safe-setup --safe-mode off' + c.reset);
+
+    if (existsSync(disabledDir)) {
+      mkdirSync(HOOKS_DIR, { recursive: true });
+      const hooks = readdirSync(disabledDir).filter(f => f.endsWith('.sh'));
+      for (const h of hooks) {
+        renameSync(join(disabledDir, h), join(HOOKS_DIR, h));
+      }
+      try { rmdirSync(disabledDir); } catch {}
+      console.log(c.green + '  Restored ' + hooks.length + ' hooks.' + c.reset);
+    }
+
+    if (existsSync(backupSettings)) {
+      copyFileSync(backupSettings, SETTINGS_PATH);
+      unlinkSync(backupSettings);
+      console.log(c.green + '  Restored settings.json from backup.' + c.reset);
+    }
+
+    console.log(c.dim + '  Restart Claude Code to activate hooks.' + c.reset);
+  }
+  console.log();
+}
+
+async function compileRules(rulesFile) {
+  console.log();
+  console.log(c.bold + '  cc-safe-setup --rules' + c.reset);
+
+  if (!existsSync(rulesFile)) {
+    // Create example rules file
+    const exampleDir = rulesFile.includes('/') ? rulesFile.substring(0, rulesFile.lastIndexOf('/')) : '.';
+    mkdirSync(exampleDir, { recursive: true });
+    writeFileSync(rulesFile, `# Claude Code Safety Rules
+# Run: npx cc-safe-setup --rules ${rulesFile}
+
+# Block dangerous commands
+- block: "rm -rf on root or home"
+  pattern: "rm\\s+-rf\\s+(\\/$|~)"
+
+- block: "git push to main"
+  pattern: "git\\s+push.*(main|master)"
+
+- block: "git force push"
+  pattern: "git\\s+push.*--force"
+
+- block: "git add .env"
+  pattern: "git\\s+add.*\\.env"
+
+# Auto-approve safe commands
+- approve: "read-only commands"
+  commands: [cat, head, tail, ls, grep, find, which, pwd, date]
+
+- approve: "git read commands"
+  pattern: "^\\s*git\\s+(status|log|diff|show|branch)"
+
+- approve: "test runners"
+  pattern: "^\\s*(npm\\s+test|pytest|go\\s+test|cargo\\s+test)"
+
+# Protect files from edits
+- protect: ".env"
+- protect: "config/secrets.yaml"
+`);
+    console.log(c.green + '  + ' + c.reset + 'Created ' + rulesFile + ' with example rules');
+    console.log(c.dim + '  Edit the file, then run this command again to compile.' + c.reset);
+    console.log();
+    return;
+  }
+
+  // Parse YAML (simple parser — no dependency needed)
+  const content = readFileSync(rulesFile, 'utf-8');
+  const rules = [];
+  let current = null;
+
+  for (const line of content.split('\n')) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith('#') || !trimmed) continue;
+
+    const blockMatch = trimmed.match(/^-\s+block:\s+"(.+)"/);
+    const approveMatch = trimmed.match(/^-\s+approve:\s+"(.+)"/);
+    const protectMatch = trimmed.match(/^-\s+protect:\s+"(.+)"/);
+    const patternMatch = trimmed.match(/^pattern:\s+"(.+)"/);
+    const commandsMatch = trimmed.match(/^commands:\s+\[(.+)\]/);
+
+    if (blockMatch) { current = { type: 'block', name: blockMatch[1] }; rules.push(current); }
+    else if (approveMatch) { current = { type: 'approve', name: approveMatch[1] }; rules.push(current); }
+    else if (protectMatch) { rules.push({ type: 'protect', path: protectMatch[1] }); current = null; }
+    else if (patternMatch && current) { current.pattern = patternMatch[1]; }
+    else if (commandsMatch && current) { current.commands = commandsMatch[1].split(',').map(s => s.trim()); }
+  }
+
+  if (rules.length === 0) {
+    console.log(c.yellow + '  No rules found in ' + rulesFile + c.reset);
+    return;
+  }
+
+  console.log(c.dim + '  Compiling ' + rules.length + ' rules from ' + rulesFile + c.reset);
+
+  // Generate consolidated hook script
+  let script = `#!/bin/bash
+# Auto-generated from: ${rulesFile}
+# Generated: $(date -Iseconds)
+# Rules: ${rules.length}
+# Regenerate: npx cc-safe-setup --rules ${rulesFile}
