cc-safe-setup 29.6.40 → 29.8.0

package/examples/system-dir-protection-guard.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+# system-dir-protection-guard.sh — Block destructive operations on system directories
+#
+# Solves: Agent deleting or moving system-level directories in auto mode
+#   - #49554: Auto mode approved deletion of system directories
+#   - #49129: rm -rf on /home subdirectories causing 50GB data loss
+#
+# Difference from existing hooks:
+#   rm-safety-net.sh:    Blocks rm on critical paths, but only rm commands
+#   home-critical-bash-guard.sh: Protects ~/dotfiles only
+#   This hook: Blocks rm, mv, chmod -R, chown -R on ALL system directories
+#              including /home/*, /usr, /etc, /var, /opt, /root, /boot, /srv
+#              Also blocks mv of system dirs (not covered by rm-safety-net)
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+
+set -euo pipefail
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Check if a path is a protected system directory
+is_system_dir() {
+    local path="$1"
+    # Remove trailing slash
+    path="${path%/}"
+
+    # Expand ~ to $HOME
+    if [[ "$path" == "~"* ]]; then
+        path="${HOME}${path#\~}"
+    fi
+
+    # Top-level system directories
+    case "$path" in
+        /|/home|/etc|/usr|/var|/opt|/root|/boot|/srv|/sys|/proc)
+            return 0 ;;
+    esac
+
+    # /home/<username> (1 level deep)
+    if echo "$path" | grep -qE '^/home/[^/]+$'; then
+        return 0
+    fi
+
+    # System subdirectories (e.g., /etc/nginx, /usr/local, /var/lib)
+    if echo "$path" | grep -qE '^/(etc|usr|var|opt|root|boot|srv|sys|proc)/'; then
+        return 0
+    fi
+
+    # Critical home directories: ~/.ssh, ~/.config, ~/.local, ~/.gnupg, ~/.cache
+    if echo "$path" | grep -qE "^${HOME}/\.(ssh|config|local|gnupg|cache)(/[^/]*)?$"; then
+        return 0
+    fi
+
+    return 1
+}
+
+# --- rm / unlink on system directories ---
+if echo "$COMMAND" | grep -qE '^\s*(sudo\s+)?(rm|unlink)\s'; then
+    # Extract targets after rm and flags
+    TARGETS=$(echo "$COMMAND" | grep -oP '(rm|unlink)\s+(-[a-zA-Z]+\s+)*\K[^;|&]+' 2>/dev/null || true)
+    for target in $TARGETS; do
+        if is_system_dir "$target"; then
+            echo "BLOCKED: Destructive operation on system directory: $target" >&2
+            echo "Command: $COMMAND" >&2
+            echo "" >&2
+            echo "System directories must not be deleted. Use specific file paths instead." >&2
+            echo "See: https://github.com/anthropics/claude-code/issues/49554" >&2
+            exit 2
+        fi
+    done
+fi
+
+# --- mv (moving system directories) ---
+if echo "$COMMAND" | grep -qE '^\s*(sudo\s+)?mv\s'; then
+    # Get the source of the mv (first non-flag argument)
+    MV_SOURCE=$(echo "$COMMAND" | grep -oP 'mv\s+(-[a-zA-Z]+\s+)*\K\S+' 2>/dev/null || true)
+    if is_system_dir "$MV_SOURCE"; then
+        echo "BLOCKED: Moving system directory: $MV_SOURCE" >&2
+        echo "Command: $COMMAND" >&2
+        echo "" >&2
+        echo "System directories must not be moved." >&2
+        echo "See: https://github.com/anthropics/claude-code/issues/49554" >&2
+        exit 2
+    fi
+fi
+
+# --- chmod -R / chown -R on system directories ---
+if echo "$COMMAND" | grep -qE '^\s*(sudo\s+)?(chmod|chown)\s+.*-R'; then
+    TARGETS=$(echo "$COMMAND" | grep -oP '(chmod|chown)\s+[^;|&]+' 2>/dev/null | awk '{print $NF}' || true)
+    for target in $TARGETS; do
+        if is_system_dir "$target"; then
+            echo "BLOCKED: Recursive permission change on system directory: $target" >&2
+            echo "Command: $COMMAND" >&2
+            exit 2
+        fi
+    done
+fi
+
+exit 0

