cc-safe-setup 29.6.40 → 29.8.0

package/plugins/credential-guard/.claude-plugin/plugin.json

@@ -0,0 +1,58 @@
+{
+  "name": "credential-guard",
+  "description": "Protect secrets and credentials from Claude Code. Blocks writes to .env files, detects API keys in shell commands, prevents hardcoded tokens, and guards service account JSON files.",
+  "version": "1.1.0",
+  "author": { "name": "yurukusa" },
+  "homepage": "https://yurukusa.github.io/cc-safe-setup/",
+  "repository": "https://github.com/yurukusa/cc-safe-setup",
+  "license": "MIT",
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); FILE=$(echo \"$INPUT\" | jq -r '.tool_input.file_path // empty' 2>/dev/null); [ -z \"$FILE\" ] && exit 0; if echo \"$FILE\" | grep -qE '\\.env$|\\.env\\.|credentials|secret'; then echo \"BLOCKED: Writing to sensitive file: $FILE\" >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); FILE=$(echo \"$INPUT\" | jq -r '.tool_input.file_path // empty' 2>/dev/null); [ -z \"$FILE\" ] && exit 0; if echo \"$FILE\" | grep -qE '\\.env$|\\.env\\.|credentials|secret'; then echo \"BLOCKED: Editing sensitive file: $FILE\" >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE '(sk|pk|api|key|token|secret|password)[-_]?[a-zA-Z0-9]{20,}'; then echo 'WARNING: Possible API key or token detected in command. Verify no secrets are exposed.' >&2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); FILE=$(echo \"$INPUT\" | jq -r '.tool_input.file_path // empty' 2>/dev/null); [ -z \"$FILE\" ] && exit 0; if echo \"$FILE\" | grep -qE 'serviceaccount.*\\.json|key\\.json|credentials\\.json'; then echo \"BLOCKED: Writing to service account file: $FILE\" >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'ANTHROPIC_API_KEY|OPENAI_API_KEY|AWS_SECRET|GITHUB_TOKEN|DATABASE_URL'; then echo 'WARNING: Environment variable with potential secret detected in command.' >&2; fi"
+          }
+        ]
+      }
+    ]
+  }
+}

package/plugins/git-protection/.claude-plugin/plugin.json

@@ -0,0 +1,58 @@
+{
+  "name": "git-protection",
+  "description": "Git safety hooks for Claude Code. Blocks force-push, protects main/master branch, prevents hard-reset, guards interactive rebase, and blocks git clean -fd.",
+  "version": "1.1.0",
+  "author": { "name": "yurukusa" },
+  "homepage": "https://yurukusa.github.io/cc-safe-setup/",
+  "repository": "https://github.com/yurukusa/cc-safe-setup",
+  "license": "MIT",
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'git\\s+push.*--force|git\\s+push.*-f\\b'; then echo 'BLOCKED: Force push. Use --force-with-lease for safer alternative.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'git\\s+push\\s+(origin\\s+)?(main|master)\\b'; then echo 'BLOCKED: Direct push to main/master. Use a feature branch and PR.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'git\\s+reset\\s+--hard'; then echo 'BLOCKED: git reset --hard. Use git stash or git reset --soft.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'git\\s+clean\\s+-fd|git\\s+clean\\s+-f'; then echo 'BLOCKED: git clean removes untracked files permanently. Review with git clean -n first.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'git\\s+branch\\s+-D'; then echo 'BLOCKED: Force branch deletion. Use -d (safe delete) instead of -D.' >&2; exit 2; fi"
+          }
+        ]
+      }
+    ]
+  }
+}

