cc-safe-setup 29.6.39 → 29.7.0

package/.claude-plugin/marketplace.json

@@ -0,0 +1,66 @@
+{
+  "name": "cc-safe-setup",
+  "owner": {
+    "name": "yurukusa",
+    "email": "yurukusa@users.noreply.github.com"
+  },
+  "metadata": {
+    "description": "Safety hooks for Claude Code — 688 battle-tested hooks from 800+ hours of autonomous operation. Prevents rm -rf, force-push, credential leaks, unauthorized fund transfers, deny-rules bypass, and more.",
+    "version": "1.0.0",
+    "pluginRoot": "./plugins"
+  },
+  "plugins": [
+    {
+      "name": "safety-essentials",
+      "source": "./plugins/safety-essentials",
+      "description": "5 essential safety hooks: block rm -rf, force-push, hard-reset, env overwrites, and package publish. The minimum viable safety net.",
+      "version": "1.0.0",
+      "author": { "name": "yurukusa" },
+      "homepage": "https://yurukusa.github.io/cc-safe-setup/",
+      "repository": "https://github.com/yurukusa/cc-safe-setup",
+      "license": "MIT",
+      "keywords": ["safety", "hooks", "rm-rf", "force-push", "env", "essential"],
+      "category": "safety",
+      "tags": ["beginner-friendly", "must-have", "pretooluse"]
+    },
+    {
+      "name": "git-protection",
+      "source": "./plugins/git-protection",
+      "description": "Git safety hooks: block force-push, protect main/master, prevent hard-reset, guard rebase, and auto-backup before destructive operations.",
+      "version": "1.0.0",
+      "author": { "name": "yurukusa" },
+      "homepage": "https://yurukusa.github.io/cc-safe-setup/",
+      "repository": "https://github.com/yurukusa/cc-safe-setup",
+      "license": "MIT",
+      "keywords": ["git", "force-push", "main-branch", "reset", "rebase", "backup"],
+      "category": "safety",
+      "tags": ["git", "version-control", "pretooluse"]
+    },
+    {
+      "name": "credential-guard",
+      "source": "./plugins/credential-guard",
+      "description": "Protect secrets and credentials: block writes to .env files, detect API keys in commands, prevent hardcoded tokens, guard service account files.",
+      "version": "1.0.0",
+      "author": { "name": "yurukusa" },
+      "homepage": "https://yurukusa.github.io/cc-safe-setup/",
+      "repository": "https://github.com/yurukusa/cc-safe-setup",
+      "license": "MIT",
+      "keywords": ["credentials", "secrets", "api-keys", "env", "tokens", "security"],
+      "category": "security",
+      "tags": ["credentials", "secrets", "pretooluse"]
+    },
+    {
+      "name": "token-guard",
+      "source": "./plugins/token-guard",
+      "description": "Token consumption guards: large-read warning (100KB+), read budget limit, subagent cap, and token budget tracking. Reduce waste by 20-40%.",
+      "version": "1.0.0",
+      "author": { "name": "yurukusa" },
+      "homepage": "https://yurukusa.github.io/cc-safe-setup/token-book.html",
+      "repository": "https://github.com/yurukusa/cc-safe-setup",
+      "license": "MIT",
+      "keywords": ["tokens", "cost", "budget", "optimization", "large-read", "subagent"],
+      "category": "optimization",
+      "tags": ["token-saving", "cost-reduction", "pretooluse", "posttooluse"]
+    }
+  ]
+}

package/.claude-plugin/plugin.json

@@ -0,0 +1,11 @@
+{
+  "name": "cc-safe-setup",
+  "description": "665 safety hooks for Claude Code — prevent file deletion, credential leaks, git disasters, and token waste during autonomous AI coding sessions",
+  "version": "30.0.0",
+  "author": {
+    "name": "yurukusa"
+  },
+  "homepage": "https://yurukusa.github.io/cc-safe-setup/",
+  "repository": "https://github.com/yurukusa/cc-safe-setup",
+  "license": "MIT"
+}

package/README.md

@@ -4,23 +4,29 @@
 [![npm downloads](https://img.shields.io/npm/dw/cc-safe-setup)](https://www.npmjs.com/package/cc-safe-setup)
 [![tests](https://github.com/yurukusa/cc-safe-setup/actions/workflows/test.yml/badge.svg)](https://github.com/yurukusa/cc-safe-setup/actions/workflows/test.yml)
 
-**One command to make Claude Code safe for autonomous operation.** 650 example hooks · 14,078 tests · 1,000+ installs/day · [日本語](docs/README.ja.md)
+> 🚀 **Launching on [Product Hunt](https://www.producthunt.com/products/cc-safe-setup) — April 21!** Follow us and upvote to support open source safety for AI coding agents.
+
+**One command to make Claude Code safe for autonomous operation.** 700 example hooks · 9,200+ tests · 30K+ total installs · [日本語](docs/README.ja.md)
 
 ```bash
 npx cc-safe-setup
 ```
 
-Installs 8 safety hooks in ~10 seconds. Blocks `rm -rf /`, prevents pushes to main, catches secret leaks, validates syntax after every edit. Zero dependencies.
+Installs 8 safety hooks in ~10 seconds. Blocks `rm -rf /`, prevents pushes to main, catches secret leaks, validates syntax after every edit. Zero npm dependencies. Hooks use [`jq`](https://jqlang.github.io/jq/) at runtime (`brew install jq` / `apt install jq`).
 
 > **What's a hook?** A checkpoint that runs before Claude executes a command. Like airport security — it inspects what's about to happen and blocks anything dangerous before it reaches the gate.
 
