cc-safe-setup 29.6.32 → 29.6.36

package/examples/token-usage-tracker.sh

@@ -0,0 +1,14 @@
+INPUT=$(cat)
+TRANSCRIPT=$(ls -t ~/.claude/projects/*/sessions/*/transcript.jsonl 2>/dev/null | head -1)
+[ -f "$TRANSCRIPT" ] || exit 0
+USAGE=$(tail -20 "$TRANSCRIPT" | grep -o '"usage":{[^}]*}' | tail -1)
+if [ -n "$USAGE" ]; then
+    IN=$(echo "$USAGE" | grep -o '"input_tokens":[0-9]*' | grep -o '[0-9]*')
+    OUT=$(echo "$USAGE" | grep -o '"output_tokens":[0-9]*' | grep -o '[0-9]*')
+    TOTAL=$((${IN:-0} + ${OUT:-0}))
+    echo "$(date -Iseconds) in=${IN:-0} out=${OUT:-0} total=$TOTAL" >> ~/.claude/token-usage.log
+    BUDGET="${CC_TOKEN_BUDGET:-500000}"
+    SUM=$(awk -F'total=' '{sum+=$2}END{print sum+0}' ~/.claude/token-usage.log 2>/dev/null)
+    [ "${SUM:-0}" -gt "$BUDGET" ] && echo "Token usage: ~$SUM (budget: $BUDGET)" >&2
+fi
+exit 0

package/examples/turbo-cache-guard.sh

@@ -16,6 +16,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/uncommitted-changes-stop.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: Stop  MATCHER: ""
 INPUT=$(cat)
 if ! git rev-parse --is-inside-work-tree > /dev/null 2>&1; then
     exit 0

package/examples/uncommitted-work-shield.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+# uncommitted-work-shield.sh — Auto-stash before destructive git operations
+#
+# Solves: Git operations destroying uncommitted work (#34327, #33850, #37150).
+#         Users lost days of work from git reset/checkout/clean.
+#         Unlike uncommitted-work-guard (which blocks), this hook SAVES work.
+#
+# How it works: PreToolUse hook on Bash that detects destructive git
+#   commands and auto-stashes uncommitted changes before allowing them.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check destructive git commands
+DESTRUCTIVE_GIT='git\s+(reset\s+--hard|checkout\s+--|clean\s+-[fd]|stash\s+drop|stash\s+clear)'
+
+if ! echo "$COMMAND" | grep -qE "$DESTRUCTIVE_GIT"; then
+  exit 0
+fi
+
+# Check if there are uncommitted changes
+if ! git diff --quiet 2>/dev/null || ! git diff --cached --quiet 2>/dev/null; then
+  # Auto-stash with timestamp
+  STASH_MSG="auto-shield-$(date +%Y%m%d-%H%M%S)"
+  git stash push -m "$STASH_MSG" 2>/dev/null || true
+  echo "SHIELDED: Uncommitted changes saved to stash '$STASH_MSG'." >&2
+  echo "Restore with: git stash pop" >&2
+fi
+
+# Allow the command to proceed (changes are saved)
+exit 0

package/examples/usage-warn.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COUNTER="${HOME}/.claude/session-tool-count"
 COUNT=$(cat "$COUNTER" 2>/dev/null || echo 0)
 COUNT=$((COUNT + 1))

package/examples/verify-before-commit.sh

@@ -22,6 +22,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/virtual-cwd-helper.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# virtual-cwd-helper.sh — Remind about virtual working directory
+#
+# Solves: Claude Code is bound to the directory where it was
+#         spawned. Users can't switch projects mid-session (#3473).
+#
+# How it works: Reads ~/.claude/virtual-cwd file. If set,
+#   warns that commands should be prefixed with cd to the
+#   virtual CWD. Users can switch directories by updating
+#   the file.
+#
+# Setup: echo "/path/to/project" > ~/.claude/virtual-cwd
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+INPUT=$(cat)
+
+VCWD_FILE="${HOME}/.claude/virtual-cwd"
+[ ! -f "$VCWD_FILE" ] && exit 0
+
+VCWD=$(cat "$VCWD_FILE" 2>/dev/null)
+[ -z "$VCWD" ] && exit 0
+
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Skip if command already starts with cd to the virtual CWD
+if echo "$COMMAND" | grep -q "^cd $VCWD"; then
+  exit 0
+fi
+
+# Skip cd commands (user is navigating)
+if echo "$COMMAND" | grep -q "^cd "; then
+  exit 0
+fi
+
+echo "NOTE: Virtual CWD is $VCWD — prefix with: cd $VCWD &&" >&2
+exit 0

