cc-safe-setup 29.6.32 → 29.6.33

package/examples/drizzle-migrate-guard.sh

@@ -16,6 +16,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/edit-counter-test-gate.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# edit-counter-test-gate.sh — Require testing after N consecutive edits
+#
+# Solves: Reactive cycling through fixes without testing (#40401).
+#         Opus writing 4 different fix approaches in sequence without
+#         verifying any of them actually work.
+#
+# How it works: PostToolUse hook on Edit that counts consecutive edits.
+#   After CC_MAX_EDITS_BEFORE_TEST (default 3) edits without a Bash
+#   command (assumed test/build), warns the model to test first.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Edit|Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+MAX_EDITS="${CC_MAX_EDITS_BEFORE_TEST:-3}"
+COUNTER_FILE="/tmp/claude-edit-test-gate-${PPID:-0}"
+
+case "$TOOL" in
+  Edit|Write)
+    # Increment edit counter
+    COUNT=$(cat "$COUNTER_FILE" 2>/dev/null || echo 0)
+    COUNT=$((COUNT + 1))
+    echo "$COUNT" > "$COUNTER_FILE"
+
+    if [ "$COUNT" -ge "$MAX_EDITS" ]; then
+      echo "WARNING: $COUNT consecutive edits without testing." >&2
+      echo "" >&2
+      echo "Run your test/build command before making more changes." >&2
+      echo "Untested fixes compound — verify each approach works" >&2
+      echo "before trying the next one." >&2
+      # Warning only — change to exit 2 to block
+    fi
+    ;;
+  Bash)
+    # Bash command (likely test/build) — reset counter
+    echo "0" > "$COUNTER_FILE"
+    ;;
+esac
+
+exit 0

package/examples/edit-error-counter.sh

@@ -19,6 +19,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/edit-guard.sh

@@ -16,6 +16,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/edit-retry-loop-guard.sh

@@ -6,6 +6,8 @@
 #
 # Tracks consecutive Edit failures on the same file. After 3 failures,
 # warns the model to verify the file path.
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/edit-verify.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
 FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)

package/examples/enforce-tests.sh

@@ -8,6 +8,8 @@
 # Usage: Add to settings.json as a PostToolUse hook on "Edit|Write"
 #
 # Customize TEST_PATTERN for your project's test file naming convention.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)

package/examples/env-inherit-guard.sh

@@ -23,6 +23,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/env-inline-secret-guard.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# env-inline-secret-guard.sh — Block .env values from appearing in commands
+#
+# Solves: Claude reading .env and hardcoding secrets into inline scripts (#24185).
+#         API keys, database URLs, and tokens get embedded in bash commands,
+#         potentially leaking to logs, history, or screen recordings.
+#
+# How it works: PreToolUse hook on Bash that detects common secret patterns
+#   (API keys, tokens, connection strings) in command text.
+#   If found, blocks with exit 2 and suggests environment variable usage.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Detect inline secrets: known API key prefixes (20+ chars)
+# sk- (OpenAI), ghp_/ghu_ (GitHub), AKIA (AWS)
+if echo "$COMMAND" | grep -qE '(sk-[a-zA-Z0-9]{20,}|ghp_[a-zA-Z0-9]{36}|ghu_[a-zA-Z0-9]{36}|AKIA[0-9A-Z]{16}|xoxb-[0-9]+-[0-9]+-[a-zA-Z0-9]+)'; then
+  echo "BLOCKED: Possible secret/credential detected in command." >&2
+  echo "Use environment variables instead of inline secrets." >&2
+  exit 2
+fi
+
+# Detect generic long tokens in auth headers or parameters
+if echo "$COMMAND" | grep -qE "(Authorization:|Bearer |token=|api[_-]?key=|secret=|password=)['\"]?[a-zA-Z0-9+/=_-]{32,}"; then
+  echo "BLOCKED: Long token/key detected inline in command." >&2
+  echo "Use environment variables or a secrets file instead." >&2
+  exit 2
+fi
+
+exit 0

