cc-safe-setup 29.6.0 → 29.6.1

package/examples/output-token-env-check.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# output-token-env-check.sh — Warn if max output tokens is not configured
+#
+# Solves: "Response exceeded 32000 output token maximum" error
+#         (#24055 — 80 reactions)
+#
+# Claude Code defaults to 32,000 max output tokens. For complex tasks,
+# this is often not enough. Setting CLAUDE_CODE_MAX_OUTPUT_TOKENS
+# prevents the error, but many users don't know about this env var.
+#
+# This hook checks on session start (Notification/Stop) and warns
+# if the env var is not set or is set to the default 32000.
+#
+# TRIGGER: Notification
+# MATCHER: ""
+#
+# Usage:
+# {
+#   "hooks": {
+#     "Notification": [{
+#       "matcher": "",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/output-token-env-check.sh" }]
+#     }]
+#   }
+# }
+
+# Only run once per session (check if we already warned)
+MARKER="/tmp/cc-output-token-warned-$$"
+[ -f "$MARKER" ] && exit 0
+
+MAX_TOKENS="${CLAUDE_CODE_MAX_OUTPUT_TOKENS:-}"
+
+if [ -z "$MAX_TOKENS" ]; then
+  echo "TIP: CLAUDE_CODE_MAX_OUTPUT_TOKENS is not set (default: 32,000)." >&2
+  echo "  For complex tasks, set it higher to avoid truncated responses:" >&2
+  echo "  export CLAUDE_CODE_MAX_OUTPUT_TOKENS=128000" >&2
+  touch "$MARKER"
+elif [ "$MAX_TOKENS" -le 32000 ] 2>/dev/null; then
+  echo "TIP: CLAUDE_CODE_MAX_OUTPUT_TOKENS=$MAX_TOKENS (low for complex tasks)." >&2
+  echo "  Consider: export CLAUDE_CODE_MAX_OUTPUT_TOKENS=128000" >&2
+  touch "$MARKER"
+fi
+
+exit 0

package/examples/package-lock-frozen.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+# package-lock-frozen.sh — Block modifications to lockfiles
+#
+# Prevents: Unintended lockfile changes that cause merge conflicts
+#           and dependency drift. Claude should use npm ci, not npm install.
+#
+# Blocks: Edit/Write to package-lock.json, yarn.lock, pnpm-lock.yaml
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Edit|Write"
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.filePath // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+BASENAME=$(basename "$FILE")
+case "$BASENAME" in
+  package-lock.json|yarn.lock|pnpm-lock.yaml|Cargo.lock|poetry.lock|Gemfile.lock|composer.lock)
+    echo "BLOCKED: Direct modification of lockfile '$BASENAME'." >&2
+    echo "  Use the package manager to update dependencies instead." >&2
+    exit 2
+    ;;
+esac
+
+exit 0

package/examples/pip-venv-required.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# pip-venv-required.sh — Block pip install outside of a virtual environment
+#
+# Prevents: System-wide pip install that can break the OS Python.
+#           Only allows pip install when a virtualenv is active.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+#
+# Usage:
+# {
+#   "hooks": {
+#     "PreToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/pip-venv-required.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check pip install commands
+echo "$COMMAND" | grep -qE '^\s*(pip|pip3)\s+install' || exit 0
+
+# Allow if -r requirements.txt (deterministic install)
+echo "$COMMAND" | grep -qE 'pip3?\s+install\s+-r' && exit 0
+
+# Allow if --user flag (user-level, not system)
+echo "$COMMAND" | grep -qE 'pip3?\s+install\s+.*--user' && exit 0
+
+# Check if virtualenv is active
+if [ -z "$VIRTUAL_ENV" ] && [ -z "$CONDA_DEFAULT_ENV" ]; then
+  echo "BLOCKED: pip install outside of virtual environment." >&2
+  echo "  Activate a venv first: python3 -m venv .venv && source .venv/bin/activate" >&2
+  exit 2
+fi
+
+exit 0

