cc-safe-setup 29.6.32 → 29.6.36

package/examples/file-recycle-bin.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# file-recycle-bin.sh — Move deleted files to recycle bin instead of permanent deletion
+#
+# Solves: No undo for file operations during Claude Code sessions (#39949).
+#         When Claude deletes or overwrites files, they're gone permanently
+#         unless git tracked. This hook intercepts rm commands and moves
+#         files to a session recycle bin.
+#
+# How it works: PreToolUse hook on Bash that intercepts rm commands,
+#   copies target files to .claude/recycle-bin/ before allowing deletion.
+#   Restore with: cp .claude/recycle-bin/<file> <original-path>
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only intercept rm commands (not rm -rf which destructive-guard handles)
+if ! echo "$COMMAND" | grep -qE '^\s*rm\s'; then
+  exit 0
+fi
+
+# Skip if destructive-guard would catch it (rm -rf /, rm -rf ~, etc.)
+if echo "$COMMAND" | grep -qE 'rm\s+(-[rf]+\s+)*(/|~|\$HOME)'; then
+  exit 0  # Let destructive-guard handle these
+fi
+
+# Extract file paths from rm command (simple extraction)
+FILES=$(echo "$COMMAND" | sed 's/^[[:space:]]*rm[[:space:]]*//' | sed 's/-[rfiv]*//g' | tr ' ' '\n' | grep -v '^$' | grep -v '^-')
+
+BIN_DIR=".claude/recycle-bin"
+mkdir -p "$BIN_DIR"
+
+for FILE in $FILES; do
+  if [ -f "$FILE" ]; then
+    BASENAME=$(basename "$FILE")
+    TIMESTAMP=$(date +%H%M%S)
+    cp "$FILE" "$BIN_DIR/${TIMESTAMP}-${BASENAME}" 2>/dev/null || true
+    echo "Backed up: $FILE -> $BIN_DIR/${TIMESTAMP}-${BASENAME}" >&2
+  fi
+done
+
+# Allow the rm to proceed (files are backed up)
+exit 0

package/examples/file-size-limit.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)

package/examples/five-hundred-milestone.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: Notification  MATCHER: ""
 INPUT=$(cat)
 SETTINGS="$HOME/.claude/settings.local.json"
 [[ ! -f "$SETTINGS" ]] && exit 0

package/examples/flask-debug-guard.sh

@@ -17,6 +17,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/gem-push-guard.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 [[ -z "$COMMAND" ]] && exit 0

package/examples/git-checkout-safety-guard.sh

@@ -23,6 +23,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/git-config-guard.sh

@@ -14,6 +14,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/git-crypt-worktree-guard.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# git-crypt-worktree-guard.sh — Block worktree creation in git-crypt repos
+#
+# Solves: When Claude creates a worktree in a git-crypt repo,
+#         the smudge filter fails because git-crypt hasn't been
+#         unlocked in the new worktree. This produces destructive
+#         commits that delete all encrypted files (#38538).
+#
+# How it works: Before git worktree add, checks if the repo
+#   uses git-crypt (.gitattributes contains filter=git-crypt).
+#   If yes, blocks the worktree creation with a warning.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+INPUT=$(cat)
+
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check git worktree add
+if ! echo "$COMMAND" | grep -qE 'git\s+worktree\s+add'; then
+  exit 0
+fi
+
+# Check if repo uses git-crypt
+if [ -f ".gitattributes" ] && grep -q "filter=git-crypt" .gitattributes 2>/dev/null; then
+  echo "BLOCKED: Cannot create worktree in a git-crypt repo." >&2
+  echo "git-crypt is not automatically unlocked in new worktrees." >&2
+  echo "This would produce destructive commits that delete all encrypted files." >&2
+  echo "Work in the main repo instead, or manually run 'git-crypt unlock' in the worktree first." >&2
+  exit 2
+fi
+
+exit 0

package/examples/git-hook-bypass-guard.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 if echo "$COMMAND" | grep -qE "git\s+(commit|push|merge).*--no-verify"; then echo "WARNING: --no-verify bypasses git hooks" >&2; fi

package/examples/git-merge-conflict-prevent.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
 [ -z "$CONTENT" ] && exit 0

