cc-safe-setup 29.6.32 → 29.6.33

package/examples/system-message-workaround.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# system-message-workaround.sh — Ensure hook warnings reach both user and model
+#
+# Solves: PreToolUse/PostToolUse systemMessage silently dropped (#40380).
+#         When a hook returns only systemMessage (without hookSpecificOutput),
+#         the warning is invisible to both user and model.
+#
+# How it works: Template hook that demonstrates the correct pattern for
+#   sending warnings that are visible. Uses stderr for user visibility
+#   AND hookSpecificOutput.systemMessage for model context injection.
+#
+# Usage: Copy and adapt this pattern for your custom warn hooks.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Example: warn on dangerous-looking but not blocked commands
+WARNING=""
+
+if echo "$COMMAND" | grep -qE 'DROP\s+TABLE|TRUNCATE\s+TABLE'; then
+    WARNING="Database destructive operation detected: $COMMAND"
+elif echo "$COMMAND" | grep -qE 'curl.*-X\s*(DELETE|PUT|PATCH)'; then
+    WARNING="Destructive HTTP method detected: $COMMAND"
+fi
+
+if [ -n "$WARNING" ]; then
+    # Method 1: stderr — always visible to the user in terminal
+    echo "⚠ WARNING: $WARNING" >&2
+
+    # Method 2: hookSpecificOutput with systemMessage — visible to model
+    # This is the workaround for #40380: include hookSpecificOutput
+    # to ensure the systemMessage is actually processed
+    cat << ENDJSON
+{"hookSpecificOutput":{"hookEventName":"PreToolUse","decision":"allow","systemMessage":"WARNING: $WARNING. Proceed with caution."}}
+ENDJSON
+fi
+
+exit 0

package/examples/system-package-guard.sh

@@ -21,6 +21,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/temp-file-cleanup.sh

@@ -21,6 +21,8 @@
 # }
 
 # Count before cleanup
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COUNT=$(find /tmp -maxdepth 1 -name "claude-*" -type f 2>/dev/null | wc -l)
 
 if [ "$COUNT" -eq 0 ]; then

package/examples/terminal-state-restore.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# terminal-state-restore — restore terminal to clean state on session exit
+# Fixes: bracketed paste mode, application cursor keys, cursor visibility,
+#        line wrapping, Kitty keyboard protocol left enabled after exit.
+# Event: Notification (matcher: "stop")
+# Related: https://github.com/anthropics/claude-code/issues/39272
+
+# Reset bracketed paste mode
+printf '\e[?2004l'
+# Reset application cursor keys to normal mode
+printf '\e[?1l'
+# Ensure cursor is visible
+printf '\e[?25h'
+# Re-enable line wrapping
+printf '\e[?7h'
+# Disable Kitty keyboard protocol (if enabled)
+printf '\e[>0u' 2>/dev/null
+# Reset character set to default
+printf '\e(B'
+# Restore default SGR (color/style reset)
+printf '\e[0m'
+
+exit 0

package/examples/test-after-edit.sh

@@ -21,6 +21,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/test-before-commit.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 echo "$COMMAND" | grep -qE '^\s*git\s+commit' || exit 0

package/examples/test-before-push.sh

@@ -23,6 +23,8 @@
 #
 # The "if" field (v2.1.85+) eliminates process spawning for non-push commands.
 # Without "if", the hook still works — it checks internally and exits early.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/test-exit-code-verify.sh