package/examples/env-prod-guard.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 if echo "$COMMAND" | grep -qiE "(NODE_ENV|RAILS_ENV|FLASK_ENV)=production"; then echo "WARNING: Production env detected in command" >&2; fi

package/examples/env-required-check.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 CONTENT=$(cat | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
 [ -z "$CONTENT" ] && exit 0
 echo "$CONTENT" | grep -qE "process\.env\.\w+\s*\|\|" || echo "$CONTENT" | grep -qE "process\.env\.\w+!" && echo "NOTE: Env var without default — add fallback" >&2

package/examples/env-var-check.sh

@@ -14,6 +14,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/expo-eject-guard.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 [[ -z "$COMMAND" ]] && exit 0

package/examples/export-overwrite-guard.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+# export-overwrite-guard.sh — Prevent /export from overwriting existing files
+#
+# Solves: /export command overwrites files without warning (#37595).
+#         Users lose existing files when Claude exports to the same path.
+#
+# How it works: PreToolUse hook on Write that checks if the target file
+#   exists and contains content. If so, warns before allowing overwrite.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Write"
+
+set -euo pipefail
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Check if file exists and has content
+if [ -f "$FILE" ] && [ -s "$FILE" ]; then
+  SIZE=$(wc -c < "$FILE" 2>/dev/null || echo 0)
+  if [ "$SIZE" -gt 100 ]; then
+    echo "WARNING: Overwriting existing file '$FILE' ($SIZE bytes)." >&2
+    echo "Consider writing to a different path or backing up first." >&2
+    # Don't block — just warn via stderr
+  fi
+fi
+
+exit 0

package/examples/file-change-tracker.sh

@@ -23,6 +23,8 @@
 # }
 #
 # View changes: cat ~/.claude/session-changes.log
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/file-change-undo-tracker.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# file-change-undo-tracker.sh — Track file changes for easy undo
+#
+# Solves: After Claude makes unwanted changes across multiple files,
+#         users have no easy way to identify and revert all affected files.
+#         git diff works but only for tracked files.
+#
+# How it works: FileChanged hook that logs every file modification
+#   with timestamp and change type. Creates a revert script
+#   that can undo all changes from the current session.
+#
+# Usage: After session, run: bash /tmp/claude-undo-session.sh
+#
+# TRIGGER: FileChanged
+# MATCHER: ""
+
+set -euo pipefail
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.file // empty' 2>/dev/null)
+EVENT=$(echo "$INPUT" | jq -r '.event // empty' 2>/dev/null)
+
+[ -z "$FILE" ] && exit 0
+
+LOG_FILE="/tmp/claude-file-changes-${PPID:-0}.log"
+UNDO_FILE="/tmp/claude-undo-session-${PPID:-0}.sh"
+TIMESTAMP=$(date +"%H:%M:%S")
+
+# Log the change
+echo "${TIMESTAMP} ${EVENT:-modified} ${FILE}" >> "$LOG_FILE"
+
+# Track for undo (git-tracked files only)
+if git ls-files --error-unmatch "$FILE" &>/dev/null 2>&1; then
+    # File is git-tracked — can be reverted with git checkout
+    if ! grep -qF "git checkout -- \"$FILE\"" "$UNDO_FILE" 2>/dev/null; then
+        echo "git checkout -- \"$FILE\"  # ${EVENT:-modified} at ${TIMESTAMP}" >> "$UNDO_FILE"
+    fi
+fi
+
+# Count changes
+COUNT=$(wc -l < "$LOG_FILE" 2>/dev/null || echo 0)
+if [ "$((COUNT % 10))" -eq 0 ] && [ "$COUNT" -gt 0 ]; then
+    echo "Session file changes: $COUNT files modified. Undo: bash $UNDO_FILE" >&2
+fi
+
+exit 0