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+`;
+
+  // Block rules
+  const blocks = rules.filter(r => r.type === 'block');
+  if (blocks.length > 0) {
+    script += '# === Block Rules ===\n';
+    script += 'if [ "$TOOL" = "Bash" ] && [ -n "$COMMAND" ]; then\n';
+    for (const rule of blocks) {
+      if (rule.pattern) {
+        script += `  if echo "$COMMAND" | grep -qE '${rule.pattern}'; then\n`;
+        script += `    echo "BLOCKED: ${rule.name}" >&2\n`;
+        script += `    exit 2\n`;
+        script += `  fi\n`;
+      }
+    }
+    script += 'fi\n\n';
+  }
+
+  // Approve rules
+  const approves = rules.filter(r => r.type === 'approve');
+  if (approves.length > 0) {
+    script += '# === Approve Rules ===\n';
+    script += 'if [ "$TOOL" = "Bash" ] && [ -n "$COMMAND" ]; then\n';
+    for (const rule of approves) {
+      if (rule.commands) {
+        const base = '$(echo "$COMMAND" | awk \'{ print $1 }\' | sed \'s|.*/||\')'
+        script += `  BASE=${base}\n`;
+        script += `  case "$BASE" in\n`;
+        script += `    ${rule.commands.join('|')}) echo '{"decision":"approve","reason":"${rule.name}"}'; exit 0 ;;\n`;
+        script += `  esac\n`;
+      }
+      if (rule.pattern) {
+        script += `  if echo "$COMMAND" | grep -qE '${rule.pattern}'; then\n`;
+        script += `    echo '{"decision":"approve","reason":"${rule.name}"}'\n`;
+        script += `    exit 0\n`;
+        script += `  fi\n`;
+      }
+    }
+    script += 'fi\n\n';
+  }
+
+  // Protect rules
+  const protects = rules.filter(r => r.type === 'protect');
+  if (protects.length > 0) {
+    script += '# === Protect Rules ===\n';
+    script += 'if [ "$TOOL" = "Edit" ] || [ "$TOOL" = "Write" ]; then\n';
+    script += '  [ -z "$FILE" ] && exit 0\n';
+    for (const rule of protects) {
+      const path = rule.path;
+      if (path.endsWith('/')) {
+        script += `  [[ "$FILE" == *"${path}"* ]] && { jq -n '{"decision":"block","reason":"Protected: ${path}"}'; exit 0; }\n`;
+      } else {
+        script += `  [[ "$FILE" == *"${path}" ]] && { jq -n '{"decision":"block","reason":"Protected: ${path}"}'; exit 0; }\n`;
+      }
+    }
+    script += 'fi\n\n';
+  }
+
+  script += 'exit 0\n';
+
+  // Write hook
+  mkdirSync(HOOKS_DIR, { recursive: true });
+  const hookPath = join(HOOKS_DIR, 'compiled-rules.sh');
+  writeFileSync(hookPath, script);
+  chmodSync(hookPath, 0o755);
+
+  // Syntax check — a broken hook returns exit 2 which blocks ALL tools
+  const { execSync } = await import('child_process');
+  try {
+    execSync(`bash -n "${hookPath}"`, { stdio: 'pipe' });
+  } catch (e) {
+    const stderr = (e.stderr || '').toString().trim();
+    unlinkSync(hookPath);
+    console.log(c.red + '  ✗ Syntax error in generated hook — aborted' + c.reset);
+    if (stderr) console.log(c.dim + '    ' + stderr + c.reset);
+    console.log(c.dim + '  Check your rules file for unescaped special characters.' + c.reset);
+    console.log();
+    return;
+  }
+
+  // Register in settings.json
+  let settings = {};
+  if (existsSync(SETTINGS_PATH)) {
+    try { settings = JSON.parse(readFileSync(SETTINGS_PATH, 'utf-8')); } catch {}
+  }
+  if (!settings.hooks) settings.hooks = {};
+  if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
+
+  const hookCmd = `bash ${hookPath}`;
+
+  // Check all matchers for existing compiled-rules entry
+  let found = false;
+  for (const entry of settings.hooks.PreToolUse) {
+    const idx = (entry.hooks || []).findIndex(h => h.command && h.command.includes('compiled-rules'));
+    if (idx !== -1) {
+      entry.hooks[idx] = { type: 'command', command: hookCmd };
+      found = true;
+      break;
+    }
+  }
+
