cc-safe-setup 29.6.9 → 29.6.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# ================================================================
|
|
3
|
+
# git-message-length-check.sh — Warn on too-short commit messages
|
|
4
|
+
# ================================================================
|
|
5
|
+
# PURPOSE:
|
|
6
|
+
# Claude Code sometimes writes very short commit messages like
|
|
7
|
+
# "fix" or "update". This PostToolUse hook checks the commit
|
|
8
|
+
# message length and warns if it's too short to be meaningful.
|
|
9
|
+
#
|
|
10
|
+
# TRIGGER: PostToolUse
|
|
11
|
+
# MATCHER: "Bash"
|
|
12
|
+
#
|
|
13
|
+
# CONFIGURATION:
|
|
14
|
+
# CC_COMMIT_MIN_LENGTH=10 (minimum message length, default: 10)
|
|
15
|
+
# ================================================================
|
|
16
|
+
|
|
17
|
+
INPUT=$(cat)
|
|
18
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
19
|
+
[ -z "$COMMAND" ] && exit 0
|
|
20
|
+
|
|
21
|
+
# Only check git commit commands
|
|
22
|
+
echo "$COMMAND" | grep -qE 'git\s+commit' || exit 0
|
|
23
|
+
|
|
24
|
+
MIN_LENGTH="${CC_COMMIT_MIN_LENGTH:-10}"
|
|
25
|
+
|
|
26
|
+
# Extract message from -m flag
|
|
27
|
+
MSG=$(echo "$COMMAND" | grep -oE '\-m\s+["'"'"'][^"'"'"']*["'"'"']' | sed "s/-m\s*[\"']\(.*\)[\"']/\1/")
|
|
28
|
+
[ -z "$MSG" ] && exit 0
|
|
29
|
+
|
|
30
|
+
LENGTH=${#MSG}
|
|
31
|
+
|
|
32
|
+
if [ "$LENGTH" -lt "$MIN_LENGTH" ]; then
|
|
33
|
+
echo "⚠ Commit message too short ($LENGTH chars, minimum: $MIN_LENGTH)" >&2
|
|
34
|
+
echo " Message: \"$MSG\"" >&2
|
|
35
|
+
echo " Write descriptive messages explaining WHY, not WHAT." >&2
|
|
36
|
+
fi
|
|
37
|
+
|
|
38
|
+
exit 0
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# ================================================================
|
|
3
|
+
# output-credential-scan.sh — Detect credentials in command output
|
|
4
|
+
# ================================================================
|
|
5
|
+
# PURPOSE:
|
|
6
|
+
# Claude Code can accidentally expose credentials by running
|
|
7
|
+
# commands like `env`, `cat .env`, or `printenv`. This PostToolUse
|
|
8
|
+
# hook scans stdout for common credential patterns and warns.
|
|
9
|
+
#
|
|
10
|
+
# TRIGGER: PostToolUse
|
|
11
|
+
# MATCHER: "Bash"
|
|
12
|
+
# ================================================================
|
|
13
|
+
|
|
14
|
+
INPUT=$(cat)
|
|
15
|
+
STDOUT=$(echo "$INPUT" | jq -r '.tool_result.stdout // empty' 2>/dev/null)
|
|
16
|
+
|
|
17
|
+
[ -z "$STDOUT" ] && exit 0
|
|
18
|
+
|
|
19
|
+
# Check for common credential patterns in output
|
|
20
|
+
if echo "$STDOUT" | grep -qiE '(sk-[a-zA-Z0-9]{20,}|ghp_[a-zA-Z0-9]{36}|AKIA[A-Z0-9]{16}|xox[bpsa]-[a-zA-Z0-9-]+|eyJ[a-zA-Z0-9_-]+\.eyJ)'; then
|
|
21
|
+
echo "⚠ Possible credential detected in command output!" >&2
|
|
22
|
+
echo " This output may contain API keys, tokens, or secrets." >&2
|
|
23
|
+
echo " Avoid sharing this output or committing it to version control." >&2
|
|
24
|
+
fi
|
|
25
|
+
|
|
26
|
+
exit 0
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "29.6.
|
|
4
|
-
"description": "One command to make Claude Code safe.
|
|
3
|
+
"version": "29.6.11",
|
|
4
|
+
"description": "One command to make Claude Code safe. 421 example hooks + 8 built-in. 52 CLI commands. 5668 tests. Works with Auto Mode.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|
|
7
7
|
"cc-safe-setup": "index.mjs"
|