cc-safe-setup 29.6.7 → 29.6.9

package/examples/markdown-link-check.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# ================================================================
+# markdown-link-check.sh — Verify local file links in markdown
+# ================================================================
+# PURPOSE:
+#   After Claude edits a markdown file, check that all local file
+#   references (relative paths) actually exist. Catches broken
+#   links to images, other docs, or code files.
+#
+# TRIGGER: PostToolUse
+# MATCHER: "Edit|Write"
+# ================================================================
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+[ -z "$FILE" ] && exit 0
+echo "$FILE" | grep -qiE '\.md$|\.mdx$' || exit 0
+[ -f "$FILE" ] || exit 0
+
+DIR=$(dirname "$FILE")
+BROKEN=0
+
+# Extract markdown links: [text](path) — skip URLs and anchors
+while IFS= read -r link; do
+    # Skip URLs, anchors, and mailto
+    echo "$link" | grep -qE '^(https?://|#|mailto:)' && continue
+    # Remove anchor part
+    CLEAN=$(echo "$link" | sed 's/#.*//')
+    [ -z "$CLEAN" ] && continue
+    # Resolve relative path
+    TARGET="$DIR/$CLEAN"
+    if [ ! -e "$TARGET" ]; then
+        echo "⚠ Broken link in $FILE: $link" >&2
+        BROKEN=$((BROKEN + 1))
+    fi
+done < <(grep -oE '\]\([^)]+\)' "$FILE" 2>/dev/null | sed 's/\](\(.*\))/\1/')
+
+if [ "$BROKEN" -gt 0 ]; then
+    echo "  $BROKEN broken link(s) found." >&2
+fi
+
+exit 0

package/examples/no-force-flag.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# ================================================================
+# no-force-flag.sh — Block dangerous --force flags
+# ================================================================
+# PURPOSE:
+#   --force flags bypass safety checks in package managers and git.
+#   This hook blocks common dangerous --force patterns:
+#   - npm install --force (ignores peer dependency conflicts)
+#   - pip install --force-reinstall (skips cache, wastes time)
+#   - git push --force (overwrites remote history)
+#   - docker system prune --force (removes all unused data)
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+# ================================================================
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# npm install --force / --legacy-peer-deps
+if echo "$COMMAND" | grep -qE 'npm\s+install.*--force|npm\s+i\s.*--force'; then
+    echo "BLOCKED: npm install --force bypasses peer dependency checks." >&2
+    echo "Fix the dependency conflict instead of forcing." >&2
+    exit 2
+fi
+
+# git push --force (not --force-with-lease)
+if echo "$COMMAND" | grep -qE 'git\s+push.*--force($|\s)' && ! echo "$COMMAND" | grep -q 'force-with-lease'; then
+    echo "BLOCKED: git push --force can destroy remote history." >&2
+    echo "Use --force-with-lease for safer force-push." >&2
+    exit 2
+fi
+
+# docker system prune --force
+if echo "$COMMAND" | grep -qE 'docker\s+(system\s+)?prune.*-f|docker\s+(system\s+)?prune.*--force'; then
+    echo "BLOCKED: docker prune --force removes all unused data without confirmation." >&2
+    exit 2
+fi
+
+exit 0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cc-safe-setup",
-  "version": "29.6.7",
-  "description": "One command to make Claude Code safe. 417 example hooks + 8 built-in. 52 CLI commands. 5639 tests. Works with Auto Mode.",
+  "version": "29.6.9",
+  "description": "One command to make Claude Code safe. 419 example hooks + 8 built-in. 52 CLI commands. 5655 tests. Works with Auto Mode.",
   "main": "index.mjs",
   "bin": {
     "cc-safe-setup": "index.mjs"