+  if (!found) {
+    // Add to catch-all matcher
+    let allMatcher = settings.hooks.PreToolUse.find(e => e.matcher === '');
+    if (!allMatcher) {
+      allMatcher = { matcher: '', hooks: [] };
+      settings.hooks.PreToolUse.push(allMatcher);
+    }
+    allMatcher.hooks.push({ type: 'command', command: hookCmd });
+  }
+
+  writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2));
+
+  // Summary
+  console.log();
+  for (const rule of rules) {
+    if (rule.type === 'block') console.log(c.red + '  ✗ ' + c.reset + 'Block: ' + rule.name);
+    else if (rule.type === 'approve') console.log(c.green + '  ✓ ' + c.reset + 'Approve: ' + rule.name);
+    else if (rule.type === 'protect') console.log(c.blue + '  🔒 ' + c.reset + 'Protect: ' + rule.path);
+  }
+  console.log();
+  console.log(c.bold + '  ' + rules.length + ' rules compiled' + c.reset + ' → ' + hookPath);
+  console.log(c.dim + '  Restart Claude Code to activate.' + c.reset);
+  console.log(c.dim + '  Edit ' + rulesFile + ' and re-run to update.' + c.reset);
+  console.log();
+}
+
 async function protect(targetPath) {
   const { resolve, basename } = await import('path');
 
@@ -4303,13 +4633,44 @@ fi
 exit 0
 `;
 
-  // Write hook
+  // Safety: write to /tmp first, validate, then copy to hooks/
+  const tmpScript = '/tmp/cc-compiled-rules-' + Date.now() + '.sh';
+  writeFileSync(tmpScript, script);
+  chmodSync(tmpScript, 0o755);
+
+  // Validate 1: bash syntax check
+  const { spawnSync: checkSpawn } = await import('child_process');
+  const syntaxCheck = checkSpawn('bash', ['-n', tmpScript], { stdio: 'pipe' });
+  if (syntaxCheck.status !== 0) {
+    const err = (syntaxCheck.stderr || '').toString().trim();
+    console.log(c.red + '  ERROR: Generated script has syntax errors:' + c.reset);
+    console.log(c.dim + '  ' + err + c.reset);
+    try { unlinkSync(tmpScript); } catch {}
+    console.log(c.dim + '  Script NOT installed. Fix your rules and try again.' + c.reset);
+    return;
+  }
+
+  // Validate 2: empty input must NOT return exit 2 (which blocks all tools)
+  const emptyTest = checkSpawn('bash', [tmpScript], {
+    input: '{}', timeout: 5000, stdio: ['pipe', 'pipe', 'pipe']
+  });
+  if (emptyTest.status === 2) {
+    console.log(c.red + '  ERROR: Script returns exit 2 on empty input.' + c.reset);
+    console.log(c.red + '  This would BLOCK ALL Claude Code tools.' + c.reset);
+    try { unlinkSync(tmpScript); } catch {}
+    return;
+  }
+
+  // Validated — copy to hooks dir
   mkdirSync(HOOKS_DIR, { recursive: true });
-  writeFileSync(hookPath, script);
+  const hookContent = readFileSync(tmpScript, 'utf-8');
+  writeFileSync(hookPath, hookContent);
   chmodSync(hookPath, 0o755);
-  console.log(c.green + '  + ' + c.reset + 'Created ' + hookName);
+  try { unlinkSync(tmpScript); } catch {}
+  console.log(c.green + '  + ' + c.reset + 'Created ' + hookName + ' (syntax verified)');
 
-  // Register in settings.json
+  // Register in settings.json — use "Bash" matcher ONLY (never "")
+  // "" matcher affects ALL tools and a broken hook would lock out the session
   let settings = {};
   if (existsSync(SETTINGS_PATH)) {
     try { settings = JSON.parse(readFileSync(SETTINGS_PATH, 'utf-8')); } catch {}
@@ -4317,16 +4678,34 @@ exit 0
   if (!settings.hooks) settings.hooks = {};
   if (!settings.hooks.PreToolUse) settings.hooks.PreToolUse = [];
 
-  // Find or create Edit|Write matcher
-  let editMatcher = settings.hooks.PreToolUse.find(e => e.matcher === 'Edit|Write');
-  if (!editMatcher) {
-    editMatcher = { matcher: 'Edit|Write', hooks: [] };
-    settings.hooks.PreToolUse.push(editMatcher);
+  // Register under specific matchers based on rule types (NEVER use "" matcher)