package/plugins/safety-essentials/.claude-plugin/plugin.json

@@ -0,0 +1,58 @@
+{
+  "name": "safety-essentials",
+  "description": "5 essential safety hooks for Claude Code. Blocks rm -rf, force-push, hard-reset, .env overwrites, and package publish. The minimum viable safety net from 800+ hours of autonomous operation.",
+  "version": "1.1.0",
+  "author": { "name": "yurukusa" },
+  "homepage": "https://yurukusa.github.io/cc-safe-setup/",
+  "repository": "https://github.com/yurukusa/cc-safe-setup",
+  "license": "MIT",
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'rm\\s+-r(f|F)|rm\\s+-(f|F)r|rm\\s+--force.*-r|rm\\s+-r.*--force'; then echo 'BLOCKED: rm -rf detected. Use git clean or manual deletion instead.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'git\\s+push.*--force|git\\s+push.*-f\\b'; then echo 'BLOCKED: Force push detected. Use --force-with-lease or push normally.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'git\\s+reset\\s+--hard'; then echo 'BLOCKED: git reset --hard discards uncommitted changes. Use git stash instead.' >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Write",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); FILE=$(echo \"$INPUT\" | jq -r '.tool_input.file_path // empty' 2>/dev/null); [ -z \"$FILE\" ] && exit 0; if echo \"$FILE\" | grep -qE '\\.env$|\\.env\\.'; then echo \"BLOCKED: Writing to environment file: $FILE\" >&2; exit 2; fi"
+          }
+        ]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); CMD=$(echo \"$INPUT\" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z \"$CMD\" ] && exit 0; if echo \"$CMD\" | grep -qE 'npm\\s+publish|yarn\\s+publish'; then echo 'BLOCKED: Package publish requires manual execution.' >&2; exit 2; fi"
+          }
+        ]
+      }
+    ]
+  }
+}

package/plugins/token-guard/.claude-plugin/plugin.json

@@ -0,0 +1,51 @@
+{
+  "name": "token-guard",
+  "description": "Token consumption guards for Claude Code. Warns on large file reads (100KB+), limits unique file reads per session, estimates token budget, and caps subagent spawns. From 800+ hours of autonomous operation data.",
+  "version": "1.0.0",
+  "author": { "name": "yurukusa" },
+  "homepage": "https://yurukusa.github.io/cc-safe-setup/token-book.html",
+  "repository": "https://github.com/yurukusa/cc-safe-setup",
+  "license": "MIT",
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Read",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "INPUT=$(cat); FP=$(echo \"$INPUT\" | jq -r '.tool_input.file_path // empty' 2>/dev/null); [ -z \"$FP\" ] || [ ! -f \"$FP\" ] && exit 0; SZ=$(stat -c%s \"$FP\" 2>/dev/null || stat -f%z \"$FP\" 2>/dev/null); [ \"$SZ\" -gt 102400 ] 2>/dev/null && echo \"Warning: $(basename $FP) is $((SZ/1024))KB. Use limit parameter to read only what you need.\" || true"
+          }
+        ]
+      },
+      {
+        "matcher": "Read",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "BUDGET=${CC_READ_BUDGET:-100}; WARN=${CC_READ_WARN:-50}; T=/tmp/cc-read-budget-$PPID; INPUT=$(cat); FP=$(echo \"$INPUT\" | jq -r '.tool_input.file_path // empty' 2>/dev/null); [ -z \"$FP\" ] && exit 0; C=0; if [ -f \"$T\" ]; then grep -qF \"$FP\" \"$T\" || echo \"$FP\" >> \"$T\"; C=$(wc -l < \"$T\"); else echo \"$FP\" > \"$T\"; C=1; fi; [ \"$C\" -ge \"$BUDGET\" ] && { echo \"[BLOCK] Read budget reached (${BUDGET} files). Use Glob/Grep to narrow down.\"; exit 2; }; [ \"$C\" -ge \"$WARN\" ] && echo \"Warning: ${C}/${BUDGET} files read.\""
+          }
+        ]
+      },
+      {
+        "matcher": "Agent",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "MAX=${CC_MAX_AGENTS:-3}; T=/tmp/cc-agents-$PPID; C=0; [ -f \"$T\" ] && C=$(cat \"$T\"); C=$((C+1)); echo $C > \"$T\"; [ $C -gt $MAX ] && { echo \"[BLOCK] Subagent limit (${MAX}). Complete existing agents first.\"; exit 2; }; [ $C -ge $MAX ] && echo \"Warning: ${C}/${MAX} subagents spawned.\""
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": {},
+        "hooks": [
+          {
+            "type": "command",
+            "command": "WARN=${CC_TOKEN_BUDGET:-50000}; BLOCK=${CC_TOKEN_BLOCK:-100000}; T=/tmp/cc-tokens-$PPID; INPUT=$(cat); SZ=${#INPUT}; TK=$((SZ/4)); TOTAL=0; [ -f \"$T\" ] && TOTAL=$(cat \"$T\"); TOTAL=$((TOTAL+TK)); echo $TOTAL > \"$T\"; [ $TOTAL -ge $BLOCK ] && { echo \"[BLOCK] Token budget exceeded (~${TOTAL}). Run /compact.\"; exit 2; }; [ $TOTAL -ge $WARN ] && echo \"Warning: ~${TOTAL} tokens consumed (limit: ${BLOCK}).\""
+          }
+        ]
+      }
+    ]
+  }
+}