-[**Getting Started**](https://yurukusa.github.io/cc-safe-setup/getting-started.html) · [**All Tools**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [**Recipes**](https://yurukusa.github.io/cc-safe-setup/recipes.html) · [Validate your settings.json](https://yurukusa.github.io/cc-safe-setup/validator.html) · [**Check your score**](https://yurukusa.github.io/cc-health-check/) (`npx cc-health-check`)
+[**Getting Started**](https://yurukusa.github.io/cc-safe-setup/getting-started.html) · [**Hook Selector**](https://yurukusa.github.io/cc-safe-setup/hook-selector.html) · [**Token Checkup**](https://yurukusa.github.io/cc-safe-setup/token-checkup.html) · [**Cache Health**](https://yurukusa.github.io/cc-safe-setup/cache-health.html) · [**Version Check**](https://yurukusa.github.io/cc-safe-setup/version-check.html) · [**CLAUDE.md Analyzer**](https://yurukusa.github.io/cc-safe-setup/claudemd-analyzer.html) · [**All Tools**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [**Recipes**](https://yurukusa.github.io/cc-safe-setup/recipes.html) · [Validate your settings.json](https://yurukusa.github.io/cc-safe-setup/validator.html) · [**Check your score**](https://yurukusa.github.io/cc-health-check/) (`npx cc-health-check`) · [**Safety Audit**](https://yurukusa.github.io/cc-safe-setup/safety-audit.html)
 
 ```
   cc-safe-setup
   Make Claude Code safe for autonomous operation
 
   Prevents real incidents (from GitHub Issues):
+  ✗ rm -rf permanently destroyed ~50 GB / 1,500 files (#49129) ← April 2026
+  ✗ Auto mode approved ~/.ssh deletion — all SSH keys gone (#49554)
+  ✗ ~/.git-credentials PATs deleted without confirmation (#49539)
+  ✗ rm -rf deleted 3,467 files (~7 GB) without confirmation (#46058)
   ✗ rm -rf deleted entire user directory via NTFS junction (#36339)
   ✗ Remove-Item -Recurse -Force destroyed unpushed source (#37331)
   ✗ Entire Mac filesystem deleted during cleanup (#36233)
@@ -29,6 +35,10 @@ Installs 8 safety hooks in ~10 seconds. Blocks `rm -rf /`, prevents pushes to ma
   ✗ API keys committed to public repos via git add .
   ✗ Syntax errors cascading through 30+ files
   ✗ Sessions losing all context with no warning
+  ✗ CLAUDE.md rules silently ignored after context compaction
+  ✗ Claude ran destructive DDL on production database (#46684)
+  ✗ AI executed delete/kill operations on production environment (#46650)
+  ✗ Subagents ignoring all CLAUDE.md rules since v2.1.84 (#40459)
 
   Hooks to install:
 
@@ -47,17 +57,35 @@ Installs 8 safety hooks in ~10 seconds. Blocks `rm -rf /`, prevents pushes to ma
 
 ## Why This Exists
 
-A Claude Code user [lost their entire C:\Users directory](https://github.com/anthropics/claude-code/issues/36339) when `rm -rf` followed NTFS junctions. Another [lost all source code](https://github.com/anthropics/claude-code/issues/37331) when Claude ran `Remove-Item -Recurse -Force *` on a repo. Others had untested code pushed to main at 3am. API keys got committed via `git add .`. Syntax errors cascaded through 30+ files before anyone noticed.
+A user [lost 3,467 files (~7 GB)](https://github.com/anthropics/claude-code/issues/46058) when Claude ran `rm -rf` on their data directory without confirmation. Another [lost their entire C:\Users directory](https://github.com/anthropics/claude-code/issues/36339) when `rm -rf` followed NTFS junctions. Another [lost all source code](https://github.com/anthropics/claude-code/issues/37331) when Claude ran `Remove-Item -Recurse -Force *` on a repo. One user's Claude [ran destructive DDL on a production database](https://github.com/anthropics/claude-code/issues/46684) when asked only to investigate. Another had Claude [execute delete and kill operations on production systems](https://github.com/anthropics/claude-code/issues/46650). Others had untested code pushed to main at 3am. API keys got committed via `git add .`. Syntax errors cascaded through 30+ files before anyone noticed. And [CLAUDE.md rules get silently dropped](https://github.com/anthropics/claude-code/issues/6354) after context compaction — your instructions vanish mid-session.
+
+One user [analyzed 6,852 sessions](https://github.com/anthropics/claude-code/issues/42796) and found the Read:Edit ratio dropped from 6.6 to 2.0 — Claude editing files it never read jumped from 6% to 34%. That issue has over 2,100 reactions. The `read-before-edit` example hook catches this pattern before damage happens.
+
+In April 2026, [$1,446 was transferred without authorization](https://github.com/anthropics/claude-code/issues/46828) when Claude moved funds between exchange accounts. A user [lost $367 and got their account suspended](https://github.com/anthropics/claude-code/issues/47046) from a Claude-generated script. [Physical coordinates were uploaded to a public website](https://github.com/anthropics/claude-code/issues/46910) despite 17 sessions of "no PII" in CLAUDE.md. And [deny rules can be bypassed with 50+ subcommands](https://adversa.ai/blog/claude-code-security-bypass-deny-rules-disabled/).
 
-Claude Code ships with no safety hooks by default. This tool fixes that.
+Claude Code ships with no safety hooks by default. This tool fixes that. ([Standalone guard script](https://gist.github.com/yurukusa/87f51b97bb655357dd148b66109d0c14) for quick setup | [Database protection hooks](https://gist.github.com/yurukusa/ad27e541769992e9e0cd15c1b487a1d2) | [Credential protection hooks](https://gist.github.com/yurukusa/7292ead735df0aa673f0485eba5587f3) | [Fabrication detection hook](https://gist.github.com/yurukusa/03f4bbbab61f7ddf31049cc28a01d0d9) | [Security vulnerability hooks](https://gist.github.com/yurukusa/81f79ae6d760b27c17f2cd642ea846d7))
 
 **Works with Auto Mode.** Claude Code's [Auto Mode sandboxing](https://www.anthropic.com/engineering/claude-code-sandboxing) provides container-level isolation. cc-safe-setup adds process-level hooks as defense-in-depth — catching destructive commands even outside sandboxed environments.
 
+**Works with subagents.** Since v2.1.84, subagents and teammates [don't receive CLAUDE.md](https://github.com/anthropics/claude-code/issues/40459) — your project rules are silently skipped. Hooks operate at the process level, but [subagent tool calls may bypass PreToolUse hooks](https://github.com/anthropics/claude-code/issues/21460) in some configurations. As defense-in-depth, cc-safe-setup installs hooks at the user level (`~/.claude/settings.json`). The `subagent-claudemd-inject` example hook re-injects critical rules into subagent prompts.
+
+### 🚨 Opus 4.7 Crisis (April 2026)
+
