cc-safe-setup 29.6.10 → 29.6.12

package/README.md

@@ -117,7 +117,7 @@ Install any of these: `npx cc-safe-setup --install-example <name>`
 | `--scan [--apply]` | Tech stack detection |
 | `--export / --import` | Team config sharing |
 | `--verify` | Test each hook |
-| `--install-example <name>` | Install from 413 examples |
+| `--install-example <name>` | Install from 421 examples |
 | `--examples [filter]` | Browse examples by keyword |
 | `--full` | All-in-one setup |
 | `--status` | Check installed hooks |

package/examples/file-edit-backup.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+# file-edit-backup.sh — Auto-backup files before Edit/Write overwrites them
+#
+# Solves: Claude Code overwrites important files and the changes are hard
+#         to reverse. This creates a timestamped backup before each edit,
+#         so you can always recover the previous version.
+#
+# Real incidents:
+#   #37478 — .bashrc overwritten without permission
+#   #32938 — 11h of inference output deleted
+#   #36339 — C:\Users directory wiped (NTFS junction traversal)
+#
+# Backups go to ~/.claude/file-backups/ with timestamps.
+# Old backups (>7 days) are auto-cleaned to prevent disk bloat.
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+[ -z "$FILE" ] && exit 0
+[ ! -f "$FILE" ] && exit 0  # New file, nothing to backup
+
+BACKUP_DIR="$HOME/.claude/file-backups"
+mkdir -p "$BACKUP_DIR"
+
+# Create backup with timestamp
+TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+SAFE_NAME=$(echo "$FILE" | tr '/' '_' | sed 's/^_//')
+BACKUP_PATH="${BACKUP_DIR}/${SAFE_NAME}.${TIMESTAMP}"
+
+cp "$FILE" "$BACKUP_PATH" 2>/dev/null
+
+# Clean old backups (>7 days)
+find "$BACKUP_DIR" -type f -mtime +7 -delete 2>/dev/null
+
+exit 0

package/examples/git-checkout-uncommitted-guard.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# git-checkout-uncommitted-guard.sh — Block branch switching with uncommitted changes
+#
+# Solves: Claude Code switching branches while uncommitted changes exist,
+#         causing silent data loss when the target branch overwrites modified files.
+#         Real incident: #39394 — hours of work lost when Claude decided to
+#         organize commits on a different branch.
+#
+# Why this matters: git checkout <branch> silently overwrites modified files
+# if the target branch has different versions. Unlike "git checkout -- .",
+# the user doesn't intend to discard changes — they just wanted to switch
+# branches. The data loss is a side effect, not the goal.
+#
+# Detects:
+#   git checkout <branch>     (when uncommitted changes exist)
+#   git switch <branch>       (modern equivalent)
+#
+# Does NOT block:
+#   git checkout -b <branch>  (creating new branch — preserves changes)
+#   git switch -c <branch>    (creating new branch — preserves changes)
+#   git checkout -- <files>   (handled by uncommitted-discard-guard)
+#   Any checkout when working tree is clean
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Only check git checkout/switch commands (not -b/-c which create branches)
+IS_CHECKOUT=false
+if echo "$COMMAND" | grep -qE 'git\s+checkout\s+[^-]' && ! echo "$COMMAND" | grep -qE 'git\s+checkout\s+(-b|-B)\s'; then
+    # Exclude "git checkout -- <files>" (handled elsewhere)
+    echo "$COMMAND" | grep -qE 'git\s+checkout\s+--\s' && exit 0
+    IS_CHECKOUT=true
+fi
+if echo "$COMMAND" | grep -qE 'git\s+switch\s+[^-]' && ! echo "$COMMAND" | grep -qE 'git\s+switch\s+(-c|-C)\s'; then
+    IS_CHECKOUT=true
+fi
+
+[ "$IS_CHECKOUT" = "false" ] && exit 0
+
+# Check for uncommitted changes
+DIRTY=$(git status --porcelain 2>/dev/null | head -1)
+if [ -n "$DIRTY" ]; then
+    CHANGED=$(git status --porcelain 2>/dev/null | wc -l)
+    echo "BLOCKED: Cannot switch branches with $CHANGED uncommitted change(s)." >&2
+    echo "" >&2
+    echo "Command: $COMMAND" >&2
+    echo "" >&2
+    echo "Uncommitted changes would be overwritten by the target branch." >&2
+    echo "Options:" >&2
+    echo "  git stash           # save changes, switch, then git stash pop" >&2
+    echo "  git commit -m 'WIP' # commit changes before switching" >&2
+    echo "  git checkout -b <new-branch>  # create branch (keeps changes)" >&2
+    exit 2
+fi
+
+exit 0