package/examples/thinking-display-enforcer.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+# thinking-display-enforcer.sh — Opus 4.7 thinking summaries消失を検知
+# Why: Opus 4.7でthinking displayのデフォルトがsummarized→omittedに変更された(#49268, 17👍)
+# セッション開始時にモデルを確認し、Opus 4.7でthinkingが非表示の場合に警告する
+# Event: Notification (セッション開始時に確認)
+# Fix: claude --thinking-display summarized
+
+# チェック頻度制御（100回に1回）
+COUNTER_FILE="/tmp/thinking-display-check-counter"
+COUNT=$(cat "$COUNTER_FILE" 2>/dev/null || echo "0")
+COUNT=$((COUNT + 1))
+echo "$COUNT" > "$COUNTER_FILE"
+[ $((COUNT % 100)) -ne 1 ] && exit 0
+
+# settings.jsonにthinking display設定があるか確認
+SETTINGS_FILE="${HOME}/.claude/settings.json"
+if [ -f "$SETTINGS_FILE" ]; then
+    HAS_THINKING=$(grep -c "showThinkingSummaries\|thinkingDisplay" "$SETTINGS_FILE" 2>/dev/null || echo "0")
+    if [ "$HAS_THINKING" -eq 0 ]; then
+        echo "INFO: Opus 4.7ではthinking summariesがデフォルトで非表示です。" >&2
+        echo "修正: claude --thinking-display summarized で起動するか、settings.jsonに設定を追加してください。" >&2
+        echo "詳細: https://github.com/anthropics/claude-code/issues/49268" >&2
+    fi
+fi
+exit 0

package/examples/thinking-stall-detector.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+# thinking-stall-detector.sh — Detect when Claude's thinking phase stalls
+#
+# Solves: #51092 — Sonnet 4.6 thinking ran for 25 minutes, consuming
+#         16M+ tokens. User lost entire token allowance to a single
+#         reasoning phase that never produced output.
+#
+# HOW IT WORKS:
+#   Tracks time between consecutive tool calls. If the gap exceeds
+#   a threshold (default 5 minutes), it means Claude was "thinking"
+#   without taking any action — likely a reasoning stall.
+#
+#   On detection, logs a warning with the stall duration and suggests
+#   the user interrupt with Ctrl+C.
+#
+# WHY THIS MATTERS:
+#   During thinking, tokens are consumed but no hooks fire. This hook
+#   fires on the NEXT tool call after the stall, so it can't prevent
+#   the stall itself — but it alerts the user that one occurred, so
+#   they can watch for it happening again and interrupt early.
+#
+# TRIGGER: PreToolUse  MATCHER: ""
+# Also works as: Notification (fires on status changes)
+#
+# CONFIGURATION:
+#   CC_STALL_WARN_SECS=300    warn after 5-minute gap (default)
+#   CC_STALL_LOG=/tmp/cc-thinking-stalls.log
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+STATE_FILE="/tmp/cc-thinking-stall-last-call"
+LOG_FILE="${CC_STALL_LOG:-/tmp/cc-thinking-stalls.log}"
+WARN_SECS="${CC_STALL_WARN_SECS:-300}"
+
+NOW=$(date +%s)
+
+# Read last tool call timestamp
+LAST=$(cat "$STATE_FILE" 2>/dev/null || echo "$NOW")
+
+# Update timestamp
+echo "$NOW" > "$STATE_FILE"
+
+# Calculate gap
+GAP=$((NOW - LAST))
+
+if [ "$GAP" -ge "$WARN_SECS" ]; then
+    MINUTES=$((GAP / 60))
+    REMAINDER=$((GAP % 60))
+
+    # Log the stall
+    echo "$(date -Iseconds) STALL ${MINUTES}m${REMAINDER}s before tool=$TOOL" >> "$LOG_FILE"
+
+    # Warn the user
+    echo "⚠️ Thinking stall detected: ${MINUTES}m${REMAINDER}s with no tool activity." >&2
+    echo "This may indicate a reasoning loop consuming tokens silently." >&2
+    echo "If this happens again, press Ctrl+C to interrupt." >&2
+    echo "See #51092: 25-minute thinking stall consumed 16M tokens." >&2
+fi
+
+exit 0