+Opus 4.7 broke auto mode's safety classifier — it was [hardcoded to Opus 4.6](https://github.com/anthropics/claude-code/issues/49618). **If you use auto mode with Opus 4.7, dangerous commands run without the built-in safety check.** In 3 days: [50 GB permanently deleted](https://github.com/anthropics/claude-code/issues/49129), [~/.ssh wiped](https://github.com/anthropics/claude-code/issues/49554), [git credentials destroyed](https://github.com/anthropics/claude-code/issues/49539), [shell configs truncated to 0 bytes](https://github.com/anthropics/claude-code/issues/49615). Users report [4x token consumption](https://github.com/anthropics/claude-code/issues/49541) from silent model switches.
+
+**One command to fix it:**
+
+```bash
+npx cc-safe-setup --opus47
+```
+
+Installs 4 hooks targeting known Opus 4.7 regressions. [Full details →](https://yurukusa.github.io/cc-safe-setup/opus-47-survival-guide.html) · [Emergency Defense Kit (Gist)](https://gist.github.com/yurukusa/6747ea655cc5c374a1ec9ed4fba027e4) · [Safety Scanner](https://yurukusa.github.io/cc-safe-setup/opus47-scanner.html)
+
 ## What Gets Installed
 
 | Hook | Prevents | Related Issues |
 |------|----------|----------------|
-| **Destructive Guard** | `rm -rf /`, `git reset --hard`, `git clean -fd`, `git checkout --force`, `sudo` + destructive, PowerShell `Remove-Item -Recurse -Force`, `rd /s /q`, NFS mount detection | [#36339](https://github.com/anthropics/claude-code/issues/36339) [#36640](https://github.com/anthropics/claude-code/issues/36640) [#37331](https://github.com/anthropics/claude-code/issues/37331) |
+| **Destructive Guard** | `rm -rf /`, `git reset --hard`, `git clean -fd`, `git checkout --force`, `sudo` + destructive, PowerShell `Remove-Item -Recurse -Force`, `rd /s /q`, NFS mount detection | [#46058](https://github.com/anthropics/claude-code/issues/46058) [#36339](https://github.com/anthropics/claude-code/issues/36339) [#36640](https://github.com/anthropics/claude-code/issues/36640) [#37331](https://github.com/anthropics/claude-code/issues/37331) |
 | **Branch Guard** | Pushes to main/master + force-push (`--force`) on all branches | |
 | **Secret Guard** | `git add .env`, credential files, `git add .` with .env present | [#6527](https://github.com/anthropics/claude-code/issues/6527) |
 | **Syntax Check** | Python, Shell, JSON, YAML, JS errors after edits | |
@@ -66,10 +94,25 @@ Claude Code ships with no safety hooks by default. This tool fixes that.
 | **cd+git Auto-Approver** | Permission prompt spam for `cd /path && git log` | [#32985](https://github.com/anthropics/claude-code/issues/32985) [#16561](https://github.com/anthropics/claude-code/issues/16561) |
 | **API Error Alert** | Silent session death from rate limits or API errors — desktop notification + log | |
 
-> 📘 Tokens disappearing too fast? [The practical guide](https://zenn.dev/yurukusa/books/6076c23b1cb18b) covers 10 token consumption patterns (cache corruption, excessive reads, compact cycles) and how to detect them — from 700+ hours of autonomous operation. Chapter 3 free.
-
 Each hook exists because a real incident happened without it.
 
+### Free diagnostic tools
+
+| Tool | What it does |
+|------|-------------|
+| **[Token Checkup](https://yurukusa.github.io/cc-safe-setup/token-checkup.html)** | 5 questions → find where your tokens are going (30 seconds) |
+| **[Security Checkup](https://yurukusa.github.io/cc-safe-setup/security-checkup.html)** | 6 questions based on real incidents ($1,800+ in losses) |
+| **[Version Check](https://yurukusa.github.io/cc-safe-setup/version-check.html)** | Is your CC version affected by cache inflation? |
+
+### Go deeper
+
+| Resource | What you get | Price |
+|----------|-------------|-------|
+| **[Token Book](https://yurukusa.github.io/cc-safe-setup/token-book.html)** | Cut token consumption in half. CLAUDE.md templates, hook configs, context management, 32 failure patterns with fixes. 44,000+ words from 800+ hours of real operation data. | ¥2,500 (~$17). Ch.1 free |
+| **[Safety Guide](https://zenn.dev/yurukusa/books/6076c23b1cb18b)** | End-to-end Claude Code safety setup. From first install to overnight autonomous runs. | ¥800 (~$5). Ch.3 free |
+
+**Why pay?** A Max plan costs $200/month. One token waste incident burns 50–80% of your weekly quota in hours ([#46727](https://github.com/anthropics/claude-code/issues/46727)). One `rm -rf` incident costs days of recovery. The Token Book costs less than 2 hours of Max subscription time — and the CLAUDE.md templates alone can reduce consumption by 40%.
+
 ### v2.1.85: `if` Field Support
 
 Hooks now support an `if` field for conditional execution. The hook process only spawns when the command matches the pattern — `ls` won't trigger a git-only hook.
@@ -120,6 +163,7 @@ Guards against issues that corrupt sessions or waste tokens silently.
 | `mcp-warmup-wait` | Waits for MCP servers to initialize on session start (fixes first-turn tool errors) | [#41778](https://github.com/anthropics/claude-code/issues/41778) |
 | `pre-compact-transcript-backup` | Full JSONL backup before compaction (protects against rate-limit data loss) | [#40352](https://github.com/anthropics/claude-code/issues/40352) |
 | `conversation-history-guard` | Blocks access to session JSONL files (prevents 20x cache poisoning) | [#40524](https://github.com/anthropics/claude-code/issues/40524) |
+| `read-before-edit` | Warns when Edit targets a file not recently Read (Read:Edit ratio dropped 70% — [#42796](https://github.com/anthropics/claude-code/issues/42796)) | [#42796](https://github.com/anthropics/claude-code/issues/42796) |
 | `replace-all-guard` | Warns/blocks Edit `replace_all:true` (prevents bulk data corruption) | [#41681](https://github.com/anthropics/claude-code/issues/41681) |
 | `ripgrep-permission-fix` | Auto-fixes vendored ripgrep +x permission on start (fixes broken commands/skills) | [#41933](https://github.com/anthropics/claude-code/issues/41933) |
 
@@ -146,7 +190,7 @@ Guards against issues that corrupt sessions or waste tokens silently.
 | `--scan [--apply]` | Tech stack detection |
 | `--export / --import` | Team config sharing |
 | `--verify` | Test each hook |
-| `--install-example <name>` | Install from 650 examples |
+| `--install-example <name>` | Install from 700 examples |
 | `--examples [filter]` | Browse examples by keyword |
 | `--full` | All-in-one setup |
 | `--status` | Check installed hooks |
@@ -204,6 +248,23 @@ Guards against issues that corrupt sessions or waste tokens silently.
 | Maximum protection mode | `npx cc-safe-setup --safe-mode` |
 | Migrate from Cursor/Windsurf | [Migration Guide](https://yurukusa.github.io/cc-safe-setup/migration-guide.html) |
 
+## Plugin Marketplace
+
+Install safety hooks as Claude Code plugins — no npm required:
+
+```bash
+/plugin marketplace add yurukusa/cc-safe-setup
+/plugin install safety-essentials@cc-safe-setup
+```
+
+| Plugin | What it blocks |
+|---|---|
+| `safety-essentials` | rm -rf, force-push, hard-reset, .env overwrite, npm publish |