package/examples/file-recycle-bin.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# file-recycle-bin.sh — Move deleted files to recycle bin instead of permanent deletion
+#
+# Solves: No undo for file operations during Claude Code sessions (#39949).
+#         When Claude deletes or overwrites files, they're gone permanently
+#         unless git tracked. This hook intercepts rm commands and moves
+#         files to a session recycle bin.
+#
+# How it works: PreToolUse hook on Bash that intercepts rm commands,
+#   copies target files to .claude/recycle-bin/ before allowing deletion.
+#   Restore with: cp .claude/recycle-bin/<file> <original-path>
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only intercept rm commands (not rm -rf which destructive-guard handles)
+if ! echo "$COMMAND" | grep -qE '^\s*rm\s'; then
+  exit 0
+fi
+
+# Skip if destructive-guard would catch it (rm -rf /, rm -rf ~, etc.)
+if echo "$COMMAND" | grep -qE 'rm\s+(-[rf]+\s+)*(/|~|\$HOME)'; then
+  exit 0  # Let destructive-guard handle these
+fi
+
+# Extract file paths from rm command (simple extraction)
+FILES=$(echo "$COMMAND" | sed 's/^[[:space:]]*rm[[:space:]]*//' | sed 's/-[rfiv]*//g' | tr ' ' '\n' | grep -v '^$' | grep -v '^-')
+
+BIN_DIR=".claude/recycle-bin"
+mkdir -p "$BIN_DIR"
+
+for FILE in $FILES; do
+  if [ -f "$FILE" ]; then
+    BASENAME=$(basename "$FILE")
+    TIMESTAMP=$(date +%H%M%S)
+    cp "$FILE" "$BIN_DIR/${TIMESTAMP}-${BASENAME}" 2>/dev/null || true
+    echo "Backed up: $FILE -> $BIN_DIR/${TIMESTAMP}-${BASENAME}" >&2
+  fi
+done
+
+# Allow the rm to proceed (files are backed up)
+exit 0

package/examples/file-size-limit.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)

package/examples/five-hundred-milestone.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: Notification  MATCHER: ""
 INPUT=$(cat)
 SETTINGS="$HOME/.claude/settings.local.json"
 [[ ! -f "$SETTINGS" ]] && exit 0

package/examples/flask-debug-guard.sh

@@ -17,6 +17,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/gem-push-guard.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 [[ -z "$COMMAND" ]] && exit 0

package/examples/git-checkout-safety-guard.sh

@@ -23,6 +23,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/git-config-guard.sh

@@ -14,6 +14,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/git-hook-bypass-guard.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 if echo "$COMMAND" | grep -qE "git\s+(commit|push|merge).*--no-verify"; then echo "WARNING: --no-verify bypasses git hooks" >&2; fi

package/examples/git-merge-conflict-prevent.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
 [ -z "$CONTENT" ] && exit 0

package/examples/git-message-length.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 echo "$COMMAND" | grep -qE "git\s+commit\s+-m" || exit 0; MSG=$(echo "$COMMAND" | grep -oP "(?<=-m\s[\x27\x22])[^\x27\x22]+"); [ ${#MSG} -lt 10 ] && echo "WARNING: Commit message too short (${#MSG} chars)" >&2

package/examples/git-show-flag-sanitizer.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# ================================================================
+# git-show-flag-sanitizer.sh — Strip invalid --no-stat from git show
+# ================================================================
+# PURPOSE:
+#   Claude Code frequently runs `git show <ref> --no-stat`, but --no-stat
+#   is not a valid git-show flag. The command fails with exit code 128,
+#   wasting context on error output and retries.
+#   This hook silently rewrites the command to remove --no-stat.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+#
+# See: https://github.com/anthropics/claude-code/issues/13071
+# ================================================================
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only act on git show commands containing --no-stat
+case "$COMMAND" in
+  *git\ show*--no-stat*|*git\ show*--no-stat*) ;;
+  *) exit 0 ;;
+esac
+
+# Remove --no-stat flag (handles multiple spaces)
+NEW_COMMAND=$(echo "$COMMAND" | sed 's/ --no-stat//')
+
+# Collapse any double spaces left behind
+NEW_COMMAND=$(echo "$NEW_COMMAND" | sed 's/  */ /g')
+
+jq -n --arg cmd "$NEW_COMMAND" '{
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow",
+    updatedInput: { command: $cmd }
+  }
+}'
+
+exit 0

