cc-safe-setup 29.6.11 → 29.6.13

package/README.md

@@ -117,7 +117,7 @@ Install any of these: `npx cc-safe-setup --install-example <name>`
 | `--scan [--apply]` | Tech stack detection |
 | `--export / --import` | Team config sharing |
 | `--verify` | Test each hook |
-| `--install-example <name>` | Install from 413 examples |
+| `--install-example <name>` | Install from 425 examples |
 | `--examples [filter]` | Browse examples by keyword |
 | `--full` | All-in-one setup |
 | `--status` | Check installed hooks |

package/examples/api-key-in-url-guard.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# api-key-in-url-guard.sh — Block API keys embedded in URLs
+#
+# Solves: Claude Code embedding API keys directly in curl/wget URLs
+#         instead of using headers or environment variables.
+#         Keys in URLs appear in shell history, server logs, proxy logs,
+#         and error messages — all places where secrets shouldn't be.
+#
+# Detects:
+#   curl https://api.example.com?key=abc123
+#   curl https://api.example.com?api_key=abc123
+#   curl https://api.example.com?token=abc123
+#   wget "https://...?secret=..."
+#
+# Does NOT block:
+#   curl -H "Authorization: Bearer $TOKEN" https://...
+#   curl with env vars: $API_KEY in header
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Only check commands that make HTTP requests
+echo "$COMMAND" | grep -qE '\b(curl|wget|http|fetch)\b' || exit 0
+
+# Check for API key patterns in URLs
+if echo "$COMMAND" | grep -qiP '[?&](api[_-]?key|token|secret|password|auth|access[_-]?key|client[_-]?secret)=[^$\s&"'\'']{8,}'; then
+    echo "BLOCKED: API key detected in URL query parameter." >&2
+    echo "" >&2
+    echo "Command: $(echo "$COMMAND" | head -1)" >&2
+    echo "" >&2
+    echo "API keys in URLs appear in:" >&2
+    echo "  - Shell history (~/.bash_history)" >&2
+    echo "  - Server access logs" >&2
+    echo "  - Proxy/CDN logs" >&2
+    echo "" >&2
+    echo "Use headers instead:" >&2
+    echo "  curl -H 'Authorization: Bearer \$TOKEN' https://..." >&2
+    echo "  curl -H 'X-API-Key: \$API_KEY' https://..." >&2
+    exit 2
+fi
+
+exit 0

package/examples/file-edit-backup.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+# file-edit-backup.sh — Auto-backup files before Edit/Write overwrites them
+#
+# Solves: Claude Code overwrites important files and the changes are hard
+#         to reverse. This creates a timestamped backup before each edit,
+#         so you can always recover the previous version.
+#
+# Real incidents:
+#   #37478 — .bashrc overwritten without permission
+#   #32938 — 11h of inference output deleted
+#   #36339 — C:\Users directory wiped (NTFS junction traversal)
+#
+# Backups go to ~/.claude/file-backups/ with timestamps.
+# Old backups (>7 days) are auto-cleaned to prevent disk bloat.
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+[ -z "$FILE" ] && exit 0
+[ ! -f "$FILE" ] && exit 0  # New file, nothing to backup
+
+BACKUP_DIR="$HOME/.claude/file-backups"
+mkdir -p "$BACKUP_DIR"
+
+# Create backup with timestamp
+TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+SAFE_NAME=$(echo "$FILE" | tr '/' '_' | sed 's/^_//')
+BACKUP_PATH="${BACKUP_DIR}/${SAFE_NAME}.${TIMESTAMP}"
+
+cp "$FILE" "$BACKUP_PATH" 2>/dev/null
+
+# Clean old backups (>7 days)
+find "$BACKUP_DIR" -type f -mtime +7 -delete 2>/dev/null
+
+exit 0