package/examples/git-message-length.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 echo "$COMMAND" | grep -qE "git\s+commit\s+-m" || exit 0; MSG=$(echo "$COMMAND" | grep -oP "(?<=-m\s[\x27\x22])[^\x27\x22]+"); [ ${#MSG} -lt 10 ] && echo "WARNING: Commit message too short (${#MSG} chars)" >&2

package/examples/git-operations-require-approval.sh

@@ -0,0 +1,99 @@
+#!/bin/bash
+# ================================================================
+# git-operations-require-approval.sh — Block git write operations
+# ================================================================
+# PURPOSE:
+#   Claude Code sometimes ignores CLAUDE.md rules about git commit,
+#   push, and branch creation — performing these operations without
+#   user approval. This hook enforces the restriction at process level.
+#
+# Blocks:
+#   git commit, git push (including --force), git checkout -b,
+#   git switch -c, git branch <name>
+#
+# Does NOT block:
+#   git status, git log, git diff, git show, git branch (list),
+#   git fetch, git stash, git add
+#
+# Handles compound commands (&&, ;, ||) by checking each segment.
+#
+# See: https://github.com/anthropics/claude-code/issues/40695
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+# ================================================================
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+[ -z "$COMMAND" ] && exit 0
+
+# Skip if the command is inside echo/printf (not actual execution)
+echo "$COMMAND" | grep -qE '^\s*(echo|printf)\s' && exit 0
+
+# Check each segment of compound commands
+check_segment() {
+    local seg="$1"
+    # Trim whitespace
+    seg=$(echo "$seg" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+    [ -z "$seg" ] && return 0
+
+    # git commit
+    if echo "$seg" | grep -qE '\bgit\s+commit\b'; then
+        echo "BLOCKED: git commit requires explicit user approval." >&2
+        echo "Command: $seg" >&2
+        echo "" >&2
+        echo "See: https://github.com/anthropics/claude-code/issues/40695" >&2
+        return 1
+    fi
+
+    # git push (including force variants)
+    if echo "$seg" | grep -qE '\bgit\s+push\b'; then
+        echo "BLOCKED: git push requires explicit user approval." >&2
+        echo "Command: $seg" >&2
+        echo "" >&2
+        echo "See: https://github.com/anthropics/claude-code/issues/40695" >&2
+        return 1
+    fi
+
+    # git checkout -b (branch creation)
+    if echo "$seg" | grep -qE '\bgit\s+checkout\s+(-b|--branch)\b'; then
+        echo "BLOCKED: git branch creation requires explicit user approval." >&2
+        echo "Command: $seg" >&2
+        return 1
+    fi
+
+    # git switch -c / --create (branch creation)
+    if echo "$seg" | grep -qE '\bgit\s+switch\s+(-c|--create)\b'; then
+        echo "BLOCKED: git branch creation requires explicit user approval." >&2
+        echo "Command: $seg" >&2
+        return 1
+    fi
+
+    # git branch <name> (creation, not listing)
+    # git branch without flags or with only -a/-r/-l/--list is listing
+    if echo "$seg" | grep -qE '\bgit\s+branch\s'; then
+        # Allow listing flags
+        if echo "$seg" | grep -qE '\bgit\s+branch\s+(-[arl]|--list|--merged|--no-merged|--contains|-v|--verbose|-d|--delete|-D)\b'; then
+            return 0
+        fi
+        # If it has a name argument after "git branch", it's creation
+        local args
+        args=$(echo "$seg" | sed 's/.*\bgit\s\+branch\s\+//')
+        if [ -n "$args" ] && ! echo "$args" | grep -qE '^\s*$'; then
+            echo "BLOCKED: git branch creation requires explicit user approval." >&2
+            echo "Command: $seg" >&2
+            return 1
+        fi
+    fi
+
+    return 0
+}
+
+# Split on && ; || and check each part
+while IFS= read -r segment; do
+    if ! check_segment "$segment"; then
+        exit 2
+    fi
+done < <(echo "$COMMAND" | sed 's/&&/\n/g; s/;/\n/g; s/||/\n/g')
+
+exit 0