package/examples/vue-lint-on-edit.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PostToolUse  MATCHER: "Edit|Write"
 INPUT=$(cat)
 FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
 [[ -z "$FILE" ]] && exit 0

package/examples/webfetch-domain-allow.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+# ================================================================
+# webfetch-domain-allow.sh — Auto-approve WebFetch for allowed domains
+# ================================================================
+# PURPOSE:
+#   WebFetch(domain:*) in settings.json silently fails to match in
+#   many configurations (especially sandbox mode). This hook reads
+#   the requested URL, extracts the domain, and auto-approves if
+#   it matches a configurable allowlist.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "WebFetch"
+#
+# DECISION: exit 0 with permissionDecision "allow" = auto-approve
+#           exit 0 with empty JSON = passthrough (ask user)
+#
+# CONFIG: Set CC_WEBFETCH_ALLOW_DOMAINS env var (comma-separated)
+#   or edit the ALLOWED_DOMAINS array below.
+#   Use "*" to allow all domains.
+#
+# See: https://github.com/anthropics/claude-code/issues/9329
+# ================================================================
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+# Only handle WebFetch
+[[ "$TOOL" != "WebFetch" ]] && exit 0
+
+# Extract URL from tool input
+URL=$(echo "$INPUT" | jq -r '.tool_input.url // empty' 2>/dev/null)
+[ -z "$URL" ] && exit 0
+
+# Extract domain from URL
+DOMAIN=$(echo "$URL" | sed -E 's|^https?://||' | sed 's|/.*||' | sed 's|:.*||')
+[ -z "$DOMAIN" ] && exit 0
+
+# ========================================
+# DOMAIN ALLOWLIST — edit to your needs
+# ========================================
+# Option 1: Environment variable (comma-separated)
+#   export CC_WEBFETCH_ALLOW_DOMAINS="docs.anthropic.com,github.com,*.example.com"
+# Option 2: Edit this array directly
+ALLOWED_DOMAINS=(
+    "*"  # Allow all domains — change to specific domains for tighter control
+    # "docs.anthropic.com"
+    # "github.com"
+    # "*.github.io"
+    # "developer.mozilla.org"
+)
+
+# Override from env if set
+if [ -n "$CC_WEBFETCH_ALLOW_DOMAINS" ]; then
+    IFS=',' read -ra ALLOWED_DOMAINS <<< "$CC_WEBFETCH_ALLOW_DOMAINS"
+fi
+
+# Check domain against allowlist
+for pattern in "${ALLOWED_DOMAINS[@]}"; do
+    pattern=$(echo "$pattern" | xargs)  # trim whitespace
+    # Wildcard: allow everything
+    if [ "$pattern" = "*" ]; then
+        jq -n '{
+          hookSpecificOutput: {
+            hookEventName: "PreToolUse",
+            permissionDecision: "allow"
+          }
+        }'
+        exit 0
+    fi
+    # Glob pattern: *.example.com matches sub.example.com
+    if [[ "$pattern" == \** ]]; then
+        suffix="${pattern#\*}"
+        if [[ "$DOMAIN" == *"$suffix" ]]; then
+            jq -n '{
+              hookSpecificOutput: {
+                hookEventName: "PreToolUse",
+                permissionDecision: "allow"
+              }
+            }'
+            exit 0
+        fi
+    fi
+    # Exact match
+    if [ "$DOMAIN" = "$pattern" ]; then
+        jq -n '{
+          hookSpecificOutput: {
+            hookEventName: "PreToolUse",
+            permissionDecision: "allow"
+          }
+        }'
+        exit 0
+    fi
+done
+
+# Not in allowlist — passthrough to normal permission flow
+exit 0

package/examples/worktree-delete-guard.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# ================================================================
+# worktree-delete-guard.sh — Block git worktree removal
+# ================================================================
+# PURPOSE:
+#   Prevents one Claude session from deleting a worktree that
+#   another session is actively using. Opus 4.6 has been observed
+#   removing worktrees during cleanup without checking for
+#   concurrent sessions. (#40850)
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+#
+# WHAT IT BLOCKS:
+#   - git worktree remove <path>
+#   - git worktree prune
+#   - rm -rf on worktree directories
+# ================================================================
+
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Block explicit worktree removal
+if echo "$COMMAND" | grep -qE 'git\s+worktree\s+(remove|prune)'; then
+    echo "BLOCKED: Cannot remove git worktrees — other sessions may depend on them." >&2
+    echo "Command: $COMMAND" >&2
+    echo "List worktrees first: git worktree list" >&2
+    exit 2
+fi
+
+# Block rm on worktree paths (if we're in a git repo)
+if git rev-parse --git-dir &>/dev/null; then
+    COMMON_DIR=$(git rev-parse --path-format=absolute --git-common-dir 2>/dev/null)
+    if [ -n "$COMMON_DIR" ]; then
+        WORKTREES_DIR="${COMMON_DIR}/worktrees"
+        if echo "$COMMAND" | grep -qE "(rm|rmdir)\s+.*worktrees"; then
+            echo "BLOCKED: Cannot delete worktree storage directory." >&2
+            exit 2
+        fi
+    fi
+fi
+
+exit 0