package/examples/gh-cli-destructive-guard.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# gh-cli-destructive-guard.sh — Block destructive GitHub CLI operations
+#
+# Solves: Claude Code running dangerous gh commands without confirmation:
+#   - Closing/deleting issues or PRs
+#   - Deleting repos, releases, or branches
+#   - Merging PRs without review
+#   - Modifying repo settings
+#
+# The gh CLI is powerful but destructive operations should require
+# explicit human approval, not AI autonomy.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Only check gh commands
+echo "$COMMAND" | grep -qE '\bgh\s' || exit 0
+
+# Block destructive issue operations
+if echo "$COMMAND" | grep -qE 'gh\s+issue\s+(close|delete|lock|transfer)'; then
+    echo "BLOCKED: Destructive GitHub Issue operation." >&2
+    echo "Command: $COMMAND" >&2
+    exit 2
+fi
+
+# Block destructive PR operations
+if echo "$COMMAND" | grep -qE 'gh\s+pr\s+(close|merge|ready)'; then
+    echo "BLOCKED: Destructive GitHub PR operation." >&2
+    echo "  gh pr merge/close requires human review." >&2
+    echo "Command: $COMMAND" >&2
+    exit 2
+fi
+
+# Block repo deletion
+if echo "$COMMAND" | grep -qE 'gh\s+repo\s+delete'; then
+    echo "BLOCKED: Repository deletion." >&2
+    exit 2
+fi
+
+# Block release deletion
+if echo "$COMMAND" | grep -qE 'gh\s+release\s+delete'; then
+    echo "BLOCKED: Release deletion." >&2
+    exit 2
+fi
+
+# Block branch deletion via gh
+if echo "$COMMAND" | grep -qE 'gh\s+api\s+.*DELETE'; then
+    echo "BLOCKED: Destructive GitHub API call (DELETE method)." >&2
+    echo "Command: $COMMAND" >&2
+    exit 2
+fi
+
+exit 0

package/examples/git-checkout-uncommitted-guard.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# git-checkout-uncommitted-guard.sh — Block branch switching with uncommitted changes
+#
+# Solves: Claude Code switching branches while uncommitted changes exist,
+#         causing silent data loss when the target branch overwrites modified files.
+#         Real incident: #39394 — hours of work lost when Claude decided to
+#         organize commits on a different branch.
+#
+# Why this matters: git checkout <branch> silently overwrites modified files
+# if the target branch has different versions. Unlike "git checkout -- .",
+# the user doesn't intend to discard changes — they just wanted to switch
+# branches. The data loss is a side effect, not the goal.
+#
+# Detects:
+#   git checkout <branch>     (when uncommitted changes exist)
+#   git switch <branch>       (modern equivalent)
+#
+# Does NOT block:
+#   git checkout -b <branch>  (creating new branch — preserves changes)
+#   git switch -c <branch>    (creating new branch — preserves changes)
+#   git checkout -- <files>   (handled by uncommitted-discard-guard)
+#   Any checkout when working tree is clean
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Only check git checkout/switch commands (not -b/-c which create branches)
+IS_CHECKOUT=false
+if echo "$COMMAND" | grep -qE 'git\s+checkout\s+[^-]' && ! echo "$COMMAND" | grep -qE 'git\s+checkout\s+(-b|-B)\s'; then
+    # Exclude "git checkout -- <files>" (handled elsewhere)
+    echo "$COMMAND" | grep -qE 'git\s+checkout\s+--\s' && exit 0
+    IS_CHECKOUT=true
+fi
+if echo "$COMMAND" | grep -qE 'git\s+switch\s+[^-]' && ! echo "$COMMAND" | grep -qE 'git\s+switch\s+(-c|-C)\s'; then
+    IS_CHECKOUT=true
+fi
+
+[ "$IS_CHECKOUT" = "false" ] && exit 0
+
+# Check for uncommitted changes
+DIRTY=$(git status --porcelain 2>/dev/null | head -1)
+if [ -n "$DIRTY" ]; then
+    CHANGED=$(git status --porcelain 2>/dev/null | wc -l)
+    echo "BLOCKED: Cannot switch branches with $CHANGED uncommitted change(s)." >&2
+    echo "" >&2
+    echo "Command: $COMMAND" >&2
+    echo "" >&2
+    echo "Uncommitted changes would be overwritten by the target branch." >&2
+    echo "Options:" >&2
+    echo "  git stash           # save changes, switch, then git stash pop" >&2
+    echo "  git commit -m 'WIP' # commit changes before switching" >&2
+    echo "  git checkout -b <new-branch>  # create branch (keeps changes)" >&2
+    exit 2
+fi
+
+exit 0