+  const hookCmd = `bash ${hookPath}`;
+  const hasBlocks = rules.some(r => r.type === 'block');
+  const hasApproves = rules.some(r => r.type === 'approve');
+  const hasProtects = rules.some(r => r.type === 'protect');
+
+  // Block and approve rules need Bash matcher
+  if (hasBlocks || hasApproves) {
+    let bashMatcher = settings.hooks.PreToolUse.find(e => e.matcher === 'Bash');
+    if (!bashMatcher) {
+      bashMatcher = { matcher: 'Bash', hooks: [] };
+      settings.hooks.PreToolUse.push(bashMatcher);
+    }
+    if (!bashMatcher.hooks.some(h => h.command === hookCmd)) {
+      bashMatcher.hooks.push({ type: 'command', command: hookCmd });
+    }
   }
 
-  const hookCmd = `bash ${hookPath}`;
-  if (!editMatcher.hooks.some(h => h.command === hookCmd)) {
-    editMatcher.hooks.push({ type: 'command', command: hookCmd });
+  // Protect rules need Edit|Write matcher
+  if (hasProtects) {
+    let editMatcher = settings.hooks.PreToolUse.find(e => e.matcher === 'Edit|Write');
+    if (!editMatcher) {
+      editMatcher = { matcher: 'Edit|Write', hooks: [] };
+      settings.hooks.PreToolUse.push(editMatcher);
+    }
+    if (!editMatcher.hooks.some(h => h.command === hookCmd)) {
+      editMatcher.hooks.push({ type: 'command', command: hookCmd });
+    }
   }
 
   writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2));
@@ -4796,9 +5175,12 @@ async function main() {
   if (LEARN) return learn();
   if (SCAN) return scan();
   if (FULL) return fullSetup();
+  if (VALIDATE) return validateHooks();
+  if (SAFE_MODE) return safeMode(!SAFE_MODE_OFF);
   if (DOCTOR) return doctor();
   if (SIMULATE_CMD) return simulate(SIMULATE_CMD);
   if (PROTECT_PATH) return protect(PROTECT_PATH);
+  if (RULES_FILE) return compileRules(RULES_FILE);
   if (WATCH) return watch();
   if (TEST_HOOK_IDX !== -1) return testHook(TEST_HOOK);
   if (SAVE_PROFILE_IDX !== -1) return saveProfile(SAVE_PROFILE);
@@ -4913,7 +5295,7 @@ async function main() {
     if (!exists) {
       settings.hooks[trigger].push({
         matcher: hook.matcher,
-        hooks: [{ type: 'command', command: hookPath }]
+        hooks: [{ type: 'command', command: toBashPath(hookPath) }]
       });
     }
   }
@@ -4925,10 +5307,13 @@ async function main() {
   console.log();
   console.log(c.bold + '  Done.' + c.reset + ' ' + Object.keys(HOOKS).length + ' safety hooks installed.');
   console.log('  ' + c.dim + 'Restart Claude Code to activate.' + c.reset);
-  console.log('  ' + c.dim + 'Verify:' + c.reset + ' ' + c.blue + 'npx cc-health-check' + c.reset);
   console.log();
-  console.log('  ' + c.dim + 'Need more? 16 hooks + templates for autonomous teams:' + c.reset);
-  console.log('  https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=npm&utm_medium=cli&utm_campaign=safe-setup');
+  console.log('  ' + c.dim + 'Next steps:' + c.reset);
+  console.log('  ' + c.blue + '  --doctor' + c.reset + '            Verify hooks work');
+  console.log('  ' + c.blue + '  --simulate "cmd"' + c.reset + '    Test how hooks react');
+  console.log('  ' + c.blue + '  --shield' + c.reset + '            Maximum safety (recommended)');
+  console.log();
+  console.log('  ' + c.dim + '22 web tools: https://yurukusa.github.io/cc-safe-setup/hub.html' + c.reset);
   console.log();
 }
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "28.4.0",
-  "description": "One command to make Claude Code safe. 327 hooks (8 built-in + 319 examples). 45 CLI commands. 941 tests. 5 languages.",
+  "version": "28.4.2",
+  "description": "One command to make Claude Code safe. 336 hooks (8 built-in + 328 examples). 49 CLI commands. 978 tests. 5 languages.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"