package/examples/tool-retry-budget-guard.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+# tool-retry-budget-guard.sh — Stop Claude from wasting tokens on repeated failures
+#
+# Solves: #50986 — Claude fails simple UI change after 10+ attempts, wastes entire
+#         token budget. Also prevents retry spirals on any file.
+#
+# Tracks consecutive tool calls (Edit, Write, Bash) targeting the same file.
+# After 5 attempts, blocks further edits and forces a different approach.
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+
+case "$TOOL" in
+  Edit|Write) ;;
+  *) exit 0 ;;
+esac
+
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Use file hash as state key
+HASH=$(echo "$FILE" | md5sum | cut -c1-8)
+STATE_DIR="/tmp/.cc-retry-budget"
+mkdir -p "$STATE_DIR"
+STATE_FILE="$STATE_DIR/$HASH"
+
+# Track attempt count and timestamp
+NOW=$(date +%s)
+COUNT=1
+
+if [ -f "$STATE_FILE" ]; then
+    PREV_TIME=$(head -1 "$STATE_FILE" 2>/dev/null || echo "0")
+    PREV_COUNT=$(tail -1 "$STATE_FILE" 2>/dev/null || echo "0")
+
+    # Reset if more than 5 minutes since last attempt (new task)
+    ELAPSED=$(( NOW - PREV_TIME ))
+    if [ "$ELAPSED" -lt 300 ]; then
+        COUNT=$(( PREV_COUNT + 1 ))
+    fi
+fi
+
+printf '%s\n%s\n' "$NOW" "$COUNT" > "$STATE_FILE"
+
+if [ "$COUNT" -ge 7 ]; then
+    echo "BLOCKED: You've attempted to modify $(basename "$FILE") $COUNT times in the last 5 minutes." >&2
+    echo "  This pattern wastes tokens. Stop and try a completely different approach:" >&2
+    echo "  1. Read the file first to understand current state" >&2
+    echo "  2. Use a different strategy (smaller change, different tool)" >&2
+    echo "  3. If stuck, explain the problem and ask for help" >&2
+    rm -f "$STATE_FILE"
+    exit 2
+elif [ "$COUNT" -ge 5 ]; then
+    echo "WARNING: $COUNT consecutive edits to $(basename "$FILE") — approaching retry limit (7)." >&2
+    echo "  Consider reading the file to verify your assumptions before the next attempt." >&2
+fi
+
+exit 0

package/examples/worktree-branch-pollution-detector.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# worktree-branch-pollution-detector.sh — worktreeが親ブランチを汚染していないか検知
+# Why: サブエージェントのworktree操作が親リポを予期しないブランチに移動させ、
+#      意図しないcommit-to-mainが発生する。1週間で3回の事故報告あり (#50207)
+# Event: PostToolUse  MATCHER: Bash
+# Action: 現在のブランチが期待値と異なる場合に警告
+
+INPUT=$(cat)
+
+# 期待ブランチ（セッション開始時に記録）
+EXPECTED_BRANCH_FILE="/tmp/cc-expected-branch-$(pwd | md5sum | cut -c1-8)"
+
+# git管理下でなければスキップ
+git rev-parse --is-inside-work-tree >/dev/null 2>&1 || exit 0
+
+CURRENT_BRANCH=$(git branch --show-current 2>/dev/null)
+[ -z "$CURRENT_BRANCH" ] && exit 0
+
+# 初回実行時はブランチを記録
+if [ ! -f "$EXPECTED_BRANCH_FILE" ]; then
+  echo "$CURRENT_BRANCH" > "$EXPECTED_BRANCH_FILE"
+  exit 0
+fi
+
+EXPECTED_BRANCH=$(cat "$EXPECTED_BRANCH_FILE" 2>/dev/null)
+
+if [ "$CURRENT_BRANCH" != "$EXPECTED_BRANCH" ]; then
+  echo "⚠ BRANCH CHANGED: Expected '$EXPECTED_BRANCH' but now on '$CURRENT_BRANCH'" >&2
+  echo "This may be caused by a worktree or subagent switching your branch." >&2
+  echo "Run 'git checkout $EXPECTED_BRANCH' to return. See: #50207" >&2
+  # 新しいブランチを記録（意図的な切替かもしれない）
+  echo "$CURRENT_BRANCH" > "$EXPECTED_BRANCH_FILE"
+fi
+
+exit 0