+| `git-protection` | Force-push, main/master push, git clean, branch -D |
+| `credential-guard` | .env write/edit, API keys in commands, service account files |
+
+Also listed on [claudemarketplaces.com](https://claudemarketplaces.com).
+
 ## Common Pain Points (from GitHub Issues)
 
 | Problem | Issue | Fix |
@@ -245,7 +306,10 @@ Safe to run multiple times. Existing settings are preserved. A backup is created
 
 **Note:** Hooks are skipped when Claude Code runs with `--bare` or `--dangerously-skip-permissions`. These modes bypass all safety hooks by design.
 
-**Known limitation:** In headless mode (`-p` / `--print`), hook exit code 2 may not block tool execution ([#36071](https://github.com/anthropics/claude-code/issues/36071)). For CI pipelines, use interactive mode with hooks rather than `-p` mode.
+**Known limitations:**
+
+- In headless mode (`-p` / `--print`), hook exit code 2 may not block tool execution ([#36071](https://github.com/anthropics/claude-code/issues/36071)). For CI pipelines, use interactive mode with hooks rather than `-p` mode.
+- `FileChanged` notifications inject file contents into model context **before** hooks can intervene. If a sensitive file (`.env`, `credentials.json`) is modified externally during a session, its contents may appear in the conversation transcript regardless of hooks ([#44909](https://github.com/anthropics/claude-code/issues/44909)). Mitigation: use `dotenv-watch` to get alerted, and avoid editing sensitive files while Claude Code is running.
 
 ## Before / After
 
@@ -285,6 +349,8 @@ cc-safe-setup gives you 8 essential hooks. Want to know what else your setup nee
 
 Run `npx cc-health-check` (free, 20 checks) to see your current score. If it's below 80, the **[Claude Code Ops Kit](https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=github&utm_medium=readme&utm_campaign=safe-setup)** fills the gaps — 6 hooks + 5 templates + 9 scripts + install.sh. Pay What You Want ($0+).
 
+**Starter Kit:** Want hooks + settings + templates in one download? The **[Claude Code Safety Kit](https://yurukusa.itch.io/claude-code-safety-kit)** bundles 5 safety hooks, a pre-configured settings.json, CLAUDE.md templates, and 800-hour operation tips. Name your price ($0+).
+
 Or browse the free hooks: [claude-code-hooks](https://github.com/yurukusa/claude-code-hooks)
 
 ## Examples
@@ -352,7 +418,7 @@ Or browse all available examples in [`examples/`](examples/):
 - **edit-guard.sh** — Block Edit/Write to protected files (defense-in-depth for [#37210](https://github.com/anthropics/claude-code/issues/37210))
 - **auto-approve-build.sh** — Auto-approve npm/yarn/cargo/go/python build, test, and lint commands
 - **auto-approve-docker.sh** — Auto-approve docker build, compose, ps, logs, and other safe commands
-- **block-database-wipe.sh** — Block destructive database commands: Laravel `migrate:fresh`, Django `flush`, Rails `db:drop`, raw `DROP DATABASE` ([#37405](https://github.com/anthropics/claude-code/issues/37405) [#37439](https://github.com/anthropics/claude-code/issues/37439))
+- **block-database-wipe.sh** — Block destructive database commands: Laravel `migrate:fresh`, Django `flush`, Rails `db:drop`, raw `DROP DATABASE` ([#46684](https://github.com/anthropics/claude-code/issues/46684) [#46650](https://github.com/anthropics/claude-code/issues/46650) [#37405](https://github.com/anthropics/claude-code/issues/37405) [#37439](https://github.com/anthropics/claude-code/issues/37439))
 - **auto-approve-python.sh** — Auto-approve pytest, mypy, ruff, black, isort, flake8, pylint commands
 - **auto-snapshot.sh** — Auto-save file snapshots before edits for rollback protection ([#37386](https://github.com/anthropics/claude-code/issues/37386) [#37457](https://github.com/anthropics/claude-code/issues/37457))
 - **allowlist.sh** — Block everything not explicitly approved — inverse permission model ([#37471](https://github.com/anthropics/claude-code/issues/37471))
@@ -429,13 +495,18 @@ See [Issue #1](https://github.com/yurukusa/cc-safe-setup/issues/1) for details.
 
 ## Learn More
 
-- **[Practical Guide (Zenn Book)](https://zenn.dev/yurukusa/books/6076c23b1cb18b)** — Token consumption diagnosis, file loss prevention, autonomous operation safety. 14 chapters from 700+ hours of real incidents. [Chapter 3 free](https://zenn.dev/yurukusa/books/6076c23b1cb18b/viewer/3-code-quality)
+- **[Opus 4.7 Survival Guide](https://yurukusa.github.io/cc-safe-setup/opus-47-survival-guide.html)** — 50 known issues (67+ GitHub Issues + CVEs) with fixes: data loss, recursive spawn DoS, billing mismatch, subagent OOM, cache_read anomaly, allowedTools bypass, 1.7x token inflation, classifier failure, thinking summary bugs, 30-min stalls, and more. [`npx cc-safe-setup --opus47`](#-opus-47-crisis-april-2026)
+- **[Token Book (¥2,500)](https://zenn.dev/yurukusa/books/token-savings-guide)** — Cut token consumption in half. CLAUDE.md optimization, hook-based guards, context management, workflow design. 44,000 words with copy-paste templates. Intro + Ch.1 free. [Details](https://yurukusa.github.io/cc-safe-setup/token-book.html)
+- **[Safety Guide (¥800)](https://zenn.dev/yurukusa/books/6076c23b1cb18b)** — Token consumption diagnosis, file loss prevention, autonomous operation safety. From 800+ hours of real incidents. [Chapter 3 free](https://zenn.dev/yurukusa/books/6076c23b1cb18b/viewer/3-code-quality)
+- **[800 Hours Operation Record (¥800)](https://zenn.dev/yurukusa/books/3c3c3baee85f0a19)** — Non-engineer running Claude Code autonomously for 800 hours. Failures, recovery, revenue reality. [Chapter 2 free](https://zenn.dev/yurukusa/books/3c3c3baee85f0a19/viewer/2-first-failures)
+- **Wiki Guides**: [Token FAQ](https://github.com/yurukusa/cc-safe-setup/wiki/Claude-Code-Token-FAQ) · [CLAUDE.md Best Practices](https://github.com/yurukusa/cc-safe-setup/wiki/CLAUDE-md-Best-Practices) · [Token Optimization](https://github.com/yurukusa/cc-safe-setup/wiki/Token-Optimization-Guide)
 - [Cookbook](COOKBOOK.md) — 26 practical recipes (block, approve, protect, monitor, diagnose)
 - [Official Hooks Reference](https://code.claude.com/docs/en/hooks) — Claude Code hooks documentation
 - [Hooks Cookbook](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 25 recipes from real GitHub Issues ([interactive version](https://yurukusa.github.io/claude-code-hooks/))
 - [Skills Guide deep-dive (Qiita, 19K+ views)](https://qiita.com/yurukusa/items/f69920b4a02cf7e2988c) — Anthropic's official Skills PDF analyzed with 40% token reduction
 - [Japanese guide (Qiita)](https://qiita.com/yurukusa/items/a9714b33f5d974e8f1e8) — この記事の日本語解説
 - [v2.1.85 `if` field guide (Qiita)](https://qiita.com/yurukusa/items/7079866e9dc239fcdd57) — Reduce hook overhead with conditional execution