package/examples/port-conflict-check.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+# port-conflict-check.sh — Warn before starting a server on an occupied port
+#
+# Prevents: "EADDRINUSE" errors that confuse Claude into debugging
+#           phantom issues. Detects port conflicts before they happen.
+#
+# Detects: npm start, npm run dev, python -m http.server, node server.js,
+#          next dev, vite, etc.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+#
+# Usage:
+# {
+#   "hooks": {
+#     "PreToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/port-conflict-check.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Detect server-starting commands
+echo "$COMMAND" | grep -qiE '(npm\s+(start|run\s+dev)|npx\s+(next|vite|nuxt)|python.*http\.server|node\s+.*server|flask\s+run|uvicorn|gunicorn|rails\s+s)' || exit 0
+
+# Try to extract port from command
+PORT=""
+if echo "$COMMAND" | grep -qE '\-\-port[= ]+([0-9]+)'; then
+  PORT=$(echo "$COMMAND" | grep -oE '\-\-port[= ]+([0-9]+)' | grep -oE '[0-9]+')
+elif echo "$COMMAND" | grep -qE '\-p[= ]+([0-9]+)'; then
+  PORT=$(echo "$COMMAND" | grep -oE '\-p[= ]+([0-9]+)' | grep -oE '[0-9]+')
+fi
+
+# Common default ports
+if [ -z "$PORT" ]; then
+  if echo "$COMMAND" | grep -qiE 'next|vite|nuxt'; then PORT=3000
+  elif echo "$COMMAND" | grep -qiE 'flask|django'; then PORT=5000
+  elif echo "$COMMAND" | grep -qiE 'rails'; then PORT=3000
+  elif echo "$COMMAND" | grep -qiE 'http\.server'; then PORT=8000
+  else PORT=3000
+  fi
+fi
+
+# Check if port is in use
+if command -v ss >/dev/null 2>&1; then
+  if ss -tlnp 2>/dev/null | grep -q ":${PORT} "; then
+    PID=$(ss -tlnp 2>/dev/null | grep ":${PORT} " | grep -oP 'pid=\K[0-9]+' | head -1)
+    echo "WARNING: Port $PORT is already in use (PID: ${PID:-unknown})." >&2
+    echo "  Kill it: kill $PID  or use a different port." >&2
+  fi
+elif command -v lsof >/dev/null 2>&1; then
+  if lsof -i ":${PORT}" -sTCP:LISTEN >/dev/null 2>&1; then
+    echo "WARNING: Port $PORT is already in use." >&2
+    echo "  Check: lsof -i :$PORT" >&2
+  fi
+fi
+
+exit 0

package/examples/prefer-builtin-tools.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# prefer-builtin-tools.sh — Deny bash commands that have dedicated built-in tool equivalents
+# PreToolUse hook (matcher: Bash)
+# Solves: https://github.com/anthropics/claude-code/issues/19649 (48+ reactions)
+#
+# Claude Code has built-in Read, Edit, Grep, Glob tools that are faster and safer
+# than bash equivalents. But Claude often reaches for sed, grep, cat instead.
+# This hook denies those commands with a pointer to the correct built-in tool.
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Check all segments of piped/chained commands
+while IFS= read -r segment; do
+  cmd=$(echo "$segment" | sed 's/^[[:space:]]*//' | sed 's/^[A-Za-z_][A-Za-z_0-9]*=[^ ]* //')
+  base=$(basename "$(echo "$cmd" | awk '{print $1}')" 2>/dev/null)
+  case "$base" in
+    cat)      msg="Use the Read tool to read files, or Write to create them" ;;
+    head|tail) msg="Use the Read tool with offset/limit parameters" ;;
+    sed)      msg="Use the Edit tool for modifications, or Read for viewing line ranges" ;;
+    awk)      msg="Use Read, Grep, or Edit tools instead" ;;
+    grep|rg)  msg="Use the built-in Grep tool (supports -A/-B/-C context, glob filters, output_mode)" ;;
+    find)     msg="Use the built-in Glob tool for file pattern matching" ;;
+    *)        continue ;;
+  esac
+  cat <<EOF
+{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"Do not use \`$base\`. $msg"}}
+EOF
+  exit 0
+done < <(echo "$COMMAND" | tr '|' '\n' | sed 's/[;&]\{1,2\}/\n/g')
+
+exit 0