package/examples/worktree-memory-guard.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+# worktree-memory-guard.sh — Warn when memory path resolves to main worktree
+#
+# Solves: Git worktrees resolving to main worktree's memory directory (#39920).
+#         In worktree isolation mode, Claude writes memory to the main repo's
+#         .claude/projects/ instead of the worktree's, causing cross-contamination.
+#
+# How it works: PreToolUse hook on Write/Edit that checks if the target
+#   path is a memory file (.claude/projects/*/memory/) and warns if
+#   the current working directory differs from the resolved path's repo root.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Write|Edit"
+
+set -euo pipefail
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Only check memory files
+if ! echo "$FILE" | grep -q '.claude/projects/.*/memory/'; then
+  exit 0
+fi
+
+# Check if we're in a worktree
+GIT_DIR=$(git rev-parse --git-dir 2>/dev/null || echo "")
+if [ -z "$GIT_DIR" ]; then
+  exit 0
+fi
+
+# Detect worktree by checking if .git is a file (worktree) vs directory (main)
+if [ -f ".git" ]; then
+  # We're in a worktree — check if memory path points to main repo
+  MAIN_WORKTREE=$(git rev-parse --path-format=absolute --git-common-dir 2>/dev/null | sed 's|/.git$||')
+  CWD=$(pwd)
+
+  if [ "$MAIN_WORKTREE" != "$CWD" ] && echo "$FILE" | grep -q "$MAIN_WORKTREE"; then
+    echo "WARNING: Memory file resolves to main worktree, not current worktree." >&2
+    echo "  File: $FILE" >&2
+    echo "  Main: $MAIN_WORKTREE" >&2
+    echo "  CWD:  $CWD" >&2
+    echo "  Consider writing to worktree-local memory instead." >&2
+  fi
+fi
+
+exit 0

package/examples/worktree-path-validator.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# worktree-path-validator.sh — Warn when file operations target main workspace instead of worktree
+#
+# Solves: In worktree sessions, Edit/Read/Write tools target
+#         files in the main workspace instead of the worktree
+#         directory (#36182). This causes edits to the wrong
+#         copy of files.
+#
+# How it works: Detects if running in a worktree (git rev-parse
+#   --git-common-dir differs from --git-dir). If so, checks
+#   that file_path targets the worktree, not the main workspace.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Edit|Write|Read"
+
+set -euo pipefail
+INPUT=$(cat)
+
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE_PATH" ] && exit 0
+
+# Check if we're in a worktree
+GIT_DIR=$(git rev-parse --git-dir 2>/dev/null) || exit 0
+GIT_COMMON=$(git rev-parse --git-common-dir 2>/dev/null) || exit 0
+
+# If git-dir == git-common-dir, we're in the main repo (not a worktree)
+[ "$GIT_DIR" = "$GIT_COMMON" ] && exit 0
+
+# We're in a worktree — check that file_path is within the worktree
+WORKTREE_ROOT=$(git rev-parse --show-toplevel 2>/dev/null) || exit 0
+MAIN_ROOT=$(cd "$GIT_COMMON/.." && pwd 2>/dev/null) || exit 0
+
+# If file_path starts with the main workspace path instead of worktree
+if echo "$FILE_PATH" | grep -q "^$MAIN_ROOT" && ! echo "$FILE_PATH" | grep -q "^$WORKTREE_ROOT"; then
+  echo "WARNING: File path targets main workspace, not this worktree." >&2
+  echo "  File: $FILE_PATH" >&2
+  echo "  Worktree: $WORKTREE_ROOT" >&2
+  echo "  Main repo: $MAIN_ROOT" >&2
+  echo "  Consider using: ${FILE_PATH/$MAIN_ROOT/$WORKTREE_ROOT}" >&2
+fi
+
+exit 0

