cc-safe-setup 29.6.14 → 29.6.16

package/examples/dns-config-guard.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# dns-config-guard.sh — Block DNS/hosts file modifications
+#
+# Solves: Claude Code modifying /etc/hosts or /etc/resolv.conf which
+#         can redirect traffic, break name resolution, or create
+#         security vulnerabilities.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash|Edit|Write"
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+case "$TOOL" in
+    Bash)
+        CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+        [ -z "$CMD" ] && exit 0
+        if echo "$CMD" | grep -qE '(echo|tee|sed|awk).*(/etc/hosts|/etc/resolv\.conf|/etc/nsswitch)'; then
+            echo "BLOCKED: DNS configuration modification detected." >&2
+            exit 2
+        fi
+        ;;
+    Edit|Write)
+        FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+        if echo "$FILE" | grep -qE '/etc/hosts$|/etc/resolv\.conf$|/etc/nsswitch\.conf$'; then
+            echo "BLOCKED: Cannot modify DNS configuration file: $FILE" >&2
+            exit 2
+        fi
+        ;;
+esac
+
+exit 0

package/examples/git-history-rewrite-guard.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+# git-history-rewrite-guard.sh — Block git history rewriting commands
+#
+# Solves: Claude Code rewriting git history which can cause permanent
+#         data loss and break shared branches. History rewriting on
+#         pushed commits requires force-push and affects all collaborators.
+#
+# Detects:
+#   git filter-branch           (legacy history rewriter)
+#   git filter-repo             (modern history rewriter)
+#   git rebase -i               (interactive rebase, can reorder/squash)
+#   git reset --hard HEAD~N     (discards recent commits)
+#   git reflog expire --all     (destroys reflog recovery data)
+#
+# Does NOT block:
+#   git rebase <branch>         (non-interactive, covered by no-git-rebase-public)
+#   git reset --soft            (safe, keeps changes staged)
+#   git reset --mixed           (safe, keeps changes in working tree)
+#   git reflog                  (read-only, viewing history)
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block filter-branch (legacy, dangerous)
+if echo "$COMMAND" | grep -qE '\bgit\s+filter-branch\b'; then
+    echo "BLOCKED: git filter-branch rewrites entire repository history." >&2
+    echo "  This is irreversible on shared branches." >&2
+    exit 2
+fi
+
+# Block filter-repo
+if echo "$COMMAND" | grep -qE '\bgit\s+filter-repo\b'; then
+    echo "BLOCKED: git filter-repo rewrites repository history." >&2
+    exit 2
+fi
+
+# Block interactive rebase
+if echo "$COMMAND" | grep -qE '\bgit\s+rebase\s+-i\b'; then
+    echo "BLOCKED: Interactive rebase can reorder, squash, or drop commits." >&2
+    echo "  Use non-interactive rebase instead." >&2
+    exit 2
+fi
+
+# Block git reset --hard with commit count
+if echo "$COMMAND" | grep -qE '\bgit\s+reset\s+--hard\s+(HEAD|origin)'; then
+    echo "BLOCKED: git reset --hard discards commits permanently." >&2
+    echo "  Use 'git reset --soft' to keep changes staged." >&2
+    exit 2
+fi
+
+# Block reflog destruction
+if echo "$COMMAND" | grep -qE '\bgit\s+reflog\s+(expire|delete)\b'; then
+    echo "BLOCKED: Destroying reflog removes the safety net for recovering commits." >&2
+    exit 2
+fi
+
+exit 0

package/examples/log-truncation-guard.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# log-truncation-guard.sh — Block log file truncation/deletion
+#
+# Solves: Claude Code truncating or deleting log files which destroys
+#         audit trails and makes debugging incidents impossible.
+#
+# Detects:
+#   > /var/log/syslog        (truncation via redirect)
+#   truncate -s 0 <logfile>  (explicit truncation)
+#   rm /var/log/*            (log deletion)
+#   echo "" > <logfile>      (content erasure)
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block log file truncation
+if echo "$COMMAND" | grep -qE '>\s*/var/log/|truncate.*(/var/log/|\.log)|rm\s+.*(/var/log/|\.log)'; then
+    echo "BLOCKED: Log file truncation/deletion detected." >&2
+    echo "  Destroying logs removes audit trails." >&2
+    echo "  Use log rotation instead: logrotate." >&2
+    exit 2
+fi
+
+exit 0

package/examples/network-interface-guard.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+# network-interface-guard.sh — Block network interface modifications
+#
+# Solves: Claude Code modifying network interfaces which can cause
+#         immediate loss of connectivity on remote servers.
+#
+# Detects:
+#   ifconfig <iface> down    (disable interface)
+#   ip link set <iface> down (modern equivalent)
+#   ip addr del              (remove IP address)
+#   ip route del             (remove route)
+#   nmcli connection delete  (NetworkManager)
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block interface disable
+if echo "$COMMAND" | grep -qE '\bifconfig\s+\S+\s+down\b'; then
+    echo "BLOCKED: Disabling network interface will cause connectivity loss." >&2
+    exit 2
+fi
+
+# Block ip link/addr/route destructive operations
+if echo "$COMMAND" | grep -qE '\bip\s+(link\s+set\s+\S+\s+down|addr\s+del|route\s+del)\b'; then
+    echo "BLOCKED: Network configuration change can cause connectivity loss." >&2
+    exit 2
+fi
+
+# Block NetworkManager connection deletion
+if echo "$COMMAND" | grep -qE '\bnmcli\s+connection\s+delete\b'; then
+    echo "BLOCKED: Deleting NetworkManager connection." >&2
+    exit 2
+fi
+
+exit 0