@@ -17,6 +17,8 @@
 #
 # Why stderr: PostToolUse hook stderr is shown to Claude as feedback.
 # This forces Claude to acknowledge test failures instead of fabricating results.
+#
+# TRIGGER: PostToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 

package/examples/timeout-guard.sh

@@ -15,6 +15,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/timezone-guard.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 if echo "$COMMAND" | grep -qE "TZ=|--timezone" && ! echo "$COMMAND" | grep -q "UTC"; then echo "NOTE: Non-UTC timezone in command" >&2; fi

package/examples/tmp-output-size-guard.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# tmp-output-size-guard.sh — Monitor and warn about large tmp output files
+#
+# Solves: Task .output files in /tmp grow unbounded (95GB+) filling disk
+#         (#39909). Subagent output aggregation can create multi-GB files.
+#
+# How it works: Notification/SessionStart hook that checks /tmp for large
+#   Claude Code output files and warns if any exceed a threshold.
+#   Also provides a cleanup command suggestion.
+#
+# TRIGGER: SessionStart
+# MATCHER: ""
+#
+# Usage:
+# {
+#   "hooks": {
+#     "SessionStart": [{
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/tmp-output-size-guard.sh" }]
+#     }]
+#   }
+# }
+
+# Configurable threshold in MB
+THRESHOLD_MB="${CC_TMP_THRESHOLD_MB:-500}"
+
+# Find Claude Code tmp directories
+TMP_BASE="/tmp/claude-$(id -u)"
+[ -d "/private/tmp/claude-$(id -u)" ] && TMP_BASE="/private/tmp/claude-$(id -u)"
+[ ! -d "$TMP_BASE" ] && exit 0
+
+# Find files over threshold
+LARGE_FILES=$(find "$TMP_BASE" -name "*.output" -size "+${THRESHOLD_MB}M" 2>/dev/null)
+[ -z "$LARGE_FILES" ] && exit 0
+
+TOTAL_SIZE=$(echo "$LARGE_FILES" | xargs du -sh 2>/dev/null | awk '{sum+=$1} END {print sum}')
+FILE_COUNT=$(echo "$LARGE_FILES" | wc -l | tr -d ' ')
+
+echo "⚠ Found $FILE_COUNT large task output file(s) in $TMP_BASE (>${THRESHOLD_MB}MB each):" >&2
+echo "$LARGE_FILES" | while read f; do
+    SIZE=$(du -sh "$f" 2>/dev/null | cut -f1)
+    echo "  $SIZE  $(basename "$f")" >&2
+done
+echo "" >&2
+echo "To clean up: find $TMP_BASE -name '*.output' -size +${THRESHOLD_MB}M -delete" >&2
+
+exit 0

package/examples/todo-check.sh

@@ -14,6 +14,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/todo-deadline-warn.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# ================================================================
+# todo-deadline-warn.sh — Warn about expired TODO deadlines in edited files
+# ================================================================
+# PURPOSE:
+#   TODOs with dates (e.g., "TODO(2026-03-01): fix this") are often
+#   forgotten. When Claude edits a file containing expired TODOs,
+#   this hook warns so they can be addressed while the file is open.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Edit|Write"
+#
+# DECISION: Advisory only (exit 0). Warns via stderr.
+# ================================================================
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+[ ! -f "$FILE" ] && exit 0
+
+# Skip non-code files
+case "$FILE" in
+    *.md|*.txt|*.json|*.yaml|*.yml|*.toml|*.xml|*.html|*.css) exit 0 ;;
+esac
+
+TODAY=$(date +%Y-%m-%d)
+EXPIRED=0
+
+# Find TODO/FIXME/HACK with dates like TODO(2026-03-01) or TODO 2026-03-01
+while IFS= read -r line; do
+    # Extract date from patterns like TODO(2026-01-15) or FIXME 2026-01-15
+    DATE=$(echo "$line" | grep -oE '(TODO|FIXME|HACK|XXX)\s*\(?\s*[0-9]{4}-[0-9]{2}-[0-9]{2}' | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}')
+    if [ -n "$DATE" ] && [[ "$DATE" < "$TODAY" ]]; then
+        if [ "$EXPIRED" -eq 0 ]; then
+            echo "⚠ Expired TODOs in $(basename "$FILE"):" >&2
+        fi
+        LINENUM=$(echo "$line" | cut -d: -f1)
+        CONTENT=$(echo "$line" | cut -d: -f2- | sed 's/^[[:space:]]*//')
+        echo "  L${LINENUM}: $CONTENT (expired: $DATE)" >&2
+        EXPIRED=$((EXPIRED + 1))
+    fi
+done < <(grep -n -E '(TODO|FIXME|HACK|XXX).*[0-9]{4}-[0-9]{2}-[0-9]{2}' "$FILE" 2>/dev/null)
+
+if [ "$EXPIRED" -gt 0 ]; then
+    echo "  $EXPIRED expired TODO(s) — consider resolving while editing this file." >&2
+fi
+
+exit 0