+- [Deny rules bypass vulnerability (Qiita)](https://qiita.com/yurukusa/items/f9c48bb44569bbf4492e) — 50+ subcommands disable all deny rules; hook-based defense
 - [Hook Test Runner](https://github.com/yurukusa/cc-hook-test) — `npx cc-hook-test <hook.sh>` to auto-test any hook
 - [Hook Registry](https://github.com/yurukusa/cc-hook-registry) — `npx cc-hook-registry search database` ([browse online](https://yurukusa.github.io/cc-hook-registry/))
 - [Hooks Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html) — printable A4 quick reference
@@ -445,6 +516,46 @@ See [Issue #1](https://github.com/yurukusa/cc-safe-setup/issues/1) for details.
 - [How to prevent force-push to main](https://yurukusa.github.io/cc-safe-setup/prevent-force-push.html) — branch protection via hooks
 - [How to prevent secret leaks](https://yurukusa.github.io/cc-safe-setup/prevent-secret-leaks.html) — stop git add . from committing .env
 
+### Free Gists
+
+- [settings.json Complete Template](https://gist.github.com/yurukusa/8ec367cf65042bf9fbd83c35931e7ed1) — copy-paste ready safety configuration
+- [First 3 Safety Steps](https://gist.github.com/yurukusa/72513272be9a4ee29b058e2b08453e1a) — 5-minute safety setup from scratch
+- [CLAUDE.md Before/After](https://gist.github.com/yurukusa/f9d7df5930bfb6d36a25673e69720f7e) — 40% token reduction through better writing patterns
+- [Token Savings Cheat Card](https://gist.github.com/yurukusa/cfe44bfbb3756eccaf51660466913a2d) — 5 techniques to cut consumption in half
+- [Token Consumption Checklist](https://gist.github.com/yurukusa/db8700a9f9fa331d36664df2868274cb) — 10-item diagnostic
+- [Outage Survival Kit](https://gist.github.com/yurukusa/a0e31171eecb527d0df1d5498bf5f5d0) — what to do when Claude Code is down
+- [CLAUDE.md Token Optimizer](https://gist.github.com/yurukusa/2b98fd2e90c0c13f6918c9f915e08e27) — 35-line template, 40% token reduction (800h tested)
+- [Worktree Safety Hooks](https://gist.github.com/yurukusa/98bd43c5d0d8a6ebbf2cf21bfc1e2907) — 3 hooks to protect against worktree deletion and cross-tree destruction
+- [Opus 4.7 Emergency Checklist](https://gist.github.com/yurukusa/c95efaee4b670e067369ece08092960c) — token burn diagnosis + immediate fixes
+- [Cache TTL Mitigation Guide](https://gist.github.com/yurukusa/178d3949cd2bd6fbfc275b408f9711d4) — #46829 cache TTL change (1h→5m) impact and 4 mitigations
+- [Security Checkup Hooks](https://gist.github.com/yurukusa/81f79ae6d760b27c17f2cd642ea846d7) — 4 hooks for financial, PII, deny bypass, and background task protection
+- [Cache Breakage Fix](https://gist.github.com/yurukusa/fe6ba0a6aee14207f27ecc84419878b4) — 2 root causes of prompt cache invalidation (#47107 git status, #47098 session restart)
+- [CLAUDE.md Token Optimization Cheat Sheet](https://gist.github.com/yurukusa/556f67c493a2729ce9b1703f5003a227) — 5 CLAUDE.md patterns that reduce token consumption with before/after examples
+- [Token Troubleshooting Guide](https://gist.github.com/yurukusa/47b8c3eadb77cf74946f450f992ddac2) — fix quota drain, cache bugs, 1M context trap. Symptom-based diagnosis with latest issue references
+- [Token Optimization Guide (English)](https://gist.github.com/yurukusa/70ff830c0ad3dff83e53be26cd80bd0a) — 3 biggest token levers with hook code, practical walkthrough
+- [Token Book Sampler: 5 Techniques](https://gist.github.com/yurukusa/4a867ba301b480f996c5b76e4b6a6fbc) — free preview of the Token Book — 5 immediate techniques to reduce consumption
+- [Token Optimization Checklist](https://gist.github.com/yurukusa/4b75025beee916f9904f56b79eeb1217) — 10-step checklist to cut token consumption in half, with hook configs
+- [3 Things That Actually Work](https://gist.github.com/yurukusa/621f6d1cc35816df3da2e07876b44e16) — CLAUDE.md sizing, cache TTL, subagent control — based on 800h data
+- [Cache TTL Diagnostic](https://gist.github.com/yurukusa/3a5bdcfdd295bef17b3ee00978b299f2) — 3 patterns that break prompt cache + fixes
+- [Token Book Ch.1 Free Preview](https://gist.github.com/yurukusa/de862573f18d1a0a68d411b696dbcb73) — Where are your Claude Code tokens going? The 4 layers of token consumption explained
+- [Deny Rules Break After 50 Subcommands](https://gist.github.com/yurukusa/0463d240d7b725218289a556414c72a5) — the hook that fixes Claude Code's deny rule bypass vulnerability
+- [Opus 4.7 Emergency Kit](https://gist.github.com/yurukusa/1970b20fed95a682b72eb6e857e61d30) — 5 commands to protect your data from Opus 4.7 regressions (auto mode broken, 23+ data loss incidents)
+- [cache_read Billing Bug Guide](https://gist.github.com/yurukusa/d5dc731dbc69e3ca92d69832bed641cb) — Opus 4.7 cache_read billed at full rate. Anthropic confirmed. Max plan users losing quota 3-6x faster
+- [Opus 4.7 Survival Guide Summary](https://gist.github.com/yurukusa/5d66f0bcfe3fbfc73e6db106e10c533d) — 50 known issues with quick reference table, free diagnostic tools, and one-command fix
+- [Opus 4.7 Known Issues Quick Reference](https://gist.github.com/yurukusa/2c1effab34a7554130d2704fdac59dff) — 26 issues / 43+ GitHub bugs in one table. Severity ratings and direct issue links
+- [4 New Critical Issues (April 18)](https://gist.github.com/yurukusa/37c19b5b7f50fd8bbbeda5e1336c352e) — DoS via recursive spawn, subagent OOM, billing mismatch, UI/CLI model mismatch
+- [トークン消費を半分にする方法](https://gist.github.com/yurukusa/bf4040a905148d9ca02898a53185fae1) — 800時間の実測データ＋設定テンプレート（日本語）
+- [How to Cut Token Usage in Half](https://gist.github.com/yurukusa/704d5cf9874f553dad5c46fccf53b09f) — 800h real data + config templates (English)
+- [Compaction Triple Threat](https://gist.github.com/yurukusa/aa15f2065199c6fac4dcd3796fbaf90f) — 3 compaction bugs active simultaneously (#50402 + #50467 + #50492)
+- [Sandbox Relative Path Bug (CRITICAL)](https://gist.github.com/yurukusa/a98efb6c561f92c82bcd49125af3b32a) — denyWrite/denyRead silently ignores relative paths (#50454)
+- [27 Token Symptoms Quick Reference](https://gist.github.com/yurukusa/03a379854fa0f8eca091a75f7aab593b) — all 27 known token failure modes with top 5 killers table and April 2026 new symptoms
+- [Token Saving Checklist (15 Items)](https://gist.github.com/yurukusa/6bd0d0a38a4887fc36475dd1f765ecd1) — ordered by impact: critical (30-50%), important (10-20%), good practice (5-10%)
+- [Opus 4.7 Survival Cheatsheet](https://gist.github.com/yurukusa/f2d6e261338eeda70f0ed9507f995c13) — 46 known problems, quick fixes under 60 seconds, full reference table
+
+### Professional Services
+
+Need help configuring Claude Code safely? [**Safety Setup Service**](https://yurukusa.github.io/cc-safe-setup/services.html) — audit, token optimization, and custom hooks by the cc-safe-setup team.
+
 ## FAQ
 
 **Q: I installed hooks but Claude says "Unknown skill: claude-code-hooks:setup"**
@@ -471,6 +582,14 @@ Since v2.1.78, protected directories always prompt regardless of permission mode
 