package/skills/safety-setup/SKILL.md

@@ -0,0 +1,47 @@
+---
+name: cc-safe-setup
+description: Safety hooks for Claude Code — 695 pre-built hooks that prevent file deletion, credential leaks, git disasters, and token waste during autonomous AI coding sessions. Install with npx cc-safe-setup.
+---
+
+# cc-safe-setup
+
+Safety-first configuration for Claude Code. Prevents the accidents that happen when AI writes code autonomously.
+
+## What it does
+
+Installs pre-built safety hooks into your Claude Code environment. These hooks run automatically before/after tool calls to block dangerous operations.
+
+**Categories:**
+- **File protection**: Block `rm -rf`, prevent overwriting files outside project
+- **Git safety**: Prevent force-push to main, block `reset --hard`
+- **Credential guards**: Stop `.env` files from being committed or read by AI
+- **Token optimization**: Warn on large file reads, limit subagent spawning
+- **Quality gates**: Detect lazy rewrites, verify claims before committing
+
+## Quick start
+
+```bash
+npx cc-safe-setup
+```
+
+This runs an interactive wizard that configures hooks based on your risk profile.
+
+## Install individual hooks
+
+```bash
+npx cc-safe-setup --install-example large-read-guard
+npx cc-safe-setup --install-example prevent-rm-rf
+npx cc-safe-setup --install-example git-force-push-block
+```
+
+## Why hooks instead of CLAUDE.md rules
+
+Rules in CLAUDE.md are suggestions — Claude can forget them. Hooks are enforced at the system level. A hook that blocks `rm -rf` cannot be overridden by the AI.
+
+From 800+ hours of autonomous operation: the hooks that matter most are the ones you don't notice until something goes wrong.
+
+## Resources
+
+- Repository: https://github.com/yurukusa/cc-safe-setup
+- Hook Selector (find hooks for your setup): https://yurukusa.github.io/cc-safe-setup/hook-selector.html
+- Token Checkup (diagnose waste): https://yurukusa.github.io/cc-safe-setup/token-checkup.html

package/tests/dotenv-read-guard.test.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+# Tests for dotenv-read-guard.sh
+HOOK="$(dirname "$0")/../examples/dotenv-read-guard.sh"
+PASS=0; FAIL=0
+
+run_test() {
+    local desc="$1" input="$2" expect="$3"
+    result=$(echo "$input" | bash "$HOOK" 2>/dev/null; echo $?)
+    code=$(echo "$result" | tail -1)
+    if [ "$code" = "$expect" ]; then
+        echo "PASS: $desc"
+        ((PASS++))
+    else
+        echo "FAIL: $desc (expected $expect, got $code)"
+        ((FAIL++))
+    fi
+}
+
+# Should block .env files
+run_test "Block .env" \
+    '{"tool_input":{"file_path":"/home/user/project/.env"}}' "2"
+
+run_test "Block .env.local" \
+    '{"tool_input":{"file_path":"/app/.env.local"}}' "2"
+
+run_test "Block .env.production" \
+    '{"tool_input":{"file_path":"/deploy/.env.production"}}' "2"
+
+run_test "Block .env.staging" \
+    '{"tool_input":{"file_path":"/app/.env.staging"}}' "2"
+
+run_test "Block .env.development" \
+    '{"tool_input":{"file_path":"/app/.env.development"}}' "2"
+
+run_test "Block .env.test" \
+    '{"tool_input":{"file_path":"/project/.env.test"}}' "2"
+
+# Should allow non-.env files
+run_test "Allow .env.example" \
+    '{"tool_input":{"file_path":"/project/.env.example"}}' "0"
+
+run_test "Allow README.md" \
+    '{"tool_input":{"file_path":"/project/README.md"}}' "0"
+
+run_test "Allow package.json" \
+    '{"tool_input":{"file_path":"/project/package.json"}}' "0"
+
+run_test "Allow config.ts" \
+    '{"tool_input":{"file_path":"/src/config.ts"}}' "0"
+
+run_test "Allow env.ts (not dotenv)" \
+    '{"tool_input":{"file_path":"/src/env.ts"}}' "0"
+
+run_test "Allow .envrc (direnv)" \
+    '{"tool_input":{"file_path":"/project/.envrc"}}' "0"
+
+# Edge cases
+run_test "Empty input" '{}' "0"
+
+run_test "No file_path" \
+    '{"tool_input":{}}' "0"
+
+echo ""
+echo "Results: $PASS passed, $FAIL failed"
+[ "$FAIL" -eq 0 ] && exit 0 || exit 1