package/examples/token-budget-per-task.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+# token-budget-per-task.sh — Track and warn on per-task token usage
+#
+# Solves: A single task consuming the entire daily token budget.
+#         Without visibility into per-task costs, users don't realize
+#         until they hit rate limits.
+#
+# How it works: PostToolUse hook that estimates tokens per tool call
+#   and tracks cumulative usage. Warns at configurable thresholds.
+#
+# CONFIG:
+#   CC_TOKEN_WARN_THRESHOLD=50000 (warn at this many tokens)
+#   CC_TOKEN_BLOCK_THRESHOLD=200000 (block at this many tokens)
+#
+# TRIGGER: PostToolUse
+# MATCHER: ""
+
+set -euo pipefail
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+[ -z "$TOOL" ] && exit 0
+
+COUNTER_FILE="/tmp/claude-token-budget-${PPID:-0}"
+WARN="${CC_TOKEN_WARN_THRESHOLD:-50000}"
+BLOCK="${CC_TOKEN_BLOCK_THRESHOLD:-200000}"
+
+# Rough token estimates per tool call
+case "$TOOL" in
+    Bash) TOKENS=500 ;;
+    Read) TOKENS=2000 ;;
+    Edit|Write) TOKENS=1000 ;;
+    Glob|Grep) TOKENS=300 ;;
+    Agent) TOKENS=5000 ;;
+    *) TOKENS=200 ;;
+esac
+
+# Add result size estimate
+RESULT_LEN=$(echo "$INPUT" | jq -r '.tool_result // "" | length' 2>/dev/null || echo 0)
+TOKENS=$((TOKENS + RESULT_LEN / 4))  # ~4 chars per token
+
+# Update counter
+TOTAL=$(cat "$COUNTER_FILE" 2>/dev/null || echo 0)
+TOTAL=$((TOTAL + TOKENS))
+echo "$TOTAL" > "$COUNTER_FILE"
+
+if [ "$TOTAL" -ge "$BLOCK" ]; then
+    echo "TOKEN BUDGET: ~${TOTAL} tokens used in this task (limit: ${BLOCK})." >&2
+    echo "Consider breaking this into smaller tasks." >&2
+    # Warning only — change to exit 2 to block
+elif [ "$TOTAL" -ge "$WARN" ]; then
+    echo "TOKEN BUDGET: ~${TOTAL} tokens used (warning threshold: ${WARN})." >&2
+fi
+
+exit 0

package/examples/token-usage-tracker.sh

@@ -0,0 +1,14 @@
+INPUT=$(cat)
+TRANSCRIPT=$(ls -t ~/.claude/projects/*/sessions/*/transcript.jsonl 2>/dev/null | head -1)
+[ -f "$TRANSCRIPT" ] || exit 0
+USAGE=$(tail -20 "$TRANSCRIPT" | grep -o '"usage":{[^}]*}' | tail -1)
+if [ -n "$USAGE" ]; then
+    IN=$(echo "$USAGE" | grep -o '"input_tokens":[0-9]*' | grep -o '[0-9]*')
+    OUT=$(echo "$USAGE" | grep -o '"output_tokens":[0-9]*' | grep -o '[0-9]*')
+    TOTAL=$((${IN:-0} + ${OUT:-0}))
+    echo "$(date -Iseconds) in=${IN:-0} out=${OUT:-0} total=$TOTAL" >> ~/.claude/token-usage.log
+    BUDGET="${CC_TOKEN_BUDGET:-500000}"
+    SUM=$(awk -F'total=' '{sum+=$2}END{print sum+0}' ~/.claude/token-usage.log 2>/dev/null)
+    [ "${SUM:-0}" -gt "$BUDGET" ] && echo "Token usage: ~$SUM (budget: $BUDGET)" >&2
+fi
+exit 0