 `allow` takes precedence over `ask`. If you allow all Bash, ask rules are ignored ([#6527](https://github.com/anthropics/claude-code/issues/6527)). Use PreToolUse hooks to block dangerous commands instead of relying on the ask/allow priority system.
 
+**Q: Hooks silently fail on macOS (Homebrew `jq` not found)**
+
+Claude Code runs hooks with a restricted PATH that excludes `/opt/homebrew/bin` ([#46954](https://github.com/anthropics/claude-code/issues/46954)). If `jq` is installed via Homebrew, hooks silently exit 0. Fix: add `export PATH="/opt/homebrew/bin:$PATH"` at the top of your hook script, or use absolute paths like `/opt/homebrew/bin/jq`. Inline hooks in `settings.json` may also be affected — add a PATH export prefix: `export PATH="/opt/homebrew/bin:$PATH"; INPUT=$(cat); ...`
+
+**Q: How is this different from [claude-token-efficient](https://github.com/drona23/claude-token-efficient)?**
+
+Different goals. claude-token-efficient optimizes CLAUDE.md to make Claude's responses shorter and cheaper. cc-safe-setup prevents dangerous operations (file deletion, credential leaks, force-push). They work well together: use claude-token-efficient for cost reduction, cc-safe-setup for safety. For comprehensive token optimization beyond CLAUDE.md (hooks, context management, workflow design), see the [Token Book](https://yurukusa.github.io/cc-safe-setup/token-book.html).
+
 **Still stuck?** See the full [Permission Troubleshooting Flowchart](https://gist.github.com/yurukusa/b64217ffcb908fa309dbfcfa368cd84d) for step-by-step diagnosis.
 
 ## Contributing
@@ -486,6 +605,8 @@ Since v2.1.78, protected directories always prompt regardless of permission mode
 
 **Share your experience:** Used cc-safe-setup and have feedback? Open a discussion or comment on any issue. We read everything.
 
+If cc-safe-setup saved you from a disaster (or just saved you time), a ⭐ helps others find it too.
+
 ## Also by yurukusa
 
 - [quiet life](https://yurukusa.github.io/quiet-life/) — Touch the dark. Something alive appears

package/SETTINGS_REFERENCE.md

@@ -280,3 +280,5 @@ Run `npx cc-safe-setup --doctor` for automated diagnosis.
 - [COOKBOOK.md](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 20 hook recipes
 - [Migration Guide](MIGRATION.md) — from permissions to hooks
 - [Ecosystem Comparison](https://yurukusa.github.io/cc-safe-setup/ecosystem.html) — all hook projects
+- [Token Checkup](https://yurukusa.github.io/cc-safe-setup/token-checkup.html) — free 30-second token diagnostic
+- [Token Book](https://zenn.dev/yurukusa/books/token-savings-guide) — cut your token consumption in half (¥2,500, chapter 1 free)

package/SKILL.md

@@ -0,0 +1,47 @@
+---
+name: cc-safe-setup
+description: Safety hooks for Claude Code — 700 pre-built hooks that prevent file deletion, credential leaks, git disasters, and token waste during autonomous AI coding sessions. 9,200+ tests. Install with npx cc-safe-setup.
+---
+
+# cc-safe-setup
+
+Safety-first configuration for Claude Code. Prevents the accidents that happen when AI writes code autonomously.
+
+## What it does
+
+Installs pre-built safety hooks into your Claude Code environment. These hooks run automatically before/after tool calls to block dangerous operations.
+
+**Categories:**
+- **File protection**: Block `rm -rf`, prevent overwriting files outside project
+- **Git safety**: Prevent force-push to main, block `reset --hard`
+- **Credential guards**: Stop `.env` files from being committed or read by AI
+- **Token optimization**: Warn on large file reads, limit subagent spawning
+- **Quality gates**: Detect lazy rewrites, verify claims before committing
+
+## Quick start
+
+```bash
+npx cc-safe-setup
+```
+
+This runs an interactive wizard that configures hooks based on your risk profile.
+
+## Install individual hooks
+
+```bash
+npx cc-safe-setup --install-example large-read-guard
+npx cc-safe-setup --install-example prevent-rm-rf
+npx cc-safe-setup --install-example git-force-push-block
+```
+
+## Why hooks instead of CLAUDE.md rules
+
+Rules in CLAUDE.md are suggestions — Claude can forget them. Hooks are enforced at the system level. A hook that blocks `rm -rf` cannot be overridden by the AI.
+
+From 800+ hours of autonomous operation: the hooks that matter most are the ones you don't notice until something goes wrong.
+
+## Resources
+
+- Repository: https://github.com/yurukusa/cc-safe-setup
+- Hook Selector (find hooks for your setup): https://yurukusa.github.io/cc-safe-setup/hook-selector.html
+- Token Checkup (diagnose waste): https://yurukusa.github.io/cc-safe-setup/token-checkup.html

package/TROUBLESHOOTING.md

@@ -335,6 +335,32 @@ This prevents `ToolSearch` deferred loading and preserves the cache prefix acros
 
 **Related issues**: [#41249](https://github.com/anthropics/claude-code/issues/41249), [#41788](https://github.com/anthropics/claude-code/issues/41788), [#38335](https://github.com/anthropics/claude-code/issues/38335), [#40524](https://github.com/anthropics/claude-code/issues/40524), [#41617](https://github.com/anthropics/claude-code/issues/41617)
 
+## Multiple Hook Sources: stdin Race Condition
+
+**Symptom**: Safety hooks appear installed but don't block dangerous commands. No errors, no warnings — hooks just silently allow everything.
+
+**Root cause**: When multiple `PreToolUse` hooks match the same tool (e.g., two hooks both matching `Bash`), only the first hook receives stdin. The second hook gets empty input, all guard conditions fail, and it exits 0 (allow). This is an upstream Claude Code bug ([#42702](https://github.com/anthropics/claude-code/issues/42702)).
+
+**When this happens**:
+- cc-safe-setup hooks + another hook provider (e.g., project-level `.claude/settings.json` hooks)
+- cc-safe-setup hooks + manually added hooks in `~/.claude/settings.json` that match the same trigger
+
+**When this does NOT happen**:
+- cc-safe-setup is the only hook source (default install)
+
+**How to verify your hooks receive input**:
+
+Add a temporary debug line to the top of a hook:
+
+```bash
+INPUT=$(cat)
+echo "DEBUG: input length = ${#INPUT}" >&2
+```
+
+If you see `input length = 0`, that hook is not receiving stdin.
+
+**Workaround**: Ensure only one hook source matches each trigger+matcher combination. If you need multiple hooks on the same trigger, combine them into a single script.
+
 ## Still Stuck?
 
 1. Wrap the hook with debug wrapper: `npx cc-safe-setup --install-example hook-debug-wrapper`

package/examples/README.md

@@ -1,6 +1,6 @@
 # Example Hooks
 
-518 installable hooks. Each solves a real problem from GitHub Issues or autonomous operation. 7,603 tests.
+675 installable hooks. Each solves a real problem from GitHub Issues or autonomous operation. 9,200+ tests.
 