package/tests/test-auto-mode-safety-enforcer.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+# Tests for auto-mode-safety-enforcer.sh
+set -euo pipefail
+
+PASS=0
+FAIL=0
+HOOK="$(dirname "$0")/../examples/auto-mode-safety-enforcer.sh"
+
+test_hook() {
+    local input="$1" expected_exit="$2" desc="$3"
+    local actual_exit=0
+    echo "$input" | bash "$HOOK" > /dev/null 2>/dev/null || actual_exit=$?
+    if [ "$actual_exit" -eq "$expected_exit" ]; then
+        echo "  PASS: $desc"
+        PASS=$((PASS + 1))
+    else
+        echo "  FAIL: $desc (expected exit $expected_exit, got $actual_exit)"
+        FAIL=$((FAIL + 1))
+    fi
+}
+
+echo "auto-mode-safety-enforcer.sh tests"
+echo ""
+
+# --- Block: Critical rm operations ---
+test_hook '{"tool_input":{"command":"rm -rf /"}}' 2 "Block rm -rf /"
+test_hook '{"tool_input":{"command":"rm -rf ~"}}' 2 "Block rm -rf ~"
+test_hook '{"tool_input":{"command":"rm -rf ~/."}}' 2 "Block rm -rf ~/."
+test_hook '{"tool_input":{"command":"sudo rm -rf /home"}}' 2 "Block sudo rm -rf /home"
+test_hook '{"tool_input":{"command":"rm -rf /etc"}}' 2 "Block rm -rf /etc"
+test_hook '{"tool_input":{"command":"rm -rf /usr"}}' 2 "Block rm -rf /usr"
+test_hook "{\"tool_input\":{\"command\":\"rm -rf $HOME/.ssh\"}}" 2 "Block rm -rf ~/.ssh"
+test_hook "{\"tool_input\":{\"command\":\"rm $HOME/.git-credentials\"}}" 2 "Block rm ~/.git-credentials"
+test_hook "{\"tool_input\":{\"command\":\"rm -f $HOME/.bashrc\"}}" 2 "Block rm ~/.bashrc"
+
+# --- Block: Disk operations ---
+test_hook '{"tool_input":{"command":"sudo dd if=/dev/zero of=/dev/sda"}}' 2 "Block dd to disk"
+test_hook '{"tool_input":{"command":"sudo mkfs.ext4 /dev/sda1"}}' 2 "Block mkfs"
+test_hook '{"tool_input":{"command":"sudo fdisk /dev/sda"}}' 2 "Block fdisk"
+
+# --- Block: System process kill ---
+test_hook '{"tool_input":{"command":"kill -9 1"}}' 2 "Block kill PID 1"
+test_hook '{"tool_input":{"command":"killall systemd"}}' 2 "Block killall systemd"
+
+# --- Allow: Safe operations ---
+test_hook '{"tool_input":{"command":"rm -rf node_modules"}}' 0 "Allow rm node_modules"
+test_hook '{"tool_input":{"command":"rm /tmp/test.txt"}}' 0 "Allow rm in /tmp"
+test_hook '{"tool_input":{"command":"ls -la"}}' 0 "Allow ls"
+test_hook '{"tool_input":{"command":"git status"}}' 0 "Allow git"
+test_hook '{"tool_input":{"command":"npm install"}}' 0 "Allow npm install"
+test_hook '{}' 0 "Allow empty input"
+
+echo ""
+echo "Results: $PASS passed, $FAIL failed out of $((PASS + FAIL)) tests"
+[ "$FAIL" -eq 0 ] && exit 0 || exit 1