package/examples/turbo-cache-guard.sh

@@ -16,6 +16,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/uncommitted-changes-stop.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: Stop  MATCHER: ""
 INPUT=$(cat)
 if ! git rev-parse --is-inside-work-tree > /dev/null 2>&1; then
     exit 0

package/examples/uncommitted-work-shield.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+# uncommitted-work-shield.sh — Auto-stash before destructive git operations
+#
+# Solves: Git operations destroying uncommitted work (#34327, #33850, #37150).
+#         Users lost days of work from git reset/checkout/clean.
+#         Unlike uncommitted-work-guard (which blocks), this hook SAVES work.
+#
+# How it works: PreToolUse hook on Bash that detects destructive git
+#   commands and auto-stashes uncommitted changes before allowing them.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check destructive git commands
+DESTRUCTIVE_GIT='git\s+(reset\s+--hard|checkout\s+--|clean\s+-[fd]|stash\s+drop|stash\s+clear)'
+
+if ! echo "$COMMAND" | grep -qE "$DESTRUCTIVE_GIT"; then
+  exit 0
+fi
+
+# Check if there are uncommitted changes
+if ! git diff --quiet 2>/dev/null || ! git diff --cached --quiet 2>/dev/null; then
+  # Auto-stash with timestamp
+  STASH_MSG="auto-shield-$(date +%Y%m%d-%H%M%S)"
+  git stash push -m "$STASH_MSG" 2>/dev/null || true
+  echo "SHIELDED: Uncommitted changes saved to stash '$STASH_MSG'." >&2
+  echo "Restore with: git stash pop" >&2
+fi
+
+# Allow the command to proceed (changes are saved)
+exit 0

package/examples/usage-warn.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COUNTER="${HOME}/.claude/session-tool-count"
 COUNT=$(cat "$COUNTER" 2>/dev/null || echo 0)
 COUNT=$((COUNT + 1))

package/examples/verify-before-commit.sh

@@ -22,6 +22,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/vue-lint-on-edit.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PostToolUse  MATCHER: "Edit|Write"
 INPUT=$(cat)
 FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
 [[ -z "$FILE" ]] && exit 0