package/examples/worktree-project-unify.sh

@@ -0,0 +1,19 @@
+MAIN_TREE=$(git worktree list --porcelain 2>/dev/null | head -1 | sed 's/worktree //')
+[ -z "$MAIN_TREE" ] && exit 0
+CUR_DIR=$(pwd)
+[ "$CUR_DIR" = "$MAIN_TREE" ] && exit 0
+to_project_dir() {
+    echo "$HOME/.claude/projects/$(echo "$1" | sed 's|/|-|g; s|^-||')"
+}
+MAIN_PROJECT=$(to_project_dir "$MAIN_TREE")
+CUR_PROJECT=$(to_project_dir "$CUR_DIR")
+if [ -d "$MAIN_PROJECT" ] && [ ! -L "$CUR_PROJECT" ]; then
+    if [ -d "$CUR_PROJECT" ] && [ -z "$(ls -A "$CUR_PROJECT" 2>/dev/null)" ]; then
+        rmdir "$CUR_PROJECT"
+    fi
+    if [ ! -e "$CUR_PROJECT" ]; then
+        ln -s "$MAIN_PROJECT" "$CUR_PROJECT"
+        echo "Linked worktree project dir → main repo" >&2
+    fi
+fi
+exit 0

package/examples/worktree-unmerged-guard.sh

@@ -17,6 +17,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 # jq with python3 fallback (macOS may not have jq)

package/examples/write-overwrite-confirm.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# write-overwrite-confirm.sh — Warn when Write tool overwrites large files
+#
+# Solves: Write tool silently replacing large files with new content (#34597).
+#         A 500-line file can be overwritten with 10 lines without warning.
+#
+# How it works: PreToolUse hook on Write that compares the new content
+#   size against the existing file. If the new content is significantly
+#   smaller, warns about potential data loss.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Write"
+
+set -euo pipefail
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Skip if file doesn't exist (new file creation)
+[ ! -f "$FILE" ] && exit 0
+
+# Get current file size (lines)
+CURRENT_LINES=$(wc -l < "$FILE" 2>/dev/null || echo 0)
+
+# Get new content size (approximate from JSON length)
+NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // empty' 2>/dev/null)
+NEW_LINES=$(echo "$NEW_CONTENT" | wc -l 2>/dev/null || echo 0)
+
+# Warn if shrinking by more than 50% and file is > 50 lines
+if [ "$CURRENT_LINES" -gt 50 ] && [ "$NEW_LINES" -gt 0 ]; then
+  RATIO=$((NEW_LINES * 100 / CURRENT_LINES))
+  if [ "$RATIO" -lt 50 ]; then
+    echo "WARNING: File shrinking from $CURRENT_LINES to ~$NEW_LINES lines ($RATIO%)." >&2
+    echo "File: $FILE" >&2
+    echo "Consider using Edit tool for targeted changes instead of full rewrite." >&2
+  fi
+fi
+
+exit 0

package/examples/write-secret-guard.sh

@@ -24,6 +24,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/write-shrink-guard.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# ================================================================
+# write-shrink-guard.sh — Block writes that drastically shrink files
+# ================================================================
+# PURPOSE:
+#   Prevents accidental file truncation. When Claude uses the Write
+#   tool, if the new content is <10% of the original file size,
+#   it's likely a truncation bug, not an intentional edit.
+#
+#   Real case: 31,699-line file truncated to 16 lines, destroying
+#   5 hours of work. (#40807)
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Write"
+#
+# DECISION: exit 2 = block, exit 0 = allow
+# ================================================================
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+[ "$TOOL" != "Write" ] && exit 0
+
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] || [ ! -f "$FILE" ] && exit 0
+
+# Get original file size
+OLD_SIZE=$(wc -c < "$FILE" 2>/dev/null || echo 0)
+[ "$OLD_SIZE" -lt 1000 ] && exit 0  # Skip small files
+
+# Get new content size
+NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // empty' 2>/dev/null)
+NEW_SIZE=${#NEW_CONTENT}
+
+# Calculate ratio
+if [ "$NEW_SIZE" -gt 0 ] && [ "$OLD_SIZE" -gt 0 ]; then
+    RATIO=$((NEW_SIZE * 100 / OLD_SIZE))
+    if [ "$RATIO" -lt 10 ]; then
+        echo "BLOCKED: Write would shrink $(basename "$FILE") from $OLD_SIZE to $NEW_SIZE bytes (${RATIO}% of original)." >&2
+        echo "This looks like accidental truncation. Use Edit for targeted changes instead." >&2
+        exit 2
+    elif [ "$RATIO" -lt 25 ]; then
+        echo "WARNING: Write would significantly reduce $(basename "$FILE") from $OLD_SIZE to $NEW_SIZE bytes (${RATIO}%)." >&2
+    fi
+fi
+
+exit 0

package/examples/write-test-ratio.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 echo "$COMMAND" | grep -qE "^\s*git\s+commit" || exit 0; S=$(git diff --cached --name-only 2>/dev/null | grep -cvE "test|spec" || echo 0); T=$(git diff --cached --name-only 2>/dev/null | grep -cE "test|spec" || echo 0); [ "$S" -gt 5 ] && [ "$T" -eq 0 ] && echo "WARNING: $S source files, 0 test files" >&2