package/examples/git-stash-before-danger.sh

@@ -18,6 +18,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/git-submodule-guard.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 if echo "$COMMAND" | grep -qE '\bgit\s+submodule\s+(deinit|rm)\b'; then

package/examples/git-tag-guard.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 if echo "$COMMAND" | grep -qE 'git\s+tag\s+(-a\s+|-d\s+)?v'; then

package/examples/github-actions-secret-guard.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# github-actions-secret-guard.sh — Prevent hardcoded secrets in GitHub Actions workflows
+#
+# Solves: Claude writes API keys, tokens, or passwords directly into
+#         .github/workflows/*.yml files instead of using ${{ secrets.NAME }}.
+#         These get committed and pushed to public/private repos.
+#
+# How it works: PostToolUse hook on Edit/Write that checks if the target
+#   is a GitHub Actions workflow file, then scans for patterns that look
+#   like hardcoded secrets instead of ${{ secrets.* }} references.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Edit|Write"
+
+set -euo pipefail
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+case "$TOOL" in Edit|Write) ;; *) exit 0 ;; esac
+
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Only check GitHub Actions workflow files
+case "$FILE" in
+    .github/workflows/*.yml|.github/workflows/*.yaml) ;;
+    */.github/workflows/*.yml|*/.github/workflows/*.yaml) ;;
+    *) exit 0 ;;
+esac
+
+[ -f "$FILE" ] || exit 0
+
+# Check for hardcoded secret patterns (not using ${{ secrets.* }})
+ISSUES=""
+
+# API keys / tokens in env or with: blocks
+if grep -nE '(APIKEY|API_KEY|TOKEN|SECRET|PASSWORD|PRIVATE_KEY)\s*[:=]\s*["\x27]?[A-Za-z0-9+/=_-]{20,}' "$FILE" 2>/dev/null | grep -v '\${{' | head -3 | grep -q .; then
+    ISSUES="${ISSUES}Hardcoded API key/token found (use \${{ secrets.NAME }} instead)\n"
+fi
+
+# Bearer tokens
+if grep -nE 'Bearer\s+[A-Za-z0-9._-]{20,}' "$FILE" 2>/dev/null | grep -v '\${{' | head -1 | grep -q .; then
+    ISSUES="${ISSUES}Hardcoded Bearer token found\n"
+fi
+
+# AWS credentials
+if grep -nE 'AKIA[0-9A-Z]{16}' "$FILE" 2>/dev/null | head -1 | grep -q .; then
+    ISSUES="${ISSUES}AWS access key ID found in workflow\n"
+fi
+
+if [ -n "$ISSUES" ]; then
+    echo "WARNING: Potential secrets in GitHub Actions workflow:" >&2
+    echo "  File: $FILE" >&2
+    echo -e "  $ISSUES" >&2
+    echo "  Use \${{ secrets.NAME }} instead of hardcoded values." >&2
+    echo "  Add secrets via: gh secret set NAME --body 'value'" >&2
+fi
+
+exit 0

package/examples/gitignore-check.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 echo "$COMMAND" | grep -qE '^\s*git\s+add' || exit 0