package/examples/python-import-check.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+# python-import-check.sh — Detect unused imports in Python files
+#
+# Prevents: Unused imports that trigger linter warnings and add
+#           unnecessary dependencies. Claude often adds imports
+#           during development and forgets to clean up.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Write|Edit"
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+case "$FILE" in
+  *.py) ;;
+  *) exit 0 ;;
+esac
+
+[ ! -f "$FILE" ] && exit 0
+
+# Quick check: find import lines and see if the imported name appears elsewhere
+python3 -c "
+import re, sys
+
+with open('$FILE') as f:
+    content = f.read()
+    lines = content.split('\n')
+
+imports = []
+for line in lines:
+    m = re.match(r'^import\s+(\w+)', line)
+    if m: imports.append(m.group(1))
+    m = re.match(r'^from\s+\S+\s+import\s+(.+)', line)
+    if m:
+        for name in m.group(1).split(','):
+            name = name.strip().split(' as ')[-1].strip()
+            if name and name != '*':
+                imports.append(name)
+
+unused = []
+for imp in imports:
+    # Count occurrences (excluding the import line itself)
+    count = len(re.findall(r'\b' + re.escape(imp) + r'\b', content))
+    if count <= 1:  # Only appears in the import line
+        unused.append(imp)
+
+if unused:
+    print(f'Possibly unused imports in $FILE: {', '.join(unused[:5])}', file=sys.stderr)
+" 2>&1
+
+exit 0

package/examples/python-ruff-on-edit.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# python-ruff-on-edit.sh — Run ruff lint after editing Python files
+#
+# TRIGGER: PostToolUse
+# MATCHER: Edit
+#
+# Best with the v2.1.85 "if" field to avoid running on non-Python edits:
+#
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "Edit",
+#       "hooks": [{
+#         "type": "command",
+#         "if": "Edit(*.py)",
+#         "command": "~/.claude/hooks/python-ruff-on-edit.sh"
+#       }]
+#     }]
+#   }
+# }
+#
+# Without "if", the hook runs after every Edit and checks internally.
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+# Skip non-Python files (redundant with "if" field, kept for backward compat)
+[[ "$FILE" != *.py ]] && exit 0
+[ ! -f "$FILE" ] && exit 0
+
+# Prefer ruff, fall back to flake8, then pylint
+if command -v ruff &>/dev/null; then
+    ISSUES=$(ruff check "$FILE" --quiet 2>/dev/null)
+elif command -v flake8 &>/dev/null; then
+    ISSUES=$(flake8 "$FILE" --max-line-length=120 2>/dev/null)
+elif command -v pylint &>/dev/null; then
+    ISSUES=$(pylint "$FILE" --errors-only --score=no 2>/dev/null)
+else
+    exit 0  # No linter available
+fi
+
+if [ -n "$ISSUES" ]; then
+    COUNT=$(echo "$ISSUES" | wc -l)
+    echo "⚠ Lint: $COUNT issue(s) in $(basename "$FILE")" >&2
+    echo "$ISSUES" | head -5 >&2
+    if [ "$COUNT" -gt 5 ]; then
+        echo "  ... and $((COUNT - 5)) more" >&2
+    fi
+fi
+
+exit 0