package/examples/worktree-create-log.sh

@@ -0,0 +1,6 @@
+LOGFILE="${HOME}/.claude/worktree-audit.log"
+INFO=$(cat)
+BRANCH=$(echo "$INFO" | jq -r '.branch // "unknown"' 2>/dev/null)
+PATH_WT=$(echo "$INFO" | jq -r '.path // "unknown"' 2>/dev/null)
+echo "[$(date '+%Y-%m-%d %H:%M:%S')] CREATE branch=$BRANCH path=$PATH_WT" >> "$LOGFILE"
+exit 0

package/examples/worktree-hook-linker.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+# worktree-hook-linker.sh — Auto-link settings to worktrees
+#
+# Solves: In git worktrees, .claude/settings.json is not found because
+# worktrees share .git but not the working directory. All hooks
+# become silently disabled. (#46808)
+#
+# How it works: On SessionStart, checks if the current directory is a
+# git worktree. If so, creates a symlink from the worktree's
+# .claude/settings.json to the main tree's settings. This ensures
+# hooks work identically in worktrees.
+#
+# {
+#   "hooks": {
+#     "Notification": [{
+#       "matcher": "SessionStart",
+#       "hooks": [{ "type": "command", "command": "~/.claude/hooks/worktree-hook-linker.sh" }]
+#     }]
+#   }
+# }
+#
+# TRIGGER: Notification
+# MATCHER: "SessionStart"
+
+# Detect if we're in a git worktree
+GITDIR=$(git rev-parse --git-dir 2>/dev/null) || exit 0
+echo "$GITDIR" | grep -q "worktrees" || exit 0
+
+# We're in a worktree — find the main working tree
+MAIN_GITDIR=$(git rev-parse --path-format=absolute --git-common-dir 2>/dev/null) || exit 0
+MAIN_WORKDIR=$(echo "$MAIN_GITDIR" | sed 's|/.git$||')
+
+MAIN_CLAUDE_DIR="$MAIN_WORKDIR/.claude"
+LOCAL_CLAUDE_DIR=".claude"
+
+# Skip if main tree has no .claude directory
+[ -d "$MAIN_CLAUDE_DIR" ] || exit 0
+
+# Create .claude directory in worktree if needed
+mkdir -p "$LOCAL_CLAUDE_DIR" 2>/dev/null
+
+# Link settings files if they exist in main but not in worktree
+for f in settings.json settings.local.json; do
+    MAIN_FILE="$MAIN_CLAUDE_DIR/$f"
+    LOCAL_FILE="$LOCAL_CLAUDE_DIR/$f"
+
+    [ ! -f "$MAIN_FILE" ] && continue
+
+    if [ ! -e "$LOCAL_FILE" ]; then
+        ln -s "$MAIN_FILE" "$LOCAL_FILE"
+        echo "Linked $f from main tree → worktree (hooks now active)" >&2
+    elif [ -L "$LOCAL_FILE" ]; then
+        # Already a symlink — verify it points to the right place
+        TARGET=$(readlink -f "$LOCAL_FILE" 2>/dev/null)
+        EXPECTED=$(readlink -f "$MAIN_FILE" 2>/dev/null)
+        if [ "$TARGET" != "$EXPECTED" ]; then
+            rm "$LOCAL_FILE"
+            ln -s "$MAIN_FILE" "$LOCAL_FILE"
+            echo "Re-linked $f (was pointing to wrong location)" >&2
+        fi
+    fi
+done
+
+# Also link hooks directory if it exists
+MAIN_HOOKS="$MAIN_CLAUDE_DIR/hooks"
+LOCAL_HOOKS="$LOCAL_CLAUDE_DIR/hooks"
+if [ -d "$MAIN_HOOKS" ] && [ ! -e "$LOCAL_HOOKS" ]; then
+    ln -s "$MAIN_HOOKS" "$LOCAL_HOOKS"
+    echo "Linked hooks/ directory from main tree → worktree" >&2
+fi
+
+exit 0

