cc-safe-setup 29.6.33 → 29.6.37

package/examples/settings-auto-backup.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# ================================================================
+# settings-auto-backup.sh — Auto-backup settings on session start
+# ================================================================
+# PURPOSE:
+#   Claude Code auto-updates have been observed silently wiping
+#   settings.json, settings.local.json, and plugin state. (#40714)
+#   This hook creates rolling backups on every session start and
+#   warns if settings appear to have been reset.
+#
+# TRIGGER: Notification
+# MATCHER: "SessionStart"
+#
+# BACKUPS: ~/.claude/settings-backups/
+# ================================================================
+
+BACKUP_DIR="$HOME/.claude/settings-backups"
+mkdir -p "$BACKUP_DIR"
+
+TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+BACKED_UP=0
+
+# Backup settings files
+for f in settings.json settings.local.json; do
+    SRC="$HOME/.claude/$f"
+    if [ -f "$SRC" ] && [ -s "$SRC" ]; then
+        cp "$SRC" "$BACKUP_DIR/${f%.json}-${TIMESTAMP}.json"
+        BACKED_UP=$((BACKED_UP + 1))
+    fi
+done
+
+# Keep only last 10 backups per file type
+for prefix in settings settings.local; do
+    ls -t "$BACKUP_DIR/${prefix}-"*.json 2>/dev/null | tail -n +11 | xargs rm -f 2>/dev/null
+done
+
+# Detect suspicious settings reset
+SETTINGS="$HOME/.claude/settings.json"
+if [ -f "$SETTINGS" ]; then
+    KEY_COUNT=$(jq 'keys | length' "$SETTINGS" 2>/dev/null || echo 0)
+    if [ "$KEY_COUNT" -le 1 ]; then
+        LATEST_BACKUP=$(ls -t "$BACKUP_DIR/settings-"*.json 2>/dev/null | head -2 | tail -1)
+        if [ -n "$LATEST_BACKUP" ]; then
+            BACKUP_KEYS=$(jq 'keys | length' "$LATEST_BACKUP" 2>/dev/null || echo 0)
+            if [ "$BACKUP_KEYS" -gt "$KEY_COUNT" ]; then
+                echo "⚠ Settings may have been reset ($KEY_COUNT keys vs $BACKUP_KEYS in backup)" >&2
+                echo "  Restore: cp '$LATEST_BACKUP' '$SETTINGS'" >&2
+            fi
+        fi
+    fi
+fi
+
+exit 0

package/examples/settings-mutation-detector.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# settings-mutation-detector.sh — Detect unauthorized changes to Claude settings files
+#
+# Solves: Claude Code can modify its own settings files during
+#         a session, potentially disabling safety hooks or
+#         changing permissions without user awareness.
+#
+# How it works: On first run, takes a hash of key settings files.
+#   On subsequent runs, compares the current hash. If changed,
+#   warns the user. This catches silent permission escalation
+#   or hook removal.
+#
+# TRIGGER: PostToolUse
+# MATCHER: ""
+
+set -euo pipefail
+
+HASH_FILE="/tmp/claude-settings-hash-$$"
+
+# Files to monitor
+SETTINGS_FILES=""
+for f in \
+  ".claude/settings.json" \
+  ".claude/settings.local.json" \
+  "${HOME}/.claude/settings.json" \
+  "${HOME}/.claude/settings.local.json"; do
+  [ -f "$f" ] && SETTINGS_FILES="$SETTINGS_FILES $f"
+done
+
+[ -z "$SETTINGS_FILES" ] && exit 0
+
+# Calculate current hash
+CURRENT_HASH=$(cat $SETTINGS_FILES 2>/dev/null | md5sum | cut -d' ' -f1)
+
+if [ -f "$HASH_FILE" ]; then
+  PREV_HASH=$(cat "$HASH_FILE")
+  if [ "$CURRENT_HASH" != "$PREV_HASH" ]; then
+    echo "WARNING: Claude settings files were modified during this session!" >&2
+    echo "  Files monitored: $SETTINGS_FILES" >&2
+    echo "  Review changes to ensure hooks and permissions are intact." >&2
+  fi
+fi
+
+echo "$CURRENT_HASH" > "$HASH_FILE"
+exit 0