 ```bash
 npx cc-safe-setup --install-example <name>   # install one
@@ -39,6 +39,16 @@ npx cc-safe-setup --shield                    # install recommended set
 - [OWASP MCP Top 10 Defense](https://yurukusa.github.io/cc-safe-setup/owasp-mcp-hooks.html)
 - [COOKBOOK](../COOKBOOK.md)
 
+## Token Optimization
+
+Using too many tokens? These hooks help monitor and reduce consumption:
+
+- **`token-budget-guard`** — Alert when session exceeds token budget
+- **`large-read-guard`** — Block reading files over 1000 lines
+- **`context-monitor`** — Track context window usage
+
+For a complete guide: [Token Book](https://zenn.dev/yurukusa/books/token-savings-guide) — cut token consumption in half with templates and measured data (¥2,500, chapter 1 free). Or try the [free diagnostic](https://yurukusa.github.io/cc-safe-setup/token-checkup.html).
+
 ## Write Your Own
 
 See [CONTRIBUTING.md](../CONTRIBUTING.md).

package/examples/activity-logger.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+# activity-logger.sh — Log all tool uses to JSONL for audit and debugging
+#
+# Solves: "What did Claude do overnight?" — no activity trail after long sessions
+# Also useful for: error tracking, cost analysis, compliance auditing
+#
+# Records every tool call with timestamp, tool name, and key metadata.
+# Error patterns in Bash output are flagged for downstream guards.
+#
+# Usage: Add to settings.json as a PostToolUse hook
+#
+# {
+#   "hooks": {
+#     "PostToolUse": [{
+#       "matcher": "",
+#       "hooks": [{ "type": "command", "command": "bash ~/.claude/hooks/activity-logger.sh" }]
+#     }]
+#   }
+# }
+#
+# Output: ~/.claude/activity-log.jsonl
+# Each line is a JSON object with ts, tool, and tool-specific fields.
+
+set -u
+
+INPUT=$(cat)
+TOOL=$(printf '%s' "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+[ -z "$TOOL" ] && exit 0
+
+LOG_FILE="${HOME}/.claude/activity-log.jsonl"
+TS=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+case "$TOOL" in
+  Edit|Write)
+    FILE=$(printf '%s' "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+    printf '{"ts":"%s","tool":"%s","file":"%s"}\n' "$TS" "$TOOL" "$FILE" >> "$LOG_FILE"
+    ;;
+  Bash)
+    CMD=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null | head -c 200)
+    STDOUT=$(printf '%s' "$INPUT" | jq -r '.stdout // empty' 2>/dev/null | head -c 500)
+    EXIT_CODE=$(printf '%s' "$INPUT" | jq -r '.tool_result.exit_code // "0"' 2>/dev/null)
+    ERROR_PATTERN=""
+    if echo "$STDOUT" | grep -qiE '(error|ENOENT|EACCES|EPERM|fatal|panic|segfault)'; then
+      ERROR_PATTERN=$(echo "$STDOUT" | grep -oiE '(error|ENOENT|EACCES|EPERM|fatal|panic|segfault)' | head -1)
+    fi
+    printf '{"ts":"%s","tool":"%s","cmd":"%s","exit_code":%s,"error_pattern":"%s"}\n' \
+      "$TS" "$TOOL" "$(echo "$CMD" | tr '"' "'")" "$EXIT_CODE" "$ERROR_PATTERN" >> "$LOG_FILE"
+    ;;
+  Read)
+    FILE=$(printf '%s' "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+    printf '{"ts":"%s","tool":"%s","file":"%s"}\n' "$TS" "$TOOL" "$FILE" >> "$LOG_FILE"
+    ;;
+  *)
+    printf '{"ts":"%s","tool":"%s"}\n' "$TS" "$TOOL" >> "$LOG_FILE"
+    ;;
+esac
+
+exit 0

