cc-safe-setup 29.6.0 → 29.6.2

package/examples/variable-expansion-guard.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# variable-expansion-guard.sh — Block destructive commands with shell variable expansion
+#
+# Solves: Claude running rm -rf "${LOCALAPPDATA}/" where Bash expands the
+# variable to a real system path, deleting 50+ app folders.
+# See: https://github.com/anthropics/claude-code/issues/39460
+#
+# TRIGGER: PreToolUse
+# MATCHER: Bash
+#
+# Usage:
+# {
+#   "hooks": {
+#     "PreToolUse": [{
+#       "matcher": "Bash",
+#       "hooks": [{
+#         "type": "command",
+#         "if": "Bash(rm *)",
+#         "command": "~/.claude/hooks/variable-expansion-guard.sh"
+#       }]
+#     }]
+#   }
+# }
+#
+# The "if" field (v2.1.85+) limits this to rm commands only.
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check destructive commands
+echo "$COMMAND" | grep -qE '^\s*(sudo\s+)?(rm|mv|cp|chmod|chown)\b' || exit 0
+
+# Detect shell variable patterns in arguments
+# $VAR, ${VAR}, $(command), `command`
+if echo "$COMMAND" | grep -qE '\$\{[A-Z_]+\}|\$[A-Z_]{2,}'; then
+    VAR=$(echo "$COMMAND" | grep -oE '\$\{[A-Z_]+\}|\$[A-Z_]{2,}' | head -1)
+    echo "BLOCKED: Destructive command uses shell variable $VAR" >&2
+    echo "Variables may expand to system paths (e.g., \$LOCALAPPDATA → C:/Users/.../AppData/Local)" >&2
+    echo "Use explicit paths instead of variables in destructive commands." >&2
+    exit 2
+fi
+
+# Detect command substitution in rm arguments
+if echo "$COMMAND" | grep -qE '^\s*(sudo\s+)?rm\b.*(\$\(|`)'; then
+    echo "BLOCKED: rm with command substitution detected" >&2
+    echo "The substituted path could expand to a system directory." >&2
+    exit 2
+fi
+
+exit 0

package/examples/worktree-unmerged-guard.sh

@@ -19,7 +19,12 @@
 # }
 
 INPUT=$(cat)
-COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+# jq with python3 fallback (macOS may not have jq)
+if command -v jq &>/dev/null; then
+    COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+else
+    COMMAND=$(echo "$INPUT" | python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('tool_input',{}).get('command',''))" 2>/dev/null)
+fi
 
 [ -z "$COMMAND" ] && exit 0
 
@@ -48,9 +53,14 @@ if [ -z "$BRANCH" ] || [ "$BRANCH" = "HEAD" ]; then
     exit 0
 fi
 
-# Find the default branch
+# Find the default branch (portable: checks symbolic ref, then tries main/master)
 DEFAULT_BRANCH=$(git -C "$WORKTREE_PATH" symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's|refs/remotes/origin/||')
-[ -z "$DEFAULT_BRANCH" ] && DEFAULT_BRANCH="main"
+if [ -z "$DEFAULT_BRANCH" ]; then
+    for candidate in main master; do
+        git -C "$WORKTREE_PATH" rev-parse --verify "$candidate" &>/dev/null && DEFAULT_BRANCH="$candidate" && break
+    done
+fi
+[ -z "$DEFAULT_BRANCH" ] && exit 0
 
 # Count unmerged commits
 UNMERGED=$(git -C "$WORKTREE_PATH" log --oneline "$DEFAULT_BRANCH..$BRANCH" 2>/dev/null | wc -l)

package/examples/yaml-syntax-check.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+# yaml-syntax-check.sh — Validate YAML after editing
+#
+# Prevents: Broken YAML configs (docker-compose, CI pipelines, k8s manifests).
+#           YAML indentation errors are invisible until deployment fails.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Write|Edit"
+#
+# Usage:
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "Write|Edit",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/yaml-syntax-check.sh" }]
+#     }]
+#   }
+# }
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Only check YAML files
+case "$FILE" in
+  *.yml|*.yaml) ;;
+  *) exit 0 ;;
+esac
+
+[ ! -f "$FILE" ] && exit 0
+
+# Try python yaml parser
+if command -v python3 >/dev/null 2>&1; then
+  ERROR=$(python3 -c "
+import yaml, sys
+try:
+    with open('$FILE') as f:
+        yaml.safe_load(f)
+except yaml.YAMLError as e:
+    print(str(e)[:200])
+    sys.exit(1)
+" 2>&1)
+  if [ $? -ne 0 ]; then
+    echo "YAML SYNTAX ERROR in $FILE:" >&2
+    echo "  $ERROR" >&2
+    exit 2
+  fi
+fi
+
+exit 0

package/index.mjs

@@ -405,6 +405,12 @@ function examples() {
       'pip-venv-guard.sh': 'Warn on pip install outside venv',
       'no-git-amend-push.sh': 'Warn on amending pushed commits',
       'typosquat-guard.sh': 'Detect npm/pip typosquatting attacks',
+      'variable-expansion-guard.sh': 'Block rm/mv with unexpanded shell variables (prevents system path deletion)',
+      'bash-trace-guard.sh': 'Block bash -x debug tracing that exposes secrets',
+      'strip-coauthored-by.sh': 'Warn on Co-Authored-By trailers in commit messages',
+      'session-drift-guard.sh': 'Progressive safety as session ages (warn at 200, block at 500 calls)',
+      'post-compact-safety.sh': 'Block irreversible commands after context compaction',
+      'read-budget-guard.sh': 'Limit excessive file reading to prevent token waste',
       'hook-permission-fixer.sh': 'Auto-fix missing execute permissions on hooks (SessionStart)',
       'response-budget-guard.sh': 'Track and limit tool calls per response (anti-loop)',
     },
@@ -456,6 +462,8 @@ function examples() {
       'package-script-guard.sh': 'Warn when package.json scripts change',
       'lockfile-guard.sh': 'Warn when lockfiles modified in commits',
       'git-lfs-guard.sh': 'Suggest Git LFS for large files',
+      'python-ruff-on-edit.sh': 'PostToolUse: lint Python files after edit (ruff/flake8/pylint)',
+      'typescript-lint-on-edit.sh': 'PostToolUse: type check TypeScript files after edit (tsc --noEmit)',
     },
     'Recovery': {
       'auto-checkpoint.sh': 'Auto-commit after edits for rollback protection',
@@ -465,6 +473,7 @@ function examples() {
     'UX': {
       'prompt-length-guard.sh': 'UserPromptSubmit: warn on long prompts (>5000 chars)',
       'prompt-injection-detector.sh': 'UserPromptSubmit: detect prompt injection patterns',
+      'auto-answer-question.sh': 'PreToolUse: auto-answer AskUserQuestion for headless mode (v2.1.85)',
       'notify-waiting.sh': 'Desktop notification when Claude waits for input',
       'tmp-cleanup.sh': 'Clean up /tmp/claude-*-cwd files on session end',
       'hook-debug-wrapper.sh': 'Wrap any hook to log input/output/exit/timing',

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.6.0",
-  "description": "One command to make Claude Code safe. 335 example hooks + 8 built-in. 52 CLI commands. 1,760 tests. Works with Auto Mode.",
+  "version": "29.6.2",
+  "description": "One command to make Claude Code safe. 412 example hooks + 8 built-in. 52 CLI commands. 5601 tests. Works with Auto Mode.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"