package/examples/subagent-context-size-guard.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# subagent-context-size-guard.sh — Warn on thin subagent prompts
+#
+# Solves: Subagents get spawned with minimal context, leading to
+#         poor results because they lack necessary background (#40929).
+#         The parent agent assumes shared context, but each subagent
+#         starts fresh.
+#
+# How it works: Checks Agent tool's prompt parameter length.
+#   If under 100 characters, warns that the prompt may be too thin
+#   for a standalone agent to work effectively.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Agent"
+
+set -euo pipefail
+INPUT=$(cat)
+PROMPT=$(echo "$INPUT" | jq -r '.tool_input.prompt // empty' 2>/dev/null)
+
+[ -z "$PROMPT" ] && exit 0
+
+LEN=${#PROMPT}
+if [ "$LEN" -lt 100 ]; then
+  echo "WARNING: Agent prompt is only ${LEN} chars. Subagents start with zero context — include enough background for them to work independently." >&2
+fi
+exit 0

package/examples/symlink-protect.sh

@@ -0,0 +1,12 @@
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+[[ "$TOOL" != "Write" && "$TOOL" != "Edit" ]] && exit 0
+if [ -L "$FILE" ]; then
+    TARGET=$(readlink -f "$FILE")
+    echo "NOTE: Redirecting write from symlink $FILE → $TARGET" >&2
+    echo "{\"updatedInput\":{\"file_path\":\"$TARGET\"}}"
+    exit 1
+fi
+exit 0

package/examples/temp-file-cleanup-stop.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# temp-file-cleanup-stop.sh — Clean up tmpclaude-* files on session end
+#
+# Solves: Claude Code creates tmpclaude-{hash}-cwd temporary
+#         files in the working directory but doesn't clean them
+#         up after the session ends (#17720). These accumulate
+#         over time and clutter the project.
+#
+# How it works: On Stop event, finds and removes all
+#   tmpclaude-*-cwd files in the current directory and /tmp.
+#   Only removes files matching the exact pattern to avoid
+#   deleting user files.
+#
+# TRIGGER: Stop
+# MATCHER: ""
+
+set -euo pipefail
+
+# Clean up tmpclaude-* files in current directory
+find . -maxdepth 1 -name "tmpclaude-*-cwd" -type f -delete 2>/dev/null || true
+
+# Also clean up in /tmp
+find /tmp -maxdepth 1 -name "tmpclaude-*" -type f -mmin +60 -delete 2>/dev/null || true
+
+# Clean up any .claude-tmp-* files too
+find . -maxdepth 1 -name ".claude-tmp-*" -type f -delete 2>/dev/null || true
+
+exit 0

package/examples/test-before-commit.sh

@@ -1,20 +1,17 @@
 #!/bin/bash
-#
-# TRIGGER: PreToolUse  MATCHER: "Bash"
-COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 [ -z "$COMMAND" ] && exit 0
-echo "$COMMAND" | grep -qE '^\s*git\s+commit' || exit 0
-RECENT=0
-TIMEOUT=${CC_TEST_TIMEOUT:-600}
-NOW=$(date +%s)
-for marker in coverage/.last-run.json test-results .nyc_output junit.xml; do
-    [ -e "$marker" ] || continue
-    MTIME=$(stat -c %Y "$marker" 2>/dev/null || echo 0)
-    [ $((NOW - MTIME)) -lt "$TIMEOUT" ] && RECENT=1 && break
-done
-if [ "$RECENT" -eq 0 ]; then
-    echo "BLOCKED: No recent test results (within $((TIMEOUT/60)) min)" >&2
-    echo "Run your test suite first, then commit." >&2
-    exit 2
+STATE="/tmp/cc-tests-ran-$$"
+if echo "$COMMAND" | grep -qE '^\s*(npm\s+test|npx\s+jest|pytest|python\s+-m\s+pytest|cargo\s+test|go\s+test|make\s+test|bundle\s+exec\s+rspec|mix\s+test)'; then
+    echo "1" > "$STATE"
+    exit 0
+fi
+if echo "$COMMAND" | grep -qE '^\s*git\s+commit'; then
+    if [ ! -f "$STATE" ] || [ "$(cat "$STATE" 2>/dev/null)" != "1" ]; then
+        echo "WARNING: No test commands detected since last commit." >&2
+        echo "  Run tests before committing to verify your changes." >&2
+    fi
+    rm -f "$STATE"
 fi
 exit 0