package/examples/worktree-remove-uncommitted-guard.sh

@@ -0,0 +1,20 @@
+INFO=$(cat)
+PATH_WT=$(echo "$INFO" | jq -r '.path // empty' 2>/dev/null)
+[ -z "$PATH_WT" ] && exit 0
+[ ! -d "$PATH_WT" ] && exit 0
+cd "$PATH_WT" 2>/dev/null || exit 0
+DIRTY=$(git status --porcelain 2>/dev/null | wc -l)
+if [ "$DIRTY" -gt 0 ]; then
+    echo "BLOCKED: Worktree at $PATH_WT has $DIRTY uncommitted change(s)." >&2
+    echo "Commit or stash changes before removing." >&2
+    exit 2
+fi
+BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
+if [ -n "$BRANCH" ]; then
+    UNPUSHED=$(git log --oneline "origin/$BRANCH..$BRANCH" 2>/dev/null | wc -l)
+    if [ "$UNPUSHED" -gt 0 ]; then
+        echo "WARNING: $UNPUSHED unpushed commit(s) on $BRANCH." >&2
+        echo "Push before removing: git push origin $BRANCH" >&2
+    fi
+fi
+exit 0

package/hooks/hooks.json

@@ -0,0 +1,60 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty'); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE '^\\s*(sudo\\s+)?rm\\s+.*-[rRf]*[rR]' && ! echo \"$CMD\" | grep -qE '(node_modules|dist|build|__pycache__|/tmp)'; then echo 'BLOCKED: recursive rm on non-safe target. Use specific paths.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty'); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'git\\s+push\\s+.*--force|git\\s+reset\\s+--hard|git\\s+clean\\s+-fd'; then echo 'BLOCKED: destructive git operation. Use safer alternatives.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty'); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qiE '(api.key|secret|password|token).*=.*[A-Za-z0-9]{20}'; then echo 'BLOCKED: potential credential in command. Use environment variables.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); FILE=$(echo \"$INPUT\" | jq -r '.tool_input.file_path // empty'); [ -z \"$FILE\" ] && exit 0; if echo \"$FILE\" | grep -qE '\\.(env|pem|key|credentials|secret)$'; then echo 'BLOCKED: writing to sensitive file. Check if this is intentional.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "~/.claude/hooks/move-delete-sequence-guard.sh"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "~/.claude/hooks/system-dir-protection-guard.sh"
+          }
+        ]
+      }
+    ]
+  }
+}

package/index.mjs

@@ -94,6 +94,7 @@ const GENERATE_CI = process.argv.includes('--generate-ci');
 const REPORT = process.argv.includes('--report');
 const QUICKFIX = process.argv.includes('--quickfix');
 const SHIELD = process.argv.includes('--shield');
+const OPUS47 = process.argv.includes('--opus47');
 const ANALYZE = process.argv.includes('--analyze');
 const TEAM = process.argv.includes('--team');
 const MIGRATE_FROM_IDX = process.argv.findIndex(a => a === '--migrate-from');
@@ -192,8 +193,9 @@ if (HELP) {
   Find hooks: npx cc-hook-registry search <keyword>
   Test hooks: npx cc-hook-test <hook.sh>
 
-  Support: https://github.com/sponsors/yurukusa
-  Book:    https://zenn.dev/yurukusa/books/6076c23b1cb18b
+  Token Checkup: https://yurukusa.github.io/cc-safe-setup/token-checkup.html
+  Token Book:    https://yurukusa.github.io/cc-safe-setup/token-book.html
+  Safety Guide:  https://zenn.dev/yurukusa/books/6076c23b1cb18b
 `);
   process.exit(0);
 }
@@ -2916,6 +2918,79 @@ async function analyze() {
   console.log();
 }
 