package/examples/allow-claude-settings.sh

@@ -25,8 +25,9 @@ if echo "$FILE_PATH" | grep -qE '\.claude/'; then
   jq -n '{
     hookSpecificOutput: {
       hookEventName: "PermissionRequest",
-      permissionDecision: "allow",
-      permissionDecisionReason: "Allowed: .claude/ directory (isolated environment)"
+      decision: {
+        behavior: "allow"
+      }
     }
   }'
   exit 0

package/examples/allow-git-hooks-dir.sh

@@ -21,8 +21,9 @@ if echo "$FILE_PATH" | grep -qE '\.git/hooks/[^/]+$'; then
   jq -n '{
     hookSpecificOutput: {
       hookEventName: "PermissionRequest",
-      permissionDecision: "allow",
-      permissionDecisionReason: "Allowed: git hooks directory"
+      decision: {
+        behavior: "allow"
+      }
     }
   }'
   exit 0

package/examples/allow-protected-dirs.sh

@@ -24,8 +24,9 @@ if echo "$FILE_PATH" | grep -qE '\.(claude|git|vscode|idea)/'; then
   jq -n '{
     hookSpecificOutput: {
       hookEventName: "PermissionRequest",
-      permissionDecision: "allow",
-      permissionDecisionReason: "Allowed: protected directory (full bypass)"
+      decision: {
+        behavior: "allow"
+      }
     }
   }'
   exit 0

package/examples/auto-approve-compound-git.sh

@@ -15,6 +15,9 @@
 # See: https://github.com/anthropics/claude-code/issues/30519
 # See: https://github.com/anthropics/claude-code/issues/16561
 #
+# Auto-approve hooks reduce token waste from permission prompts.
+# For more token optimization patterns: https://zenn.dev/yurukusa/books/token-savings-guide
+#
 # TRIGGER: PermissionRequest  MATCHER: ""
 
 INPUT=$(cat)