cc-safe-setup 29.6.12 → 29.6.14

package/README.md

@@ -117,7 +117,7 @@ Install any of these: `npx cc-safe-setup --install-example <name>`
 | `--scan [--apply]` | Tech stack detection |
 | `--export / --import` | Team config sharing |
 | `--verify` | Test each hook |
-| `--install-example <name>` | Install from 421 examples |
+| `--install-example <name>` | Install from 425 examples |
 | `--examples [filter]` | Browse examples by keyword |
 | `--full` | All-in-one setup |
 | `--status` | Check installed hooks |

package/examples/api-key-in-url-guard.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# api-key-in-url-guard.sh — Block API keys embedded in URLs
+#
+# Solves: Claude Code embedding API keys directly in curl/wget URLs
+#         instead of using headers or environment variables.
+#         Keys in URLs appear in shell history, server logs, proxy logs,
+#         and error messages — all places where secrets shouldn't be.
+#
+# Detects:
+#   curl https://api.example.com?key=abc123
+#   curl https://api.example.com?api_key=abc123
+#   curl https://api.example.com?token=abc123
+#   wget "https://...?secret=..."
+#
+# Does NOT block:
+#   curl -H "Authorization: Bearer $TOKEN" https://...
+#   curl with env vars: $API_KEY in header
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Only check commands that make HTTP requests
+echo "$COMMAND" | grep -qE '\b(curl|wget|http|fetch)\b' || exit 0
+
+# Check for API key patterns in URLs
+if echo "$COMMAND" | grep -qiP '[?&](api[_-]?key|token|secret|password|auth|access[_-]?key|client[_-]?secret)=[^$\s&"'\'']{8,}'; then
+    echo "BLOCKED: API key detected in URL query parameter." >&2
+    echo "" >&2
+    echo "Command: $(echo "$COMMAND" | head -1)" >&2
+    echo "" >&2
+    echo "API keys in URLs appear in:" >&2
+    echo "  - Shell history (~/.bash_history)" >&2
+    echo "  - Server access logs" >&2
+    echo "  - Proxy/CDN logs" >&2
+    echo "" >&2
+    echo "Use headers instead:" >&2
+    echo "  curl -H 'Authorization: Bearer \$TOKEN' https://..." >&2
+    echo "  curl -H 'X-API-Key: \$API_KEY' https://..." >&2
+    exit 2
+fi
+
+exit 0

package/examples/cloud-cli-guard.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+# cloud-cli-guard.sh — Block destructive GCP/Azure CLI operations
+#
+# Solves: Claude Code running destructive cloud operations via gcloud/az CLI.
+#         Deleting VMs, storage, or databases in cloud environments can
+#         cause irreversible data loss and significant costs.
+#
+# Note: AWS is covered by aws-production-guard.sh
+#
+# Detects:
+#   gcloud compute instances delete
+#   gcloud sql instances delete
+#   gcloud storage rm
+#   gcloud projects delete
+#   az vm delete
+#   az storage account delete
+#   az sql db delete
+#   az group delete
+#
+# Does NOT block:
+#   gcloud compute instances list/describe
+#   az vm list/show
+#   gcloud/az read-only operations
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block destructive gcloud operations
+if echo "$COMMAND" | grep -qE '\bgcloud\s+.*(delete|destroy|remove|reset)\b'; then
+    echo "BLOCKED: Destructive Google Cloud operation detected." >&2
+    echo "  Command: $COMMAND" >&2
+    echo "  Use 'gcloud ... describe' or 'gcloud ... list' to check first." >&2
+    exit 2
+fi
+
+# Block destructive az (Azure) operations
+if echo "$COMMAND" | grep -qE '\baz\s+.*(delete|destroy|remove)\b'; then
+    echo "BLOCKED: Destructive Azure operation detected." >&2
+    echo "  Command: $COMMAND" >&2
+    exit 2
+fi
+
+exit 0