package/tests/test-case-insensitive-path-guard.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+# Tests for case-insensitive-path-guard.sh
+# Run: bash tests/test-case-insensitive-path-guard.sh
+# NOTE: Full case-mismatch detection only works on macOS APFS.
+#       On Linux, the hook exits 0 for all inputs (no case-insensitive FS).
+#       These tests verify the non-macOS path (exit 0) and input parsing.
+set -euo pipefail
+
+PASS=0
+FAIL=0
+HOOK="$(dirname "$0")/../examples/case-insensitive-path-guard.sh"
+
+test_hook() {
+    local input="$1" expected_exit="$2" desc="$3"
+    local actual_exit=0
+    echo "$input" | bash "$HOOK" > /dev/null 2>/dev/null || actual_exit=$?
+    if [ "$actual_exit" -eq "$expected_exit" ]; then
+        echo "  PASS: $desc"
+        PASS=$((PASS + 1))
+    else
+        echo "  FAIL: $desc (expected exit $expected_exit, got $actual_exit)"
+        FAIL=$((FAIL + 1))
+    fi
+}
+
+echo "case-insensitive-path-guard.sh tests"
+echo ""
+
+# On Linux, all commands should pass through (exit 0)
+# The hook only activates on macOS (uname == Darwin)
+IS_LINUX=0
+[ "$(uname)" != "Darwin" ] && IS_LINUX=1
+
+if [ "$IS_LINUX" -eq 1 ]; then
+    echo "Running on Linux — all tests should pass through (exit 0)"
+    echo ""
+
+    # --- Pass-through on Linux ---
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"rm -rf ~/Projects"}}' 0 "Linux: rm -rf passes through"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"rm -rf ~/Documents"}}' 0 "Linux: rm Documents passes through"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"mv ~/old ~/new"}}' 0 "Linux: mv passes through"
+
+    # --- Non-destructive commands always pass ---
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"ls ~/Projects"}}' 0 "Linux: ls passes through"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"git status"}}' 0 "Linux: git status passes through"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"echo hello"}}' 0 "Linux: echo passes through"
+
+    # --- Safe paths always pass ---
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"rm -rf node_modules"}}' 0 "Linux: rm node_modules passes"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"rm -rf /tmp/test"}}' 0 "Linux: rm /tmp passes"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"rm -rf .cache"}}' 0 "Linux: rm .cache passes"
+
+    # --- Empty/missing inputs ---
+    test_hook '{"tool_name":"Bash","tool_input":{"command":""}}' 0 "Empty command"
+    test_hook '{"tool_name":"Bash","tool_input":{}}' 0 "No command"
+    test_hook '{}' 0 "Empty JSON"
+
+else
+    echo "Running on macOS — testing case-mismatch detection"
+    echo ""
+
+    # On macOS, safe paths should still pass
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"rm -rf node_modules"}}' 0 "macOS: rm node_modules passes"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"rm -rf /tmp/test"}}' 0 "macOS: rm /tmp passes"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"rm -rf __pycache__"}}' 0 "macOS: rm __pycache__ passes"
+
+    # Non-destructive commands pass
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"ls ~/Projects"}}' 0 "macOS: ls passes through"
+    test_hook '{"tool_name":"Bash","tool_input":{"command":"git status"}}' 0 "macOS: git status passes"
+
+    # Empty inputs
+    test_hook '{"tool_name":"Bash","tool_input":{"command":""}}' 0 "Empty command"
+    test_hook '{"tool_name":"Bash","tool_input":{}}' 0 "No command"
+fi
+
+echo ""
+echo "Results: $PASS passed, $FAIL failed out of $((PASS + FAIL))"
+[ "$FAIL" -eq 0 ] && echo "ALL TESTS PASSED" || exit 1