package/examples/git-show-flag-sanitizer.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# ================================================================
+# git-show-flag-sanitizer.sh — Strip invalid --no-stat from git show
+# ================================================================
+# PURPOSE:
+#   Claude Code frequently runs `git show <ref> --no-stat`, but --no-stat
+#   is not a valid git-show flag. The command fails with exit code 128,
+#   wasting context on error output and retries.
+#   This hook silently rewrites the command to remove --no-stat.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+#
+# See: https://github.com/anthropics/claude-code/issues/13071
+# ================================================================
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only act on git show commands containing --no-stat
+case "$COMMAND" in
+  *git\ show*--no-stat*|*git\ show*--no-stat*) ;;
+  *) exit 0 ;;
+esac
+
+# Remove --no-stat flag (handles multiple spaces)
+NEW_COMMAND=$(echo "$COMMAND" | sed 's/ --no-stat//')
+
+# Collapse any double spaces left behind
+NEW_COMMAND=$(echo "$NEW_COMMAND" | sed 's/  */ /g')
+
+jq -n --arg cmd "$NEW_COMMAND" '{
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow",
+    updatedInput: { command: $cmd }
+  }
+}'
+
+exit 0

package/examples/git-stash-before-danger.sh

@@ -18,6 +18,8 @@
 #     }]
 #   }
 # }
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)

package/examples/git-submodule-guard.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 if echo "$COMMAND" | grep -qE '\bgit\s+submodule\s+(deinit|rm)\b'; then

package/examples/git-tag-guard.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 if echo "$COMMAND" | grep -qE 'git\s+tag\s+(-a\s+|-d\s+)?v'; then

package/examples/github-actions-secret-guard.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# github-actions-secret-guard.sh — Prevent hardcoded secrets in GitHub Actions workflows
+#
+# Solves: Claude writes API keys, tokens, or passwords directly into
+#         .github/workflows/*.yml files instead of using ${{ secrets.NAME }}.
+#         These get committed and pushed to public/private repos.
+#
+# How it works: PostToolUse hook on Edit/Write that checks if the target
+#   is a GitHub Actions workflow file, then scans for patterns that look
+#   like hardcoded secrets instead of ${{ secrets.* }} references.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Edit|Write"
+
+set -euo pipefail
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+case "$TOOL" in Edit|Write) ;; *) exit 0 ;; esac
+
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Only check GitHub Actions workflow files
+case "$FILE" in
+    .github/workflows/*.yml|.github/workflows/*.yaml) ;;
+    */.github/workflows/*.yml|*/.github/workflows/*.yaml) ;;
+    *) exit 0 ;;
+esac
+
+[ -f "$FILE" ] || exit 0
+
+# Check for hardcoded secret patterns (not using ${{ secrets.* }})
+ISSUES=""
+
+# API keys / tokens in env or with: blocks
+if grep -nE '(APIKEY|API_KEY|TOKEN|SECRET|PASSWORD|PRIVATE_KEY)\s*[:=]\s*["\x27]?[A-Za-z0-9+/=_-]{20,}' "$FILE" 2>/dev/null | grep -v '\${{' | head -3 | grep -q .; then
+    ISSUES="${ISSUES}Hardcoded API key/token found (use \${{ secrets.NAME }} instead)\n"
+fi
+
+# Bearer tokens
+if grep -nE 'Bearer\s+[A-Za-z0-9._-]{20,}' "$FILE" 2>/dev/null | grep -v '\${{' | head -1 | grep -q .; then
+    ISSUES="${ISSUES}Hardcoded Bearer token found\n"
+fi
+
+# AWS credentials
+if grep -nE 'AKIA[0-9A-Z]{16}' "$FILE" 2>/dev/null | head -1 | grep -q .; then
+    ISSUES="${ISSUES}AWS access key ID found in workflow\n"
+fi
+
+if [ -n "$ISSUES" ]; then
+    echo "WARNING: Potential secrets in GitHub Actions workflow:" >&2
+    echo "  File: $FILE" >&2
+    echo -e "  $ISSUES" >&2
+    echo "  Use \${{ secrets.NAME }} instead of hardcoded values." >&2
+    echo "  Add secrets via: gh secret set NAME --body 'value'" >&2
+fi
+
+exit 0