package/examples/plan-mode-edit-guard.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+# plan-mode-edit-guard.sh — Warn when editing non-plan files during plan mode
+#
+# Solves: Claude editing source files while plan mode is active,
+#         bypassing the "plan only" constraint. Real incident: #38255 —
+#         Opus edited api/app/routers/ despite system reminders saying
+#         plan mode was active.
+#
+# How it works: Uses a flag file to track plan mode state.
+#   - Create ~/.claude/plan-mode-active to enable (touch the file)
+#   - Delete it to disable (rm the file)
+#   - When active, Edit/Write to non-plan files triggers a warning
+#
+# Integrate with your workflow:
+#   Before entering plan mode: touch ~/.claude/plan-mode-active
+#   After exiting plan mode:   rm -f ~/.claude/plan-mode-active
+#
+# Does NOT block (warns only) because false positives during
+# legitimate plan-mode file creation would be disruptive.
+# Change exit 0 to exit 2 at the bottom to enforce strict blocking.
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+FLAG="$HOME/.claude/plan-mode-active"
+
+# Only check when plan mode flag exists
+[ ! -f "$FLAG" ] && exit 0
+
+# Get the file being edited
+case "$TOOL" in
+    Edit)
+        FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+        ;;
+    Write)
+        FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+        ;;
+    *)
+        exit 0
+        ;;
+esac
+
+[ -z "$FILE" ] && exit 0
+
+# Allow plan files
+if echo "$FILE" | grep -qiE '\.plan\.md$|plan\.md$|/plans/|task_plan\.md|findings\.md|progress\.md'; then
+    exit 0
+fi
+
+# Allow CLAUDE.md and memory files (often updated during planning)
+if echo "$FILE" | grep -qiE 'CLAUDE\.md$|MEMORY\.md$|memory/|\.claude/'; then
+    exit 0
+fi
+
+# Warn about non-plan file edits
+echo "⚠ PLAN MODE ACTIVE: Editing non-plan file: $FILE" >&2
+echo "  Plan mode should only modify plan files." >&2
+echo "  Remove ~/.claude/plan-mode-active to disable this check." >&2
+
+# Warning only (exit 0). Change to exit 2 to block.
+exit 0

package/examples/unicode-corruption-check.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# unicode-corruption-check.sh — Detect Unicode corruption after Edit/Write
+#
+# Solves: Claude Code's Edit tool corrupting non-ASCII Unicode characters
+#         (typographic quotes, em dashes, accented characters) in string literals.
+#         Real incident: #38765 — Edit tool replaced Unicode quotes with
+#         escaped sequences, breaking string comparisons.
+#
+# How it works: After Edit/Write, checks if the file contains common
+# corruption patterns (replacement characters, broken UTF-8 sequences).
+#
+# TRIGGER: PostToolUse  MATCHER: "Edit|Write"
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+[ -z "$FILE" ] && exit 0
+[ ! -f "$FILE" ] && exit 0
+
+# Skip binary files
+file "$FILE" 2>/dev/null | grep -q "text" || exit 0
+
+# Check for Unicode replacement character (U+FFFD) — sign of broken encoding
+if grep -Pq '\xef\xbf\xbd' "$FILE" 2>/dev/null; then
+    echo "⚠ Unicode corruption detected in $FILE" >&2
+    echo "  Found U+FFFD replacement characters (broken encoding)." >&2
+    echo "  Review the edit — non-ASCII characters may have been corrupted." >&2
+fi
+
+# Check for common corruption: escaped Unicode in places it shouldn't be
+# e.g., \u2018 appearing in plain text files (not JSON/JS)
+if ! echo "$FILE" | grep -qE '\.(json|js|ts|jsx|tsx)$'; then
+    if grep -qE '\\u[0-9a-fA-F]{4}' "$FILE" 2>/dev/null; then
+        echo "⚠ Possible Unicode escape in non-JS file: $FILE" >&2
+        echo "  Found \\uXXXX sequences that may be corrupted characters." >&2
+    fi
+fi
+
+exit 0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.6.11",
-  "description": "One command to make Claude Code safe. 421 example hooks + 8 built-in. 52 CLI commands. 5668 tests. Works with Auto Mode.",
+  "version": "29.6.13",
+  "description": "One command to make Claude Code safe. 427 example hooks + 8 built-in. 52 CLI commands. 5718 tests. Works with Auto Mode.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"