cc-safe-setup 29.1.0 → 29.2.0

package/examples/prompt-injection-detector.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# prompt-injection-detector.sh — UserPromptSubmit hook
+# Trigger: UserPromptSubmit
+# Matcher: ""
+#
+# Detects common prompt injection patterns in user prompts.
+# Useful in environments where prompts may come from external sources
+# (API, shared sessions, automated pipelines).
+#
+# See: https://github.com/anthropics/claude-code/issues/34895
+
+INPUT=$(cat)
+PROMPT=$(echo "$INPUT" | jq -r '.prompt // empty' 2>/dev/null)
+[ -z "$PROMPT" ] && exit 0
+
+# Check for common injection patterns
+if echo "$PROMPT" | grep -qiE 'ignore (all |previous |prior |above )?(instructions|rules|guidelines)|disregard (your|the) (instructions|rules)|you are now|new persona|system prompt|</?system>|forget (your|everything|all)'; then
+  echo "⚠ Possible prompt injection detected in input." >&2
+  echo "  Pattern matched: override/ignore instructions" >&2
+  echo "  Review the prompt carefully before proceeding." >&2
+fi
+
+exit 0

package/examples/prompt-length-guard.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# prompt-length-guard.sh — UserPromptSubmit hook
+# Trigger: UserPromptSubmit
+# Matcher: ""
+#
+# Warns when a user prompt exceeds a character threshold.
+# Very long prompts can consume excessive context and tokens.
+# Adjust THRESHOLD to match your comfort level.
+
+INPUT=$(cat)
+PROMPT=$(echo "$INPUT" | jq -r '.prompt // empty' 2>/dev/null)
+[ -z "$PROMPT" ] && exit 0
+
+THRESHOLD=5000
+LENGTH=${#PROMPT}
+
+if [ "$LENGTH" -gt "$THRESHOLD" ]; then
+  echo "⚠ Long prompt detected: ${LENGTH} chars (threshold: ${THRESHOLD})" >&2
+  echo "  Consider breaking this into smaller, focused instructions." >&2
+fi
+
+exit 0

package/index.mjs

@@ -463,6 +463,8 @@ function examples() {
       'session-checkpoint.sh': 'Save session state before context compaction',
     },
     'UX': {
+      'prompt-length-guard.sh': 'UserPromptSubmit: warn on long prompts (>5000 chars)',
+      'prompt-injection-detector.sh': 'UserPromptSubmit: detect prompt injection patterns',
       'notify-waiting.sh': 'Desktop notification when Claude waits for input',
       'tmp-cleanup.sh': 'Clean up /tmp/claude-*-cwd files on session end',
       'hook-debug-wrapper.sh': 'Wrap any hook to log input/output/exit/timing',
@@ -612,6 +614,7 @@ async function installExample(name) {
   else if (content.includes('TRIGGER: SessionStart') || content.includes('SessionStart')) trigger = 'SessionStart';
   else if (content.includes('TRIGGER: PreCompact') || content.includes('PreCompact')) trigger = 'PreCompact';
   else if (content.includes('TRIGGER: SessionEnd') || content.includes('SessionEnd')) trigger = 'SessionEnd';
+  else if (content.includes('TRIGGER: UserPromptSubmit') || content.match(/^#.*UserPromptSubmit hook/m)) trigger = 'UserPromptSubmit';
 
   // Detect matcher from header (JSON format or comment format)
   const matcherMatch = content.match(/"matcher":\s*"([^"]*)"/);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.1.0",
-  "description": "One command to make Claude Code safe. 344 hooks (8 built-in + 336 examples). 49 CLI commands. 1024 tests. 5 languages.",
+  "version": "29.2.0",
+  "description": "One command to make Claude Code safe. 346 hooks (8 built-in + 338 examples). 49 CLI commands. 1030 tests. 5 languages.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"