package/tests/test-compact-circuit-breaker.sh

@@ -0,0 +1,134 @@
+#!/bin/bash
+# Tests for compact-circuit-breaker.sh
+set -uo pipefail
+
+HOOK="$(dirname "$0")/../examples/compact-circuit-breaker.sh"
+STATE_DIR="/tmp/.cc-compact-circuit-breaker"
+STATE_FILE="$STATE_DIR/compaction-log"
+PASS=0; FAIL=0; TOTAL=0
+
+run_test() {
+  local desc="$1"; shift
+  TOTAL=$((TOTAL + 1))
+  if "$@" 2>/dev/null; then
+    PASS=$((PASS + 1))
+    echo "✅ $desc"
+  else
+    local code=$?
+    if [ "$code" -eq 2 ]; then
+      # exit 2 = block, might be expected
+      FAIL=$((FAIL + 1))
+      echo "❌ $desc (exit $code)"
+    else
+      FAIL=$((FAIL + 1))
+      echo "❌ $desc (exit $code)"
+    fi
+  fi
+}
+
+run_test_blocked() {
+  local desc="$1"; shift
+  TOTAL=$((TOTAL + 1))
+  local code=0
+  "$@" 2>/dev/null || code=$?
+  if [ "$code" -eq 2 ]; then
+    PASS=$((PASS + 1))
+    echo "✅ $desc (correctly blocked)"
+  else
+    FAIL=$((FAIL + 1))
+    echo "❌ $desc (expected block, got exit $code)"
+  fi
+}
+
+cleanup() {
+  rm -rf "$STATE_DIR"
+  mkdir -p "$STATE_DIR"
+}
+
+# Test 1: First compaction should be allowed
+cleanup
+run_test "First compaction allowed" bash "$HOOK"
+
+# Test 2: Second compaction within MIN_INTERVAL should be blocked (cooldown)
+run_test_blocked "Cooldown blocks rapid compaction" bash "$HOOK"
+
+# Test 3: After cooldown, compaction should be allowed
+cleanup
+echo "$(($(date +%s) - 200))" > "$STATE_FILE"
+run_test "Compaction allowed after cooldown" bash "$HOOK"
+
+# Test 4: Circuit breaker triggers after MAX_PER_HOUR
+cleanup
+NOW=$(date +%s)
+for i in $(seq 1 3); do
+  echo "$((NOW - 300 + i * 10))" >> "$STATE_FILE"
+done
+run_test_blocked "Circuit breaker blocks after 3 compactions" bash "$HOOK"
+
+# Test 5: Old entries are cleaned up
+cleanup
+ONE_HOUR_AGO=$(($(date +%s) - 3700))
+for i in $(seq 1 5); do
+  echo "$((ONE_HOUR_AGO - i * 10))" >> "$STATE_FILE"
+done
+run_test "Old entries cleaned, compaction allowed" bash "$HOOK"
+
+# Test 6: Custom MAX_PER_HOUR
+cleanup
+NOW=$(date +%s)
+echo "$((NOW - 200))" > "$STATE_FILE"
+run_test_blocked "Custom MAX_PER_HOUR=1 blocks second" env CC_COMPACT_MAX_PER_HOUR=1 bash "$HOOK"
+
+# Test 7: Custom MIN_INTERVAL
+cleanup
+echo "$(date +%s)" > "$STATE_FILE"
+run_test_blocked "Default MIN_INTERVAL blocks immediate retry" bash "$HOOK"
+
+# Test 8: State directory created if missing
+rm -rf "$STATE_DIR"
+run_test "Creates state directory" bash "$HOOK"
+[ -d "$STATE_DIR" ] && echo "  ↳ State directory exists ✅" || echo "  ↳ State directory missing ❌"
+
+# Test 9: Empty state file handled
+cleanup
+mkdir -p "$STATE_DIR"
+touch "$STATE_FILE"
+run_test "Empty state file handled" bash "$HOOK"
+
+# Test 10: Mixed old and new entries
+cleanup
+NOW=$(date +%s)
+echo "$((NOW - 7200))" >> "$STATE_FILE"  # 2 hours ago (old)
+echo "$((NOW - 7100))" >> "$STATE_FILE"  # old
+echo "$((NOW - 200))" >> "$STATE_FILE"   # recent (1)
+run_test "Mixed entries: old cleaned, recent counted" bash "$HOOK"
+
+# Test 11: Exactly at MAX_PER_HOUR boundary
+cleanup
+NOW=$(date +%s)
+echo "$((NOW - 1800))" >> "$STATE_FILE"
+echo "$((NOW - 900))" >> "$STATE_FILE"
+echo "$((NOW - 200))" >> "$STATE_FILE"
+run_test_blocked "Exactly at MAX=3 boundary blocked" bash "$HOOK"
+
+# Test 12: Error message content
+cleanup
+NOW=$(date +%s)
+for i in $(seq 1 3); do
+  echo "$((NOW - 300 + i * 10))" >> "$STATE_FILE"
+done
+OUTPUT=$(bash "$HOOK" 2>&1 || true)
+TOTAL=$((TOTAL + 1))
+if echo "$OUTPUT" | grep -q "CIRCUIT BREAKER"; then
+  PASS=$((PASS + 1))
+  echo "✅ Error message contains CIRCUIT BREAKER"
+else
+  FAIL=$((FAIL + 1))
+  echo "❌ Error message missing CIRCUIT BREAKER: $OUTPUT"
+fi
+
+cleanup
+
+echo ""
+echo "Results: $PASS/$TOTAL passed, $FAIL failed"
+[ "$FAIL" -eq 0 ] && exit 0 || exit 1