package/examples/token-spike-alert.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# token-spike-alert.sh — Alert on abnormal token consumption per turn
+#
+# Solves: Users report 10-20% of their 5-hour quota consumed by
+#         a single lightweight question (#40524, #38029, #40881).
+#         Cache invalidation causes full context re-processing,
+#         spiking token usage without user awareness.
+#
+# How it works: Tracks tool call count per session via a counter
+#   file. If more than MAX_TOOLS_PER_TURN tool calls happen in
+#   rapid succession (within 30 seconds), warns about possible
+#   runaway behavior that could spike token usage.
+#
+# TRIGGER: PostToolUse
+# MATCHER: ""
+
+set -euo pipefail
+
+COUNTER_FILE="/tmp/claude-token-spike-$$"
+MAX_TOOLS_PER_BURST="${MAX_TOOLS_PER_BURST:-15}"
+
+# Get current timestamp
+NOW=$(date +%s)
+
+# Read last timestamp and count
+if [ -f "$COUNTER_FILE" ]; then
+  LAST_TS=$(head -1 "$COUNTER_FILE" 2>/dev/null || echo "0")
+  COUNT=$(tail -1 "$COUNTER_FILE" 2>/dev/null || echo "0")
+else
+  LAST_TS=0
+  COUNT=0
+fi
+
+# If within 30-second burst window
+DELTA=$((NOW - LAST_TS))
+if [ "$DELTA" -lt 30 ]; then
+  COUNT=$((COUNT + 1))
+else
+  COUNT=1
+fi
+
+# Save state
+echo "$NOW" > "$COUNTER_FILE"
+echo "$COUNT" >> "$COUNTER_FILE"
+
+# Alert if burst detected
+if [ "$COUNT" -ge "$MAX_TOOLS_PER_BURST" ]; then
+  echo "WARNING: $COUNT tool calls in ${DELTA}s burst. Possible runaway behavior — check token consumption." >&2
+fi
+
+exit 0

package/examples/virtual-cwd-helper.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# virtual-cwd-helper.sh — Remind about virtual working directory
+#
+# Solves: Claude Code is bound to the directory where it was
+#         spawned. Users can't switch projects mid-session (#3473).
+#
+# How it works: Reads ~/.claude/virtual-cwd file. If set,
+#   warns that commands should be prefixed with cd to the
+#   virtual CWD. Users can switch directories by updating
+#   the file.
+#
+# Setup: echo "/path/to/project" > ~/.claude/virtual-cwd
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+
+set -euo pipefail
+INPUT=$(cat)
+
+VCWD_FILE="${HOME}/.claude/virtual-cwd"
+[ ! -f "$VCWD_FILE" ] && exit 0
+
+VCWD=$(cat "$VCWD_FILE" 2>/dev/null)
+[ -z "$VCWD" ] && exit 0
+
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Skip if command already starts with cd to the virtual CWD
+if echo "$COMMAND" | grep -q "^cd $VCWD"; then
+  exit 0
+fi
+
+# Skip cd commands (user is navigating)
+if echo "$COMMAND" | grep -q "^cd "; then
+  exit 0
+fi
+
+echo "NOTE: Virtual CWD is $VCWD — prefix with: cd $VCWD &&" >&2
+exit 0

package/examples/worktree-delete-guard.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# ================================================================
+# worktree-delete-guard.sh — Block git worktree removal
+# ================================================================
+# PURPOSE:
+#   Prevents one Claude session from deleting a worktree that
+#   another session is actively using. Opus 4.6 has been observed
+#   removing worktrees during cleanup without checking for
+#   concurrent sessions. (#40850)
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+#
+# WHAT IT BLOCKS:
+#   - git worktree remove <path>
+#   - git worktree prune
+#   - rm -rf on worktree directories
+# ================================================================
+
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Block explicit worktree removal
+if echo "$COMMAND" | grep -qE 'git\s+worktree\s+(remove|prune)'; then
+    echo "BLOCKED: Cannot remove git worktrees — other sessions may depend on them." >&2
+    echo "Command: $COMMAND" >&2
+    echo "List worktrees first: git worktree list" >&2
+    exit 2
+fi
+
+# Block rm on worktree paths (if we're in a git repo)
+if git rev-parse --git-dir &>/dev/null; then
+    COMMON_DIR=$(git rev-parse --path-format=absolute --git-common-dir 2>/dev/null)
+    if [ -n "$COMMON_DIR" ]; then
+        WORKTREES_DIR="${COMMON_DIR}/worktrees"
+        if echo "$COMMAND" | grep -qE "(rm|rmdir)\s+.*worktrees"; then
+            echo "BLOCKED: Cannot delete worktree storage directory." >&2
+            exit 2
+        fi
+    fi
+fi
+
+exit 0