+async function opus47() {
+  console.log();
+  console.log(c.bold + '  🚨  cc-safe-setup --opus47' + c.reset);
+  console.log(c.dim + '  Opus 4.7 protection — fixes for known critical issues' + c.reset);
+  console.log();
+
+  // First install core hooks if not already installed
+  mkdirSync(HOOKS_DIR, { recursive: true });
+  let coreInstalled = 0;
+  for (const [hookId, hookMeta] of Object.entries(HOOKS)) {
+    const hookPath = join(HOOKS_DIR, `${hookId}.sh`);
+    if (!existsSync(hookPath)) {
+      writeFileSync(hookPath, SCRIPTS[hookId]);
+      chmodSync(hookPath, 0o755);
+      coreInstalled++;
+    }
+  }
+  if (coreInstalled > 0) {
+    // Update settings.json for core hooks
+    let settings = {};
+    if (existsSync(SETTINGS_PATH)) {
+      settings = JSON.parse(readFileSync(SETTINGS_PATH, 'utf8'));
+    }
+    if (!settings.hooks) settings.hooks = {};
+    for (const [hookId, hookMeta] of Object.entries(HOOKS)) {
+      const trigger = hookMeta.trigger;
+      if (!settings.hooks[trigger]) settings.hooks[trigger] = [];
+      const hookPath = toBashPath(join(HOOKS_DIR, `${hookId}.sh`));
+      const exists = settings.hooks[trigger].some(h => h.hooks?.some(hh => hh.command?.includes(hookId)));
+      if (!exists) {
+        settings.hooks[trigger].push({
+          matcher: hookMeta.matcher,
+          hooks: [{ type: 'command', command: hookPath }]
+        });
+      }
+    }
+    writeFileSync(SETTINGS_PATH, JSON.stringify(settings, null, 2) + '\n');
+    console.log(c.green + '  ✓' + c.reset + ` ${coreInstalled} core safety hooks installed`);
+  } else {
+    console.log(c.dim + '  ✓ Core safety hooks already installed' + c.reset);
+  }
+
+  // Install Opus 4.7-specific hooks
+  const opus47Hooks = [
+    { name: 'model-version-alert', desc: 'Warns when Opus 4.7 is silently active (#49541)', issue: '4x token consumption' },
+    { name: 'shell-config-truncation-guard', desc: 'Blocks installer from truncating ~/.bash_profile (#49615)', issue: 'config destruction' },
+    { name: 'credential-exfil-guard', desc: 'Blocks credential file access (#49539, #49554)', issue: 'credential deletion' },
+    { name: 'home-critical-bash-guard', desc: 'Blocks destructive ops on critical dotfiles (#49554)', issue: 'home directory attacks' },
+  ];
+
+  console.log();
+  console.log(c.bold + '  Opus 4.7 protection hooks:' + c.reset);
+  let added = 0;
+  for (const hook of opus47Hooks) {
+    try {
+      await installExample(hook.name);
+      added++;
+    } catch (e) {
+      // installExample may exit on error, but we want to continue
+    }
+  }
+
+  console.log();
+  console.log(c.bold + '  Why these hooks matter:' + c.reset);
+  console.log(c.dim + '  Opus 4.7\'s safety classifier is hardcoded to 4.6 (#49618).' + c.reset);
+  console.log(c.dim + '  Auto mode can\'t block dangerous commands on 4.7.' + c.reset);
+  console.log(c.dim + '  These hooks run at process level — independent of the model.' + c.reset);
+  console.log();
+  console.log(c.green + '  Done.' + c.reset + ' Your setup is protected against known Opus 4.7 issues.');
+  console.log(c.dim + '  Guide: https://yurukusa.github.io/cc-safe-setup/opus-47-survival-guide.html' + c.reset);
+  console.log();
+}
+
 async function shield() {
   const { execSync } = await import('child_process');
   const { readdirSync } = await import('fs');
@@ -2969,6 +3044,9 @@ async function shield() {
   // Always include these for maximum safety
   extras.push('scope-guard', 'no-sudo-guard', 'protect-claudemd', 'memory-write-guard', 'skill-gate', 'auto-approve-test', 'auto-approve-readonly');
 