package/examples/quoted-flag-approver.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# quoted-flag-approver.sh — Auto-approve commands with quoted flag values
+#
+# Solves: "Command contains quoted characters in flag names" false positives
+#         (#27957 — 70 reactions, breaks agentic workflows)
+#
+# After a Claude Code update, normal commands like:
+#   git commit -m "fix bug"
+#   bun run build --flag "value"
+# trigger a confirmation prompt even when they match allowlist patterns.
+#
+# This PermissionRequest hook auto-approves these prompts when:
+# 1. The base command is in a safe list
+# 2. The only "issue" is quoted characters in flag values
+#
+# TRIGGER: PermissionRequest
+# MATCHER: ""
+#
+# Usage:
+# {
+#   "hooks": {
+#     "PermissionRequest": [{
+#       "matcher": "",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/quoted-flag-approver.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+
+# Only handle "quoted characters in flag names" prompts
+MESSAGE=$(echo "$INPUT" | jq -r '.message // empty' 2>/dev/null)
+echo "$MESSAGE" | grep -qi "quoted characters in flag" || exit 0
+
+# Extract the command being checked
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Safe base commands — customize for your project
+SAFE_COMMANDS="git|npm|npx|bun|yarn|pnpm|docker|make|cargo|go|pip|python3|node|tsc|eslint|prettier|jest|vitest|pytest|curl|wget|rsync|tar|zip|unzip|cp|mv|mkdir|cat|echo|grep|find|ls|chmod|sed|awk"
+
+# Extract base command (first word, ignoring env vars and path)
+BASE_CMD=$(echo "$COMMAND" | sed 's/^[A-Z_]*=[^ ]* //' | awk '{print $1}' | sed 's|.*/||')
+
+if echo "$BASE_CMD" | grep -qE "^($SAFE_COMMANDS)$"; then
+  echo '{"permissionDecision":"allow"}'
+  exit 0
+fi
+
+# Unknown command — let the prompt through
+exit 0

package/examples/react-key-warn.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# react-key-warn.sh — Warn about missing key props in JSX lists
+#
+# Prevents: "Each child in a list should have a unique key prop" errors.
+#           Claude often generates .map() without key props.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Write|Edit"
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+case "$FILE" in
+  *.jsx|*.tsx) ;;
+  *) exit 0 ;;
+esac
+
+[ ! -f "$FILE" ] && exit 0
+
+# Check for .map( without key= in the return
+if grep -qE '\.map\s*\(' "$FILE"; then
+  # Count map calls and key props
+  MAPS=$(grep -c '\.map\s*(' "$FILE" 2>/dev/null || echo 0)
+  KEYS=$(grep -c 'key=' "$FILE" 2>/dev/null || echo 0)
+  if [ "$MAPS" -gt "$KEYS" ]; then
+    echo "WARNING: $FILE has $MAPS .map() calls but only $KEYS key= props." >&2
+    echo "  Add key props to list items to avoid React warnings." >&2
+  fi
+fi
+
+exit 0

package/examples/rm-safety-net.sh

@@ -27,6 +27,9 @@
 #     }]
 #   }
 # }
+#
+# Note: This hook checks rm, find -delete, and shred. Do NOT add an "if" field
+# (v2.1.85) because "if" only supports one pattern and would miss the others.
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
@@ -41,6 +44,12 @@ if echo "$COMMAND" | grep -qE '^\s*(sudo\s+)?rm\s'; then
     # Extract the target (last argument after flags)
     TARGET=$(echo "$COMMAND" | grep -oP 'rm\s+[^;|&]*' | awk '{print $NF}')
 