package/examples/git-message-length-check.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+# ================================================================
+# git-message-length-check.sh — Warn on too-short commit messages
+# ================================================================
+# PURPOSE:
+#   Claude Code sometimes writes very short commit messages like
+#   "fix" or "update". This PostToolUse hook checks the commit
+#   message length and warns if it's too short to be meaningful.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Bash"
+#
+# CONFIGURATION:
+#   CC_COMMIT_MIN_LENGTH=10  (minimum message length, default: 10)
+# ================================================================
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check git commit commands
+echo "$COMMAND" | grep -qE 'git\s+commit' || exit 0
+
+MIN_LENGTH="${CC_COMMIT_MIN_LENGTH:-10}"
+
+# Extract message from -m flag
+MSG=$(echo "$COMMAND" | grep -oE '\-m\s+["'"'"'][^"'"'"']*["'"'"']' | sed "s/-m\s*[\"']\(.*\)[\"']/\1/")
+[ -z "$MSG" ] && exit 0
+
+LENGTH=${#MSG}
+
+if [ "$LENGTH" -lt "$MIN_LENGTH" ]; then
+    echo "⚠ Commit message too short ($LENGTH chars, minimum: $MIN_LENGTH)" >&2
+    echo "  Message: \"$MSG\"" >&2
+    echo "  Write descriptive messages explaining WHY, not WHAT." >&2
+fi
+
+exit 0

package/examples/plan-mode-edit-guard.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# plan-mode-edit-guard.sh — Warn when editing non-plan files during plan mode
+#
+# Solves: Claude editing source files while plan mode is active,
+#         bypassing the "plan only" constraint. Real incident: #38255 —
+#         Opus edited api/app/routers/ despite system reminders saying
+#         plan mode was active.
+#
+# How it works: Uses a flag file to track plan mode state.
+#   - Create ~/.claude/plan-mode-active to enable (touch the file)
+#   - Delete it to disable (rm the file)
+#   - When active, Edit/Write to non-plan files triggers a warning
+#
+# Integrate with your workflow:
+#   Before entering plan mode: touch ~/.claude/plan-mode-active
+#   After exiting plan mode:   rm -f ~/.claude/plan-mode-active
+#
+# Does NOT block (warns only) because false positives during
+# legitimate plan-mode file creation would be disruptive.
+# Change exit 0 to exit 2 at the bottom to enforce strict blocking.
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+FLAG="$HOME/.claude/plan-mode-active"
+
+# Only check when plan mode flag exists
+[ ! -f "$FLAG" ] && exit 0
+
+# Get the file being edited
+case "$TOOL" in
+    Edit)
+        FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+        ;;
+    Write)
+        FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+        ;;
+    *)
+        exit 0
+        ;;
+esac
+
+[ -z "$FILE" ] && exit 0
+
+# Allow plan files
+if echo "$FILE" | grep -qiE '\.plan\.md$|plan\.md$|/plans/|task_plan\.md|findings\.md|progress\.md'; then
+    exit 0
+fi
+
+# Allow CLAUDE.md and memory files (often updated during planning)
+if echo "$FILE" | grep -qiE 'CLAUDE\.md$|MEMORY\.md$|memory/|\.claude/'; then
+    exit 0
+fi
+
+# Warn about non-plan file edits
+echo "⚠ PLAN MODE ACTIVE: Editing non-plan file: $FILE" >&2
+echo "  Plan mode should only modify plan files." >&2
+echo "  Remove ~/.claude/plan-mode-active to disable this check." >&2
+
+# Warning only (exit 0). Change to exit 2 to block.
+exit 0

package/examples/unicode-corruption-check.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# unicode-corruption-check.sh — Detect Unicode corruption after Edit/Write
+#
+# Solves: Claude Code's Edit tool corrupting non-ASCII Unicode characters
+#         (typographic quotes, em dashes, accented characters) in string literals.
+#         Real incident: #38765 — Edit tool replaced Unicode quotes with
+#         escaped sequences, breaking string comparisons.
+#
+# How it works: After Edit/Write, checks if the file contains common
+# corruption patterns (replacement characters, broken UTF-8 sequences).
+#
+# TRIGGER: PostToolUse  MATCHER: "Edit|Write"
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+[ -z "$FILE" ] && exit 0
+[ ! -f "$FILE" ] && exit 0
+
+# Skip binary files
+file "$FILE" 2>/dev/null | grep -q "text" || exit 0
+
+# Check for Unicode replacement character (U+FFFD) — sign of broken encoding
+if grep -Pq '\xef\xbf\xbd' "$FILE" 2>/dev/null; then
+    echo "⚠ Unicode corruption detected in $FILE" >&2
+    echo "  Found U+FFFD replacement characters (broken encoding)." >&2
+    echo "  Review the edit — non-ASCII characters may have been corrupted." >&2
+fi
+
+# Check for common corruption: escaped Unicode in places it shouldn't be
+# e.g., \u2018 appearing in plain text files (not JSON/JS)
+if ! echo "$FILE" | grep -qE '\.(json|js|ts|jsx|tsx)$'; then
+    if grep -qE '\\u[0-9a-fA-F]{4}' "$FILE" 2>/dev/null; then
+        echo "⚠ Possible Unicode escape in non-JS file: $FILE" >&2
+        echo "  Found \\uXXXX sequences that may be corrupted characters." >&2
+    fi
+fi
+
+exit 0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.6.10",
-  "description": "One command to make Claude Code safe. 420 example hooks + 8 built-in. 52 CLI commands. 5662 tests. Works with Auto Mode.",
+  "version": "29.6.12",
+  "description": "One command to make Claude Code safe. 425 example hooks + 8 built-in. 52 CLI commands. 5695 tests. Works with Auto Mode.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"