package/examples/db-connect-guard.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+# db-connect-guard.sh — Warn on direct database connections
+#
+# Solves: Claude Code connecting to databases directly via CLI clients
+#         and running queries without understanding the environment.
+#         Production database connections should go through application
+#         code, not direct CLI access.
+#
+# Real incidents:
+#   #36183 — prisma db push --force-reset on production
+#   #33183 — prisma db push against production database
+#   #27063 — destructive db command wiped production
+#
+# Detects:
+#   mysql -h <host>          (MySQL direct connection)
+#   psql -h <host>           (PostgreSQL direct connection)
+#   mongo <connection-string> (MongoDB direct connection)
+#   redis-cli -h <host>      (Redis direct connection)
+#   prisma db push           (Prisma schema push)
+#   prisma migrate deploy    (Prisma migration)
+#
+# Does NOT block:
+#   mysql (local, no -h flag — likely development)
+#   psql (local connection)
+#   prisma generate (code generation, not DB change)
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block remote database connections
+if echo "$COMMAND" | grep -qE '\b(mysql|psql|mongo(sh)?)\s+.*(-h\s+|--host[= ])'; then
+    echo "BLOCKED: Direct remote database connection detected." >&2
+    echo "  Remote DB connections should use application code, not CLI." >&2
+    echo "  Command: $COMMAND" >&2
+    exit 2
+fi
+
+# Block redis remote connections
+if echo "$COMMAND" | grep -qE '\bredis-cli\s+.*(-h\s+|--host)'; then
+    echo "BLOCKED: Direct remote Redis connection detected." >&2
+    exit 2
+fi
+
+# Block Prisma destructive operations
+if echo "$COMMAND" | grep -qE '\bprisma\s+(db\s+push|migrate\s+deploy|migrate\s+reset)'; then
+    echo "BLOCKED: Prisma database modification detected." >&2
+    echo "  prisma db push/migrate can destroy production data." >&2
+    echo "  Verify DATABASE_URL points to the correct environment." >&2
+    exit 2
+fi
+
+exit 0

package/examples/firewall-guard.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# firewall-guard.sh — Block firewall rule modifications
+#
+# Solves: Claude Code modifying firewall rules (iptables, ufw, nftables)
+#         which can lock users out of servers or expose services.
+#         A single wrong iptables rule can make a remote server
+#         permanently inaccessible.
+#
+# Detects:
+#   iptables -A/-D/-I/-F    (add/delete/insert/flush rules)
+#   ufw allow/deny/delete   (uncomplicated firewall changes)
+#   nft add/delete/flush    (nftables changes)
+#   firewall-cmd --add/--remove  (firewalld changes)
+#
+# Does NOT block:
+#   iptables -L/-S          (listing rules — read-only)
+#   ufw status              (checking status)
+#   nft list                (listing rules)
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block iptables modifications
+if echo "$COMMAND" | grep -qE '\biptables\s+(-A|-D|-I|-F|-X|-P|--append|--delete|--insert|--flush)'; then
+    echo "BLOCKED: iptables modification can lock you out of the server." >&2
+    echo "  Use 'iptables -L' to view rules safely." >&2
+    exit 2
+fi
+
+# Block ufw modifications
+if echo "$COMMAND" | grep -qE '\bufw\s+(allow|deny|delete|disable|reset|route)'; then
+    echo "BLOCKED: ufw firewall modification." >&2
+    echo "  Use 'ufw status' to view rules safely." >&2
+    exit 2
+fi
+
+# Block nftables modifications
+if echo "$COMMAND" | grep -qE '\bnft\s+(add|delete|flush|insert)'; then
+    echo "BLOCKED: nftables modification." >&2
+    exit 2
+fi
+
+# Block firewalld modifications
+if echo "$COMMAND" | grep -qE '\bfirewall-cmd\s+--(add|remove|set|reload)'; then
+    echo "BLOCKED: firewalld modification." >&2
+    exit 2
+fi
+
+exit 0

package/examples/gh-cli-destructive-guard.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# gh-cli-destructive-guard.sh — Block destructive GitHub CLI operations
+#
+# Solves: Claude Code running dangerous gh commands without confirmation:
+#   - Closing/deleting issues or PRs
+#   - Deleting repos, releases, or branches
+#   - Merging PRs without review
+#   - Modifying repo settings
+#
+# The gh CLI is powerful but destructive operations should require
+# explicit human approval, not AI autonomy.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Only check gh commands
+echo "$COMMAND" | grep -qE '\bgh\s' || exit 0
+
+# Block destructive issue operations
+if echo "$COMMAND" | grep -qE 'gh\s+issue\s+(close|delete|lock|transfer)'; then
+    echo "BLOCKED: Destructive GitHub Issue operation." >&2
+    echo "Command: $COMMAND" >&2
+    exit 2
+fi
+
+# Block destructive PR operations
+if echo "$COMMAND" | grep -qE 'gh\s+pr\s+(close|merge|ready)'; then
+    echo "BLOCKED: Destructive GitHub PR operation." >&2
+    echo "  gh pr merge/close requires human review." >&2
+    echo "Command: $COMMAND" >&2
+    exit 2
+fi
+
+# Block repo deletion
+if echo "$COMMAND" | grep -qE 'gh\s+repo\s+delete'; then
+    echo "BLOCKED: Repository deletion." >&2
+    exit 2
+fi
+
+# Block release deletion
+if echo "$COMMAND" | grep -qE 'gh\s+release\s+delete'; then
+    echo "BLOCKED: Release deletion." >&2
+    exit 2
+fi
+
+# Block branch deletion via gh
+if echo "$COMMAND" | grep -qE 'gh\s+api\s+.*DELETE'; then
+    echo "BLOCKED: Destructive GitHub API call (DELETE method)." >&2
+    echo "Command: $COMMAND" >&2
+    exit 2
+fi
+
+exit 0

