cc-safe-setup 29.6.14 → 29.6.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# registry-publish-guard.sh — Block publishing to package registries
|
|
3
|
+
#
|
|
4
|
+
# Solves: Claude Code accidentally publishing packages to npm, PyPI,
|
|
5
|
+
# RubyGems, crates.io, or other registries. Publishing is
|
|
6
|
+
# irreversible for many registries (npm unpublish has a 72h limit).
|
|
7
|
+
#
|
|
8
|
+
# Note: npm-publish-guard.sh covers npm specifically.
|
|
9
|
+
# This hook covers ALL package registries.
|
|
10
|
+
#
|
|
11
|
+
# Detects:
|
|
12
|
+
# gem push (RubyGems)
|
|
13
|
+
# twine upload (PyPI)
|
|
14
|
+
# pip upload (PyPI alternative)
|
|
15
|
+
# cargo publish (crates.io)
|
|
16
|
+
# dotnet nuget push (.NET NuGet)
|
|
17
|
+
# docker push (Docker Hub)
|
|
18
|
+
# helm push (Helm charts)
|
|
19
|
+
#
|
|
20
|
+
# TRIGGER: PreToolUse MATCHER: "Bash"
|
|
21
|
+
|
|
22
|
+
INPUT=$(cat)
|
|
23
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
24
|
+
|
|
25
|
+
[ -z "$COMMAND" ] && exit 0
|
|
26
|
+
|
|
27
|
+
# Block gem push (RubyGems)
|
|
28
|
+
if echo "$COMMAND" | grep -qE '\bgem\s+push\b'; then
|
|
29
|
+
echo "BLOCKED: RubyGems publish detected." >&2
|
|
30
|
+
echo " Publishing to RubyGems is irreversible. Verify version and credentials." >&2
|
|
31
|
+
exit 2
|
|
32
|
+
fi
|
|
33
|
+
|
|
34
|
+
# Block PyPI upload (twine/pip)
|
|
35
|
+
if echo "$COMMAND" | grep -qE '\b(twine|pip)\s+upload\b'; then
|
|
36
|
+
echo "BLOCKED: PyPI upload detected." >&2
|
|
37
|
+
exit 2
|
|
38
|
+
fi
|
|
39
|
+
|
|
40
|
+
# Block cargo publish (crates.io)
|
|
41
|
+
if echo "$COMMAND" | grep -qE '\bcargo\s+publish\b'; then
|
|
42
|
+
echo "BLOCKED: crates.io publish detected." >&2
|
|
43
|
+
exit 2
|
|
44
|
+
fi
|
|
45
|
+
|
|
46
|
+
# Block dotnet nuget push
|
|
47
|
+
if echo "$COMMAND" | grep -qE '\bdotnet\s+nuget\s+push\b'; then
|
|
48
|
+
echo "BLOCKED: NuGet publish detected." >&2
|
|
49
|
+
exit 2
|
|
50
|
+
fi
|
|
51
|
+
|
|
52
|
+
# Block docker push
|
|
53
|
+
if echo "$COMMAND" | grep -qE '\bdocker\s+push\b'; then
|
|
54
|
+
echo "BLOCKED: Docker image push detected." >&2
|
|
55
|
+
echo " Verify the image tag and registry before pushing." >&2
|
|
56
|
+
exit 2
|
|
57
|
+
fi
|
|
58
|
+
|
|
59
|
+
# Block helm push
|
|
60
|
+
if echo "$COMMAND" | grep -qE '\bhelm\s+(push|package.*push)\b'; then
|
|
61
|
+
echo "BLOCKED: Helm chart push detected." >&2
|
|
62
|
+
exit 2
|
|
63
|
+
fi
|
|
64
|
+
|
|
65
|
+
exit 0
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# sensitive-file-read-guard.sh — Block reading sensitive system/user files
|
|
3
|
+
#
|
|
4
|
+
# Solves: Claude Code reading private keys, credentials, password files
|
|
5
|
+
# via the Read tool. Even reading these files exposes secrets in
|
|
6
|
+
# the conversation context, which persists in transcripts.
|
|
7
|
+
#
|
|
8
|
+
# Detects (via Read tool):
|
|
9
|
+
# ~/.ssh/id_rsa, id_ed25519 (private keys)
|
|
10
|
+
# ~/.gnupg/ (GPG keys)
|
|
11
|
+
# ~/.aws/credentials (AWS credentials)
|
|
12
|
+
# /etc/shadow (password hashes)
|
|
13
|
+
# *.pem, *.key (certificate private keys)
|
|
14
|
+
# .env.production (production secrets)
|
|
15
|
+
#
|
|
16
|
+
# Does NOT block:
|
|
17
|
+
# ~/.ssh/config (SSH config, no secrets)
|
|
18
|
+
# ~/.ssh/id_rsa.pub (public keys are fine)
|
|
19
|
+
# /etc/passwd (no secrets, world-readable)
|
|
20
|
+
# Regular project files
|
|
21
|
+
#
|
|
22
|
+
# TRIGGER: PreToolUse MATCHER: "Read"
|
|
23
|
+
|
|
24
|
+
INPUT=$(cat)
|
|
25
|
+
FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
|
|
26
|
+
|
|
27
|
+
[ -z "$FILE" ] && exit 0
|
|
28
|
+
|
|
29
|
+
# Block private key files
|
|
30
|
+
if echo "$FILE" | grep -qiE '(id_rsa|id_ed25519|id_ecdsa|id_dsa)$'; then
|
|
31
|
+
# Allow .pub files
|
|
32
|
+
echo "$FILE" | grep -qiE '\.pub$' && exit 0
|
|
33
|
+
echo "BLOCKED: Reading private key file: $FILE" >&2
|
|
34
|
+
echo " Private keys should never be read into conversation context." >&2
|
|
35
|
+
exit 2
|
|
36
|
+
fi
|
|
37
|
+
|
|
38
|
+
# Block certificate private keys
|
|
39
|
+
if echo "$FILE" | grep -qiE '\.(pem|key)$' && echo "$FILE" | grep -qiE '(private|server|ssl|tls)'; then
|
|
40
|
+
echo "BLOCKED: Reading certificate private key: $FILE" >&2
|
|
41
|
+
exit 2
|
|
42
|
+
fi
|
|
43
|
+
|
|
44
|
+
# Block credential files
|
|
45
|
+
if echo "$FILE" | grep -qiE '\.aws/credentials|\.gcloud/credentials|\.azure/|/etc/shadow|\.gnupg/'; then
|
|
46
|
+
echo "BLOCKED: Reading credential/secret file: $FILE" >&2
|
|
47
|
+
exit 2
|
|
48
|
+
fi
|
|
49
|
+
|
|
50
|
+
# Block production env files
|
|
51
|
+
if echo "$FILE" | grep -qiE '\.env\.(production|prod|staging)$'; then
|
|
52
|
+
echo "BLOCKED: Reading production environment file: $FILE" >&2
|
|
53
|
+
echo " Production secrets should not be in conversation context." >&2
|
|
54
|
+
exit 2
|
|
55
|
+
fi
|
|
56
|
+
|
|
57
|
+
exit 0
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "29.6.
|
|
4
|
-
"description": "One command to make Claude Code safe.
|
|
3
|
+
"version": "29.6.15",
|
|
4
|
+
"description": "One command to make Claude Code safe. 434 example hooks + 8 built-in. 52 CLI commands. 5800 tests. Works with Auto Mode.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|
|
7
7
|
"cc-safe-setup": "index.mjs"
|