+    # Block path traversal early
+    if echo "$TARGET" | grep -qF '..'; then
+        echo "BLOCKED: path traversal detected in rm target" >&2
+        exit 2
+    fi
+
     # Allow safe targets
     if echo "$TARGET" | grep -qE "^(\./)?(${SAFE_TARGETS})(/|$)"; then
         exit 0

package/examples/rust-clippy-after-edit.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+# rust-clippy-after-edit.sh — Run cargo clippy after editing Rust files
+#
+# Prevents: Common Rust anti-patterns and potential bugs.
+#           Clippy catches: needless borrows, inefficient patterns,
+#           suspicious operations.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Write|Edit"
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+case "$FILE" in
+  *.rs) ;;
+  *) exit 0 ;;
+esac
+
+[ ! -f "$FILE" ] && exit 0
+
+# Find Cargo.toml
+DIR=$(dirname "$FILE")
+while [ "$DIR" != "/" ]; do
+  [ -f "$DIR/Cargo.toml" ] && break
+  DIR=$(dirname "$DIR")
+done
+
+if [ -f "$DIR/Cargo.toml" ] && command -v cargo >/dev/null 2>&1; then
+  WARNINGS=$(cd "$DIR" && cargo clippy --quiet 2>&1 | grep "^warning" | head -3)
+  if [ -n "$WARNINGS" ]; then
+    echo "Clippy warnings:" >&2
+    echo "$WARNINGS" | sed 's/^/  /' >&2
+  fi
+fi
+
+exit 0

package/examples/session-quota-tracker.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# session-quota-tracker.sh — Track cumulative tool calls per session
+#
+# Solves: Token consumption spiraling without warning (#23706, #38335)
+#         Users hit Max plan limits unexpectedly. This hook tracks
+#         tool call count per session and warns at thresholds.
+#
+# Tracks: cumulative tool calls in a session file
+# Warns at: 50, 100, 200, 500 tool calls
+#
+# TRIGGER: PostToolUse
+# MATCHER: ""
+#
+# Usage:
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/session-quota-tracker.sh" }]
+#     }]
+#   }
+# }
+
+# Session tracking file
+SESSION_FILE="/tmp/cc-quota-tracker-$$"
+
+# Increment counter
+if [ -f "$SESSION_FILE" ]; then
+  COUNT=$(cat "$SESSION_FILE")
+  COUNT=$((COUNT + 1))
+else
+  COUNT=1
+fi
+echo "$COUNT" > "$SESSION_FILE"
+
+# Warn at thresholds
+case "$COUNT" in
+  50)  echo "[Session: 50 tool calls. Consider saving work.]" >&2 ;;
+  100) echo "[Session: 100 tool calls. Token usage may be high.]" >&2 ;;
+  200) echo "[Session: 200 tool calls. Check your usage dashboard.]" >&2 ;;
+  500) echo "[Session: 500 tool calls. Consider starting a new session.]" >&2 ;;
+esac
+
+exit 0

package/examples/session-start-safety-check.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# session-start-safety-check.sh — Warn about uncommitted changes on session start
+#
+# Solves: Claude Code running destructive git commands on session startup
+#         that destroy uncommitted work (#34327, #39394)
+#
+# How it works:
+#   On SessionStart, checks for:
+#   1. Uncommitted changes (modified/new files)
+#   2. Unpushed commits
+#   3. Stashed changes that may need attention
+#
+#   Prints warnings but does NOT block (exit 0 always).
+#   The goal is awareness, not prevention.
+#
+# TRIGGER: SessionStart
+# MATCHER: ""
+#
+# Usage:
+# {
+#   "hooks": {
+#     "SessionStart": [{
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/session-start-safety-check.sh" }]
+#     }]
+#   }
+# }
+
+# Only run in git repos
+git rev-parse --git-dir > /dev/null 2>&1 || exit 0
+
+WARNINGS=0
+
+# Check for uncommitted changes
+CHANGES=$(git status --porcelain 2>/dev/null | wc -l)
+if [ "$CHANGES" -gt 0 ]; then
+    echo "⚠ WARNING: $CHANGES uncommitted changes detected." >&2
+    echo "  Consider: git stash  (before destructive operations)" >&2
+    WARNINGS=$((WARNINGS + 1))
+fi
+
+# Check for unpushed commits
+UNPUSHED=$(git log --oneline @{upstream}..HEAD 2>/dev/null | wc -l)
+if [ "$UNPUSHED" -gt 0 ]; then
+    echo "⚠ WARNING: $UNPUSHED unpushed commits." >&2
+    echo "  Consider: git push  (to protect against local data loss)" >&2
+    WARNINGS=$((WARNINGS + 1))
+fi
+
+# Check for stashes
+STASHES=$(git stash list 2>/dev/null | wc -l)
+if [ "$STASHES" -gt 0 ]; then
+    echo "ℹ NOTE: $STASHES stashed changes exist." >&2
+    echo "  Review: git stash list" >&2
+fi
+
+if [ "$WARNINGS" -eq 0 ]; then
+    echo "✓ Working tree clean, all commits pushed." >&2
+fi
+
+exit 0