package/examples/kill-process-guard.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+# kill-process-guard.sh — Block dangerous process termination commands
+#
+# Solves: Claude Code killing important system processes or user processes
+#         without understanding their purpose. kill -9 is especially dangerous
+#         as it prevents graceful shutdown and can cause data corruption.
+#
+# Detects:
+#   kill -9 <pid>        (forced termination, no cleanup)
+#   killall <name>       (kills ALL matching processes)
+#   pkill <pattern>      (pattern-based kill, can be too broad)
+#   kill -KILL           (same as -9)
+#
+# Does NOT block:
+#   kill <pid>           (graceful SIGTERM, allows cleanup)
+#   kill -15 <pid>       (explicit SIGTERM)
+#   kill -INT            (Ctrl+C equivalent)
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block kill -9 (SIGKILL — no cleanup, potential data corruption)
+if echo "$COMMAND" | grep -qE '\bkill\s+-(9|KILL)\b'; then
+    echo "BLOCKED: kill -9 forces immediate termination without cleanup." >&2
+    echo "  Data corruption is possible. Use 'kill <pid>' (SIGTERM) instead." >&2
+    echo "  Command: $COMMAND" >&2
+    exit 2
+fi
+
+# Block killall (kills ALL matching processes)
+if echo "$COMMAND" | grep -qE '\bkillall\s'; then
+    echo "BLOCKED: killall terminates ALL processes matching the name." >&2
+    echo "  This may kill unrelated processes. Use 'kill <specific-pid>' instead." >&2
+    echo "  Command: $COMMAND" >&2
+    exit 2
+fi
+
+# Block pkill (pattern-based, can be overly broad)
+if echo "$COMMAND" | grep -qE '\bpkill\s'; then
+    echo "BLOCKED: pkill uses pattern matching which may kill unintended processes." >&2
+    echo "  Find the specific PID with 'pgrep' first, then use 'kill <pid>'." >&2
+    echo "  Command: $COMMAND" >&2
+    exit 2
+fi
+
+exit 0

package/examples/systemd-service-guard.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# systemd-service-guard.sh — Block dangerous systemd service operations
+#
+# Solves: Claude Code stopping/restarting system services without
+#         understanding the impact. Stopping nginx kills all connections,
+#         stopping postgresql causes data loss if not cleanly shut down.
+#
+# Detects:
+#   systemctl stop <service>
+#   systemctl restart <service>
+#   systemctl disable <service>
+#   systemctl mask <service>
+#   service <name> stop
+#
+# Does NOT block:
+#   systemctl status <service>
+#   systemctl start <service>    (starting is generally safe)
+#   systemctl list-units
+#   journalctl
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block systemctl stop/restart/disable/mask
+if echo "$COMMAND" | grep -qE '\bsystemctl\s+(stop|restart|disable|mask)\b'; then
+    ACTION=$(echo "$COMMAND" | grep -oE 'systemctl\s+(stop|restart|disable|mask)\s+\S+')
+    echo "BLOCKED: Dangerous systemd operation: $ACTION" >&2
+    echo "  Stopping/restarting services can cause downtime and data loss." >&2
+    echo "  Use 'systemctl status <service>' to check before acting." >&2
+    exit 2
+fi
+
+# Block legacy service command
+if echo "$COMMAND" | grep -qE '\bservice\s+\S+\s+(stop|restart)\b'; then
+    echo "BLOCKED: Dangerous service operation." >&2
+    echo "  Command: $COMMAND" >&2
+    exit 2
+fi
+
+exit 0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.6.12",
-  "description": "One command to make Claude Code safe. 425 example hooks + 8 built-in. 52 CLI commands. 5695 tests. Works with Auto Mode.",
+  "version": "29.6.14",
+  "description": "One command to make Claude Code safe. 432 example hooks + 8 built-in. 52 CLI commands. 5777 tests. Works with Auto Mode.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"