package/tests/test-context-usage-drift-alert.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+# Tests for context-usage-drift-alert.sh
+HOOK="examples/context-usage-drift-alert.sh"
+PASS=0 FAIL=0
+
+assert_contains() { if echo "$2" | grep -q "$3"; then PASS=$((PASS+1)); else FAIL=$((FAIL+1)); echo "FAIL: $1 (expected '$3')"; fi; }
+assert_not_contains() { if ! echo "$2" | grep -q "$3"; then PASS=$((PASS+1)); else FAIL=$((FAIL+1)); echo "FAIL: $1 (unexpected '$3')"; fi; }
+
+# Use a test-specific counter file
+COUNTER_FILE="/tmp/cc-context-usage-counter-$(date +%Y%m%d)"
+rm -f "$COUNTER_FILE"
+
+# Test 1: Calls 1-49 should not warn
+for i in $(seq 1 49); do
+  echo '{}' | bash "$HOOK" 2>/dev/null
+done
+OUT=$(echo '{}' | bash "$HOOK" 2>&1)
+# Call 50 should give checkpoint
+assert_contains "call 50 should checkpoint" "$OUT" "checkpoint"
+assert_contains "should mention /cost" "$OUT" "/cost"
+
+# Test 2: Calls 51-99 should not warn
+for i in $(seq 51 99); do
+  echo '{}' | bash "$HOOK" 2>/dev/null
+done
+OUT=$(echo '{}' | bash "$HOOK" 2>&1)
+# Call 100 should give strong warning
+assert_contains "call 100 should warn high" "$OUT" "HIGH CONTEXT"
+assert_contains "should mention /compact" "$OUT" "/compact"
+assert_contains "should reference issue" "$OUT" "#50204"
+
+# Test 3: Calls 101-149
+for i in $(seq 101 149); do
+  echo '{}' | bash "$HOOK" 2>/dev/null
+done
+OUT=$(echo '{}' | bash "$HOOK" 2>&1)
+# Call 150 should give critical warning
+assert_contains "call 150 critical warning" "$OUT" "VERY HIGH"
+assert_contains "should mention saving state" "$OUT" "Save"
+
+# Test 4: Normal calls between thresholds should be silent
+rm -f "$COUNTER_FILE"
+echo "10" > "$COUNTER_FILE"
+OUT=$(echo '{}' | bash "$HOOK" 2>&1)
+assert_not_contains "non-threshold call should be silent" "$OUT" "checkpoint"
+assert_not_contains "non-threshold no warning" "$OUT" "HIGH"
+
+# Cleanup
+rm -f "$COUNTER_FILE"
+
+echo "Results: $PASS passed, $FAIL failed"
+[ "$FAIL" -eq 0 ]