package/examples/webfetch-domain-allow.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+# ================================================================
+# webfetch-domain-allow.sh — Auto-approve WebFetch for allowed domains
+# ================================================================
+# PURPOSE:
+#   WebFetch(domain:*) in settings.json silently fails to match in
+#   many configurations (especially sandbox mode). This hook reads
+#   the requested URL, extracts the domain, and auto-approves if
+#   it matches a configurable allowlist.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "WebFetch"
+#
+# DECISION: exit 0 with permissionDecision "allow" = auto-approve
+#           exit 0 with empty JSON = passthrough (ask user)
+#
+# CONFIG: Set CC_WEBFETCH_ALLOW_DOMAINS env var (comma-separated)
+#   or edit the ALLOWED_DOMAINS array below.
+#   Use "*" to allow all domains.
+#
+# See: https://github.com/anthropics/claude-code/issues/9329
+# ================================================================
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+# Only handle WebFetch
+[[ "$TOOL" != "WebFetch" ]] && exit 0
+
+# Extract URL from tool input
+URL=$(echo "$INPUT" | jq -r '.tool_input.url // empty' 2>/dev/null)
+[ -z "$URL" ] && exit 0
+
+# Extract domain from URL
+DOMAIN=$(echo "$URL" | sed -E 's|^https?://||' | sed 's|/.*||' | sed 's|:.*||')
+[ -z "$DOMAIN" ] && exit 0
+
+# ========================================
+# DOMAIN ALLOWLIST — edit to your needs
+# ========================================
+# Option 1: Environment variable (comma-separated)
+#   export CC_WEBFETCH_ALLOW_DOMAINS="docs.anthropic.com,github.com,*.example.com"
+# Option 2: Edit this array directly
+ALLOWED_DOMAINS=(
+    "*"  # Allow all domains — change to specific domains for tighter control
+    # "docs.anthropic.com"
+    # "github.com"
+    # "*.github.io"
+    # "developer.mozilla.org"
+)
+
+# Override from env if set
+if [ -n "$CC_WEBFETCH_ALLOW_DOMAINS" ]; then
+    IFS=',' read -ra ALLOWED_DOMAINS <<< "$CC_WEBFETCH_ALLOW_DOMAINS"
+fi
+
+# Check domain against allowlist
+for pattern in "${ALLOWED_DOMAINS[@]}"; do
+    pattern=$(echo "$pattern" | xargs)  # trim whitespace
+    # Wildcard: allow everything
+    if [ "$pattern" = "*" ]; then
+        jq -n '{
+          hookSpecificOutput: {
+            hookEventName: "PreToolUse",
+            permissionDecision: "allow"
+          }
+        }'
+        exit 0
+    fi
+    # Glob pattern: *.example.com matches sub.example.com
+    if [[ "$pattern" == \** ]]; then
+        suffix="${pattern#\*}"
+        if [[ "$DOMAIN" == *"$suffix" ]]; then
+            jq -n '{
+              hookSpecificOutput: {
+                hookEventName: "PreToolUse",
+                permissionDecision: "allow"
+              }
+            }'
+            exit 0
+        fi
+    fi
+    # Exact match
+    if [ "$DOMAIN" = "$pattern" ]; then
+        jq -n '{
+          hookSpecificOutput: {
+            hookEventName: "PreToolUse",
+            permissionDecision: "allow"
+          }
+        }'
+        exit 0
+    fi
+done
+
+# Not in allowlist — passthrough to normal permission flow
+exit 0

package/examples/worktree-memory-guard.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+# worktree-memory-guard.sh — Warn when memory path resolves to main worktree
+#
+# Solves: Git worktrees resolving to main worktree's memory directory (#39920).
+#         In worktree isolation mode, Claude writes memory to the main repo's
+#         .claude/projects/ instead of the worktree's, causing cross-contamination.
+#
+# How it works: PreToolUse hook on Write/Edit that checks if the target
+#   path is a memory file (.claude/projects/*/memory/) and warns if
+#   the current working directory differs from the resolved path's repo root.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Write|Edit"
+
+set -euo pipefail
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Only check memory files
+if ! echo "$FILE" | grep -q '.claude/projects/.*/memory/'; then
+  exit 0
+fi
+
+# Check if we're in a worktree
+GIT_DIR=$(git rev-parse --git-dir 2>/dev/null || echo "")
+if [ -z "$GIT_DIR" ]; then
+  exit 0
+fi
+
+# Detect worktree by checking if .git is a file (worktree) vs directory (main)
+if [ -f ".git" ]; then
+  # We're in a worktree — check if memory path points to main repo
+  MAIN_WORKTREE=$(git rev-parse --path-format=absolute --git-common-dir 2>/dev/null | sed 's|/.git$||')
+  CWD=$(pwd)
+
+  if [ "$MAIN_WORKTREE" != "$CWD" ] && echo "$FILE" | grep -q "$MAIN_WORKTREE"; then
+    echo "WARNING: Memory file resolves to main worktree, not current worktree." >&2
+    echo "  File: $FILE" >&2
+    echo "  Main: $MAIN_WORKTREE" >&2
+    echo "  CWD:  $CWD" >&2
+    echo "  Consider writing to worktree-local memory instead." >&2
+  fi
+fi
+
+exit 0