package/examples/gitignore-check.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
 echo "$COMMAND" | grep -qE '^\s*git\s+add' || exit 0

package/examples/gitops-drift-guard.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# gitops-drift-guard.sh — Warn when editing infrastructure files without PR
+#
+# Solves: Claude directly modifying Terraform, Kubernetes manifests, or
+#         Helm values on the default branch instead of creating a PR.
+#         In GitOps workflows, direct commits to main trigger immediate
+#         infrastructure changes.
+#
+# How it works: PreToolUse hook on Edit/Write that checks if the target
+#   file is an infrastructure file AND the current branch is main/master.
+#   Warns that changes should go through a PR for review.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Edit|Write"
+
+set -euo pipefail
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+case "$TOOL" in Edit|Write) ;; *) exit 0 ;; esac
+
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Check if this is an infrastructure file
+IS_INFRA=false
+case "$FILE" in
+    *.tf|*.tfvars) IS_INFRA=true ;;                    # Terraform
+    */k8s/*.yaml|*/k8s/*.yml) IS_INFRA=true ;;         # Kubernetes manifests
+    */helm/**/values*.yaml) IS_INFRA=true ;;            # Helm values
+    */charts/**/*.yaml) IS_INFRA=true ;;                # Helm charts
+    .github/workflows/*.yml) IS_INFRA=true ;;           # CI/CD workflows
+    Dockerfile*|docker-compose*.yml) IS_INFRA=true ;;   # Docker
+    */argocd/*.yaml) IS_INFRA=true ;;                   # ArgoCD
+    */flux/*.yaml) IS_INFRA=true ;;                     # Flux
+    ansible/*.yml|*/playbooks/*.yml) IS_INFRA=true ;;   # Ansible
+esac
+
+$IS_INFRA || exit 0
+
+# Check if we're on a protected branch
+BRANCH=$(git branch --show-current 2>/dev/null || echo "")
+case "$BRANCH" in
+    main|master|production|release|release/*)
+        echo "WARNING: Editing infrastructure file on protected branch '$BRANCH'." >&2
+        echo "  File: $FILE" >&2
+        echo "  In GitOps workflows, changes to $BRANCH trigger immediate deployment." >&2
+        echo "  Consider creating a feature branch and PR instead." >&2
+        # Warning only — change to exit 2 to block
+        ;;
+esac
+
+exit 0

package/examples/go-mod-tidy-warn.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PostToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 [[ -z "$COMMAND" ]] && exit 0

package/examples/hallucination-url-check.sh

@@ -21,6 +21,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)

package/examples/hardcoded-ip-guard.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
 INPUT=$(cat)
 FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
 [[ -z "$FILE" ]] && exit 0

package/examples/headless-empty-result-guard.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# headless-empty-result-guard.sh — Detect empty results in headless mode
+#
+# Solves: claude -p exits with empty result when stream is interrupted (#40432).
+#         stop_reason: "tool_use" with result: "" is treated as success,
+#         but the model was actually mid-generation.
+#
+# How it works: Stop hook that checks environment for headless indicators
+#   and warns if the session produced no visible output. In CI/automation,
+#   this can trigger a retry or alert.
+#
+# CONFIG:
+#   CC_HEADLESS_MARKER="/tmp/claude-headless-result"
+#   Set this in your CI script to check after claude -p exits.
+#
+# TRIGGER: Stop
+# MATCHER: ""
+
+set -euo pipefail
+
+INPUT=$(cat)
+
+# Check if we're in headless/print mode
+# Indicators: CLAUDE_PRINT_MODE env var, or no TTY
+if [ -z "${CLAUDE_PRINT_MODE:-}" ] && [ -t 0 ]; then
+    # Interactive mode — skip
+    exit 0
+fi
+
+# Check for empty/incomplete result indicators
+STOP_REASON=$(echo "$INPUT" | jq -r '.stop_reason // empty' 2>/dev/null)
+RESULT=$(echo "$INPUT" | jq -r '.result // empty' 2>/dev/null)
+
+MARKER="${CC_HEADLESS_MARKER:-/tmp/claude-headless-result-${PPID:-0}}"
+
+if [ "$STOP_REASON" = "tool_use" ] || [ -z "$RESULT" ]; then
+    echo "WARNING: Headless session ended with incomplete result." >&2
+    echo "  stop_reason: ${STOP_REASON:-unknown}" >&2
+    echo "  result length: ${#RESULT}" >&2
+    echo "  This may indicate a stream interruption, not a completed task." >&2
+    echo "incomplete" > "$MARKER"
+else
+    echo "complete" > "$MARKER"
+fi
+
+exit 0