package/examples/gitops-drift-guard.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# gitops-drift-guard.sh — Warn when editing infrastructure files without PR
+#
+# Solves: Claude directly modifying Terraform, Kubernetes manifests, or
+#         Helm values on the default branch instead of creating a PR.
+#         In GitOps workflows, direct commits to main trigger immediate
+#         infrastructure changes.
+#
+# How it works: PreToolUse hook on Edit/Write that checks if the target
+#   file is an infrastructure file AND the current branch is main/master.
+#   Warns that changes should go through a PR for review.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Edit|Write"
+
+set -euo pipefail
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+case "$TOOL" in Edit|Write) ;; *) exit 0 ;; esac
+
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Check if this is an infrastructure file
+IS_INFRA=false
+case "$FILE" in
+    *.tf|*.tfvars) IS_INFRA=true ;;                    # Terraform
+    */k8s/*.yaml|*/k8s/*.yml) IS_INFRA=true ;;         # Kubernetes manifests
+    */helm/**/values*.yaml) IS_INFRA=true ;;            # Helm values
+    */charts/**/*.yaml) IS_INFRA=true ;;                # Helm charts
+    .github/workflows/*.yml) IS_INFRA=true ;;           # CI/CD workflows
+    Dockerfile*|docker-compose*.yml) IS_INFRA=true ;;   # Docker
+    */argocd/*.yaml) IS_INFRA=true ;;                   # ArgoCD
+    */flux/*.yaml) IS_INFRA=true ;;                     # Flux
+    ansible/*.yml|*/playbooks/*.yml) IS_INFRA=true ;;   # Ansible
+esac
+
+$IS_INFRA || exit 0
+
+# Check if we're on a protected branch
+BRANCH=$(git branch --show-current 2>/dev/null || echo "")
+case "$BRANCH" in
+    main|master|production|release|release/*)
+        echo "WARNING: Editing infrastructure file on protected branch '$BRANCH'." >&2
+        echo "  File: $FILE" >&2
+        echo "  In GitOps workflows, changes to $BRANCH trigger immediate deployment." >&2
+        echo "  Consider creating a feature branch and PR instead." >&2
+        # Warning only — change to exit 2 to block
+        ;;
+esac
+
+exit 0

package/examples/go-mod-tidy-warn.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PostToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 [[ -z "$COMMAND" ]] && exit 0

package/examples/hallucination-url-check.sh

@@ -21,6 +21,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/hardcoded-ip-guard.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 INPUT=$(cat)
 FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
 [[ -z "$FILE" ]] && exit 0

package/examples/headless-empty-result-guard.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# headless-empty-result-guard.sh — Detect empty results in headless mode
+#
+# Solves: claude -p exits with empty result when stream is interrupted (#40432).
+#         stop_reason: "tool_use" with result: "" is treated as success,
+#         but the model was actually mid-generation.
+#
+# How it works: Stop hook that checks environment for headless indicators
+#   and warns if the session produced no visible output. In CI/automation,
+#   this can trigger a retry or alert.
+#
+# CONFIG:
+#   CC_HEADLESS_MARKER="/tmp/claude-headless-result"
+#   Set this in your CI script to check after claude -p exits.
+#
+# TRIGGER: Stop
+# MATCHER: ""
+
+set -euo pipefail
+
+INPUT=$(cat)
+
+# Check if we're in headless/print mode
+# Indicators: CLAUDE_PRINT_MODE env var, or no TTY
+if [ -z "${CLAUDE_PRINT_MODE:-}" ] && [ -t 0 ]; then
+    # Interactive mode — skip
+    exit 0
+fi
+
+# Check for empty/incomplete result indicators
+STOP_REASON=$(echo "$INPUT" | jq -r '.stop_reason // empty' 2>/dev/null)
+RESULT=$(echo "$INPUT" | jq -r '.result // empty' 2>/dev/null)
+
+MARKER="${CC_HEADLESS_MARKER:-/tmp/claude-headless-result-${PPID:-0}}"
+
+if [ "$STOP_REASON" = "tool_use" ] || [ -z "$RESULT" ]; then
+    echo "WARNING: Headless session ended with incomplete result." >&2
+    echo "  stop_reason: ${STOP_REASON:-unknown}" >&2
+    echo "  result length: ${#RESULT}" >&2
+    echo "  This may indicate a stream interruption, not a completed task." >&2
+    echo "incomplete" > "$MARKER"
+else
+    echo "complete" > "$MARKER"
+fi
+
+exit 0