package/examples/registry-publish-guard.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+# registry-publish-guard.sh — Block publishing to package registries
+#
+# Solves: Claude Code accidentally publishing packages to npm, PyPI,
+#         RubyGems, crates.io, or other registries. Publishing is
+#         irreversible for many registries (npm unpublish has a 72h limit).
+#
+# Note: npm-publish-guard.sh covers npm specifically.
+#       This hook covers ALL package registries.
+#
+# Detects:
+#   gem push              (RubyGems)
+#   twine upload          (PyPI)
+#   pip upload            (PyPI alternative)
+#   cargo publish         (crates.io)
+#   dotnet nuget push     (.NET NuGet)
+#   docker push           (Docker Hub)
+#   helm push             (Helm charts)
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Block gem push (RubyGems)
+if echo "$COMMAND" | grep -qE '\bgem\s+push\b'; then
+    echo "BLOCKED: RubyGems publish detected." >&2
+    echo "  Publishing to RubyGems is irreversible. Verify version and credentials." >&2
+    exit 2
+fi
+
+# Block PyPI upload (twine/pip)
+if echo "$COMMAND" | grep -qE '\b(twine|pip)\s+upload\b'; then
+    echo "BLOCKED: PyPI upload detected." >&2
+    exit 2
+fi
+
+# Block cargo publish (crates.io)
+if echo "$COMMAND" | grep -qE '\bcargo\s+publish\b'; then
+    echo "BLOCKED: crates.io publish detected." >&2
+    exit 2
+fi
+
+# Block dotnet nuget push
+if echo "$COMMAND" | grep -qE '\bdotnet\s+nuget\s+push\b'; then
+    echo "BLOCKED: NuGet publish detected." >&2
+    exit 2
+fi
+
+# Block docker push
+if echo "$COMMAND" | grep -qE '\bdocker\s+push\b'; then
+    echo "BLOCKED: Docker image push detected." >&2
+    echo "  Verify the image tag and registry before pushing." >&2
+    exit 2
+fi
+
+# Block helm push
+if echo "$COMMAND" | grep -qE '\bhelm\s+(push|package.*push)\b'; then
+    echo "BLOCKED: Helm chart push detected." >&2
+    exit 2
+fi
+
+exit 0

package/examples/sensitive-file-read-guard.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# sensitive-file-read-guard.sh — Block reading sensitive system/user files
+#
+# Solves: Claude Code reading private keys, credentials, password files
+#         via the Read tool. Even reading these files exposes secrets in
+#         the conversation context, which persists in transcripts.
+#
+# Detects (via Read tool):
+#   ~/.ssh/id_rsa, id_ed25519 (private keys)
+#   ~/.gnupg/                 (GPG keys)
+#   ~/.aws/credentials        (AWS credentials)
+#   /etc/shadow               (password hashes)
+#   *.pem, *.key              (certificate private keys)
+#   .env.production           (production secrets)
+#
+# Does NOT block:
+#   ~/.ssh/config             (SSH config, no secrets)
+#   ~/.ssh/id_rsa.pub         (public keys are fine)
+#   /etc/passwd               (no secrets, world-readable)
+#   Regular project files
+#
+# TRIGGER: PreToolUse  MATCHER: "Read"
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+[ -z "$FILE" ] && exit 0
+
+# Block private key files
+if echo "$FILE" | grep -qiE '(id_rsa|id_ed25519|id_ecdsa|id_dsa)$'; then
+    # Allow .pub files
+    echo "$FILE" | grep -qiE '\.pub$' && exit 0
+    echo "BLOCKED: Reading private key file: $FILE" >&2
+    echo "  Private keys should never be read into conversation context." >&2
+    exit 2
+fi
+
+# Block certificate private keys
+if echo "$FILE" | grep -qiE '\.(pem|key)$' && echo "$FILE" | grep -qiE '(private|server|ssl|tls)'; then
+    echo "BLOCKED: Reading certificate private key: $FILE" >&2
+    exit 2
+fi
+
+# Block credential files
+if echo "$FILE" | grep -qiE '\.aws/credentials|\.gcloud/credentials|\.azure/|/etc/shadow|\.gnupg/'; then
+    echo "BLOCKED: Reading credential/secret file: $FILE" >&2
+    exit 2
+fi
+
+# Block production env files
+if echo "$FILE" | grep -qiE '\.env\.(production|prod|staging)$'; then
+    echo "BLOCKED: Reading production environment file: $FILE" >&2
+    echo "  Production secrets should not be in conversation context." >&2
+    exit 2
+fi
+
+exit 0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.6.14",
-  "description": "One command to make Claude Code safe. 432 example hooks + 8 built-in. 52 CLI commands. 5777 tests. Works with Auto Mode.",
+  "version": "29.6.16",
+  "description": "One command to make Claude Code safe. 438 example hooks + 8 built-in. 52 CLI commands. 5835 tests. Works with Auto Mode.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"