package/examples/headless-stop-guard.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# headless-stop-guard.sh — Skip Stop hooks in headless (-p) mode
+#
+# Solves: Stop hook causes empty result in print mode (#38651).
+#         Any Stop hook (even no-op) causes `claude -p` to return
+#         empty string instead of the model's response.
+#
+# How it works: Detects headless mode via parent process inspection
+#   and exits immediately, preventing the Stop hook from interfering
+#   with result collection.
+#
+# TRIGGER: Stop
+# MATCHER: ""
+#
+# Usage: Use as a wrapper around your actual Stop hook:
+# {
+#   "hooks": {
+#     "Stop": [{
+#       "hooks": [{ "type": "command", "command": "bash ~/.claude/hooks/headless-stop-guard.sh ~/.claude/hooks/my-stop-hook.sh" }]
+#     }]
+#   }
+# }
+#
+# Or set CC_HEADLESS=1 in your wrapper script before `claude -p`.
+
+# Method 1: Environment variable (most reliable)
+[ "$CC_HEADLESS" = "1" ] && exit 0
+
+# Method 2: Parent process detection
+PARENT_CMD=$(ps -o args= -p $PPID 2>/dev/null || true)
+if echo "$PARENT_CMD" | grep -qE '\bclaude\b.*\s-p\b'; then
+    exit 0
+fi
+
+# Not headless — run the wrapped hook if provided
+TARGET="$1"
+if [ -n "$TARGET" ] && [ -f "$TARGET" ]; then
+    shift
+    cat | bash "$TARGET" "$@"
+    exit $?
+fi
+
+exit 0

package/examples/helm-install-guard.sh

@@ -1,3 +1,5 @@
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 INPUT=$(cat)
 COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 [[ -z "$COMMAND" ]] && exit 0

package/examples/issue-draft-redact-guard.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# issue-draft-redact-guard.sh — Redact sensitive info from public issue drafts
+#
+# Solves: Claude drafting public bug reports with sensitive project info (#29121).
+#         Internal org names, private URLs, IP addresses, and file paths
+#         get included in gh issue create commands.
+#
+# How it works: PreToolUse hook on Bash that intercepts gh issue/pr create
+#   commands and scans the body for sensitive patterns.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check issue/PR creation commands
+if ! echo "$COMMAND" | grep -qE 'gh\s+(issue|pr)\s+create'; then
+  exit 0
+fi
+
+# Scan for sensitive patterns in the command body
+SENSITIVE_PATTERNS=(
+  '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'  # IP addresses
+  '(internal|private|corp|staging)\.[a-z]+\.[a-z]+'    # Internal domains
+  '/home/[a-zA-Z]+/'                                    # Home directory paths
+  '/Users/[a-zA-Z]+/'                                   # macOS home paths
+  'password|passwd|secret_key|private_key'               # Secret keywords
+)
+
+for pattern in "${SENSITIVE_PATTERNS[@]}"; do
+  if echo "$COMMAND" | grep -qEi "$pattern"; then
+    MATCH=$(echo "$COMMAND" | grep -oEi "$pattern" | head -1)
+    echo "WARNING: Sensitive pattern detected in issue draft." >&2
+    echo "Pattern match: $MATCH" >&2
+    echo "Review and redact before posting publicly." >&2
+    # Warn but don't block — user may intentionally include their own info
+    break
+  fi
+done
+
+exit 0

package/examples/java-compile-on-edit.sh

@@ -17,6 +17,8 @@
 #   }
 # }
 # ================================================================
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
 
 INPUT=$(cat)
 FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)