+  // Opus 4.7 safety: classifier is hardcoded to 4.6 (#49618) — hooks are the only defense
+  extras.push('dotfile-protection-guard', 'home-critical-bash-guard');
+
   for (const ex of extras) {
     const exPath = join(__dirname, 'examples', `${ex}.sh`);
     const hookPath = join(HOOKS_DIR, `${ex}.sh`);
@@ -3118,6 +3196,9 @@ async function shield() {
   console.log(c.dim + '  Verify: npx cc-safe-setup --verify' + c.reset);
   console.log(c.dim + '  Status: npx cc-safe-setup --status' + c.reset);
   console.log();
+  console.log(c.dim + '  Burning tokens too fast? Free diagnosis:' + c.reset);
+  console.log(c.blue + '  https://yurukusa.github.io/cc-safe-setup/token-checkup.html' + c.reset);
+  console.log();
 }
 
 async function quickfix() {
@@ -5784,6 +5865,7 @@ async function main() {
   if (TEAM) return team();
   if (PROFILE_IDX !== -1) return profile(PROFILE);
   if (ANALYZE) return analyze();
+  if (OPUS47) return opus47();
   if (SHIELD) return shield();
   if (QUICKFIX) return quickfix();
   if (REPORT) return report();
@@ -5898,12 +5980,16 @@ async function main() {
   console.log('  ' + c.blue + '  --doctor' + c.reset + '            Verify hooks work');
   console.log('  ' + c.blue + '  --simulate "cmd"' + c.reset + '    Test how hooks react');
   console.log('  ' + c.blue + '  --shield' + c.reset + '            Maximum safety (recommended)');
+  console.log('  ' + c.blue + '  --opus47' + c.reset + '            Opus 4.7 crisis protection');
   console.log();
-  console.log('  ' + c.dim + '23 web tools: https://yurukusa.github.io/cc-safe-setup/hub.html' + c.reset);
+  console.log('  ' + c.dim + 'Free tools:' + c.reset);
+  console.log('  ' + c.blue + '  Token Checkup' + c.reset + '  https://yurukusa.github.io/cc-safe-setup/token-checkup.html');
+  console.log('  ' + c.blue + '  Token Book' + c.reset + '     https://yurukusa.github.io/cc-safe-setup/token-book.html');
+  console.log('  ' + c.dim + '  28 web tools: https://yurukusa.github.io/cc-safe-setup/hub.html' + c.reset);
   console.log();
-  console.log('  ' + c.dim + 'Like this tool? Support development:' + c.reset);
-  console.log('  ' + c.dim + '  Sponsor: https://github.com/sponsors/yurukusa' + c.reset);
-  console.log('  ' + c.dim + '  Book:    https://zenn.dev/yurukusa/books/6076c23b1cb18b' + c.reset);
+  console.log('  ' + c.dim + 'Tokens disappearing too fast?' + c.reset);
+  console.log('  ' + c.blue + '  Token Book' + c.reset + '  Cut consumption in half — https://yurukusa.github.io/cc-safe-setup/token-book.html');
+  console.log('  ' + c.dim + '  Safety Guide: https://zenn.dev/yurukusa/books/6076c23b1cb18b' + c.reset);
   console.log();
 }
 

package/memory/market-anthropic-japan-strategy-2026-04-13.md

@@ -0,0 +1,4 @@
+This file was created in the wrong location. The correct version is at:
+~/.claude/projects/-home-namakusa-projects-cc-loop/memory/market-anthropic-japan-strategy-2026-04-13.md
+
+This file can be deleted.

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.6.40",
-  "description": "One command to make Claude Code safe. 650 example hooks + 8 built-in. 56 CLI commands. Token consumption diagnosis. Works with Auto Mode.",
+  "version": "29.8.0",
+  "description": "One command to make Claude Code safe. 701 example hooks + 8 built-in. 56 CLI commands. Token consumption diagnosis. Works with Auto Mode.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"