package/examples/worktree-project-unify.sh

@@ -0,0 +1,19 @@
+MAIN_TREE=$(git worktree list --porcelain 2>/dev/null | head -1 | sed 's/worktree //')
+[ -z "$MAIN_TREE" ] && exit 0
+CUR_DIR=$(pwd)
+[ "$CUR_DIR" = "$MAIN_TREE" ] && exit 0
+to_project_dir() {
+    echo "$HOME/.claude/projects/$(echo "$1" | sed 's|/|-|g; s|^-||')"
+}
+MAIN_PROJECT=$(to_project_dir "$MAIN_TREE")
+CUR_PROJECT=$(to_project_dir "$CUR_DIR")
+if [ -d "$MAIN_PROJECT" ] && [ ! -L "$CUR_PROJECT" ]; then
+    if [ -d "$CUR_PROJECT" ] && [ -z "$(ls -A "$CUR_PROJECT" 2>/dev/null)" ]; then
+        rmdir "$CUR_PROJECT"
+    fi
+    if [ ! -e "$CUR_PROJECT" ]; then
+        ln -s "$MAIN_PROJECT" "$CUR_PROJECT"
+        echo "Linked worktree project dir → main repo" >&2
+    fi
+fi
+exit 0

package/examples/worktree-unmerged-guard.sh

@@ -17,6 +17,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 # jq with python3 fallback (macOS may not have jq)

package/examples/write-overwrite-confirm.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# write-overwrite-confirm.sh — Warn when Write tool overwrites large files
+#
+# Solves: Write tool silently replacing large files with new content (#34597).
+#         A 500-line file can be overwritten with 10 lines without warning.
+#
+# How it works: PreToolUse hook on Write that compares the new content
+#   size against the existing file. If the new content is significantly
+#   smaller, warns about potential data loss.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Write"
+
+set -euo pipefail
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Skip if file doesn't exist (new file creation)
+[ ! -f "$FILE" ] && exit 0
+
+# Get current file size (lines)
+CURRENT_LINES=$(wc -l < "$FILE" 2>/dev/null || echo 0)
+
+# Get new content size (approximate from JSON length)
+NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // empty' 2>/dev/null)
+NEW_LINES=$(echo "$NEW_CONTENT" | wc -l 2>/dev/null || echo 0)
+
+# Warn if shrinking by more than 50% and file is > 50 lines
+if [ "$CURRENT_LINES" -gt 50 ] && [ "$NEW_LINES" -gt 0 ]; then
+  RATIO=$((NEW_LINES * 100 / CURRENT_LINES))
+  if [ "$RATIO" -lt 50 ]; then
+    echo "WARNING: File shrinking from $CURRENT_LINES to ~$NEW_LINES lines ($RATIO%)." >&2
+    echo "File: $FILE" >&2
+    echo "Consider using Edit tool for targeted changes instead of full rewrite." >&2
+  fi
+fi
+
+exit 0

package/examples/write-secret-guard.sh

@@ -24,6 +24,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/write-test-ratio.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 echo "$COMMAND" | grep -qE "^\s*git\s+commit" || exit 0; S=$(git diff --cached --name-only 2>/dev/null | grep -cvE "test|spec" || echo 0); T=$(git diff --cached --name-only 2>/dev/null | grep -cE "test|spec" || echo 0); [ "$S" -gt 5 ] && [ "$T" -eq 0 ] && echo "WARNING: $S source files, 0 test files" >&2

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.6.32",
-  "description": "One command to make Claude Code safe. 539 example hooks + 8 built-in. 56 CLI commands. 7789 tests. Works with Auto Mode.",
+  "version": "29.6.33",
+  "description": "One command to make Claude Code safe. 611 example hooks + 8 built-in. 56 CLI commands. 10411 tests. Works with Auto Mode.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"