package/examples/session-summary-stop.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# session-summary-stop.sh — Print session change summary on stop
+#
+# Solves: No quick way to see what Claude changed during a session.
+#         Git diff shows code changes but not the full picture.
+#
+# How it works: Stop hook that runs `git diff --stat` and outputs
+#               a summary of all modified files since the session started.
+#
+# Usage: Add to settings.json as a Stop hook
+#
+# {
+#   "hooks": {
+#     "Stop": [{
+#       "matcher": "",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/session-summary-stop.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+
+# Only run if in a git repo
+if ! git rev-parse --is-inside-work-tree > /dev/null 2>&1; then
+    exit 0
+fi
+
+# Get change summary
+CHANGES=$(git diff --stat HEAD 2>/dev/null)
+STAGED=$(git diff --cached --stat 2>/dev/null)
+UNTRACKED=$(git ls-files --others --exclude-standard 2>/dev/null | wc -l)
+
+if [ -n "$CHANGES" ] || [ -n "$STAGED" ] || [ "$UNTRACKED" -gt 0 ]; then
+    echo "--- Session Change Summary ---" >&2
+    if [ -n "$CHANGES" ]; then
+        echo "Modified:" >&2
+        echo "$CHANGES" | head -20 >&2
+    fi
+    if [ -n "$STAGED" ]; then
+        echo "Staged:" >&2
+        echo "$STAGED" | head -10 >&2
+    fi
+    if [ "$UNTRACKED" -gt 0 ]; then
+        echo "Untracked files: $UNTRACKED" >&2
+    fi
+    echo "---" >&2
+fi
+
+exit 0

package/examples/session-time-limit.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+# session-time-limit.sh — Warn when session exceeds time limit
+#
+# Prevents: Unbounded autonomous sessions that consume excessive tokens.
+#           Default: warn at 2 hours, configurable via CC_SESSION_LIMIT_HOURS.
+#
+# TRIGGER: PostToolUse
+# MATCHER: ""
+
+INPUT=$(cat)
+
+# Track session start
+MARKER="/tmp/cc-session-start-$$"
+NOW=$(date +%s)
+
+if [ ! -f "$MARKER" ]; then
+  echo "$NOW" > "$MARKER"
+  exit 0
+fi
+
+START=$(cat "$MARKER")
+ELAPSED=$(( (NOW - START) / 60 ))  # minutes
+LIMIT_HOURS="${CC_SESSION_LIMIT_HOURS:-2}"
+LIMIT_MIN=$((LIMIT_HOURS * 60))
+WARN_MIN=$((LIMIT_MIN * 3 / 4))  # warn at 75%
+
+if [ "$ELAPSED" -ge "$LIMIT_MIN" ]; then
+  echo "SESSION TIME LIMIT: ${ELAPSED}min elapsed (limit: ${LIMIT_HOURS}h)." >&2
+  echo "  Consider saving work and starting a new session." >&2
+elif [ "$ELAPSED" -ge "$WARN_MIN" ]; then
+  echo "[Session: ${ELAPSED}min / ${LIMIT_HOURS}h limit]" >&2
+fi
+
+exit 0