package/examples/worktree-path-validator.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# worktree-path-validator.sh — Warn when file operations target main workspace instead of worktree
+#
+# Solves: In worktree sessions, Edit/Read/Write tools target
+#         files in the main workspace instead of the worktree
+#         directory (#36182). This causes edits to the wrong
+#         copy of files.
+#
+# How it works: Detects if running in a worktree (git rev-parse
+#   --git-common-dir differs from --git-dir). If so, checks
+#   that file_path targets the worktree, not the main workspace.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Edit|Write|Read"
+
+set -euo pipefail
+INPUT=$(cat)
+
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE_PATH" ] && exit 0
+
+# Check if we're in a worktree
+GIT_DIR=$(git rev-parse --git-dir 2>/dev/null) || exit 0
+GIT_COMMON=$(git rev-parse --git-common-dir 2>/dev/null) || exit 0
+
+# If git-dir == git-common-dir, we're in the main repo (not a worktree)
+[ "$GIT_DIR" = "$GIT_COMMON" ] && exit 0
+
+# We're in a worktree — check that file_path is within the worktree
+WORKTREE_ROOT=$(git rev-parse --show-toplevel 2>/dev/null) || exit 0
+MAIN_ROOT=$(cd "$GIT_COMMON/.." && pwd 2>/dev/null) || exit 0
+
+# If file_path starts with the main workspace path instead of worktree
+if echo "$FILE_PATH" | grep -q "^$MAIN_ROOT" && ! echo "$FILE_PATH" | grep -q "^$WORKTREE_ROOT"; then
+  echo "WARNING: File path targets main workspace, not this worktree." >&2
+  echo "  File: $FILE_PATH" >&2
+  echo "  Worktree: $WORKTREE_ROOT" >&2
+  echo "  Main repo: $MAIN_ROOT" >&2
+  echo "  Consider using: ${FILE_PATH/$MAIN_ROOT/$WORKTREE_ROOT}" >&2
+fi
+
+exit 0

package/examples/write-shrink-guard.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+# ================================================================
+# write-shrink-guard.sh — Block writes that drastically shrink files
+# ================================================================
+# PURPOSE:
+#   Prevents accidental file truncation. When Claude uses the Write
+#   tool, if the new content is <10% of the original file size,
+#   it's likely a truncation bug, not an intentional edit.
+#
+#   Real case: 31,699-line file truncated to 16 lines, destroying
+#   5 hours of work. (#40807)
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Write"
+#
+# DECISION: exit 2 = block, exit 0 = allow
+# ================================================================
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+[ "$TOOL" != "Write" ] && exit 0
+
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] || [ ! -f "$FILE" ] && exit 0
+
+# Get original file size
+OLD_SIZE=$(wc -c < "$FILE" 2>/dev/null || echo 0)
+[ "$OLD_SIZE" -lt 1000 ] && exit 0  # Skip small files
+
+# Get new content size
+NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // empty' 2>/dev/null)
+NEW_SIZE=${#NEW_CONTENT}
+
+# Calculate ratio
+if [ "$NEW_SIZE" -gt 0 ] && [ "$OLD_SIZE" -gt 0 ]; then
+    RATIO=$((NEW_SIZE * 100 / OLD_SIZE))
+    if [ "$RATIO" -lt 10 ]; then
+        echo "BLOCKED: Write would shrink $(basename "$FILE") from $OLD_SIZE to $NEW_SIZE bytes (${RATIO}% of original)." >&2
+        echo "This looks like accidental truncation. Use Edit for targeted changes instead." >&2
+        exit 2
+    elif [ "$RATIO" -lt 25 ]; then
+        echo "WARNING: Write would significantly reduce $(basename "$FILE") from $OLD_SIZE to $NEW_SIZE bytes (${RATIO}%)." >&2
+    fi
+fi
+
+exit 0