cc-safe-setup 5.1.0 → 5.3.0

package/README.md

@@ -224,6 +224,9 @@ Or browse all available examples in [`examples/`](examples/):
 - **session-handoff.sh** — Auto-save git state and session info to `~/.claude/session-handoff.md` on session end
 - **diff-size-guard.sh** — Warn/block when committing too many files at once (default: warn at 10, block at 50)
 - **dependency-audit.sh** — Warn when installing packages not in manifest (npm/pip/cargo supply chain awareness)
+- **symlink-guard.sh** — Detect symlink/junction traversal in rm targets ([#36339](https://github.com/anthropics/claude-code/issues/36339) [#764](https://github.com/anthropics/claude-code/issues/764))
+- **binary-file-guard.sh** — Warn when Write targets binary file types (images, archives)
+- **stale-branch-guard.sh** — Warn when working branch is far behind default
 - **cost-tracker.sh** — Estimate session token cost and warn at thresholds ($1, $5)
 - **read-before-edit.sh** — Warn when editing files not recently read (prevents old_string mismatches)
 

package/examples/binary-file-guard.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# ================================================================
+# binary-file-guard.sh — Warn when Write creates binary/large files
+# ================================================================
+# PURPOSE:
+#   Claude Code sometimes tries to Write binary content (images,
+#   archives, compiled files) which produces corrupted output.
+#   This hook detects binary patterns in Write content.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Write"
+# ================================================================
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // empty' 2>/dev/null)
+
+if [[ -z "$FILE" ]]; then
+    exit 0
+fi
+
+# Check file extension for binary types
+EXT="${FILE##*.}"
+BINARY_EXTS="png|jpg|jpeg|gif|bmp|ico|webp|svg|mp3|mp4|wav|zip|tar|gz|rar|7z|exe|dll|so|dylib|class|pyc|wasm|pdf|doc|docx|xls|xlsx|ppt|pptx"
+
+if echo "$EXT" | grep -qiE "^($BINARY_EXTS)$"; then
+    echo "WARNING: Writing to binary file type: $FILE" >&2
+    echo "Claude Code cannot reliably create binary files." >&2
+    echo "Use a proper tool (ImageMagick, ffmpeg, etc.) instead." >&2
+fi
+
+exit 0

package/examples/stale-branch-guard.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# ================================================================
+# stale-branch-guard.sh — Warn when working on a stale branch
+# ================================================================
+# PURPOSE:
+#   Claude Code can work on a branch that's far behind main,
+#   creating merge conflicts. This hook warns when the current
+#   branch is 50+ commits behind the default branch.
+#
+# TRIGGER: PostToolUse
+# MATCHER: ""
+#
+# Only checks every 20 tool calls to avoid overhead.
+# ================================================================
+
+COUNTER_FILE="/tmp/cc-stale-branch-check"
+COUNT=$(cat "$COUNTER_FILE" 2>/dev/null || echo 0)
+COUNT=$((COUNT + 1))
+echo "$COUNT" > "$COUNTER_FILE"
+
+# Only check every 20 tool calls
+[ $((COUNT % 20)) -ne 0 ] && exit 0
+
+# Only check in git repos
+[ -d .git ] || exit 0
+
+# Get default branch
+DEFAULT=$(git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's@^refs/remotes/origin/@@')
+[ -z "$DEFAULT" ] && DEFAULT="main"
+
+CURRENT=$(git branch --show-current 2>/dev/null)
+[ -z "$CURRENT" ] || [ "$CURRENT" = "$DEFAULT" ] && exit 0
+
+# Count commits behind
+BEHIND=$(git rev-list --count HEAD..origin/"$DEFAULT" 2>/dev/null || echo 0)
+
+if [ "$BEHIND" -ge 50 ]; then
+    echo "WARNING: Branch '$CURRENT' is $BEHIND commits behind $DEFAULT." >&2
+    echo "Consider rebasing: git rebase origin/$DEFAULT" >&2
+elif [ "$BEHIND" -ge 20 ]; then
+    echo "NOTE: Branch '$CURRENT' is $BEHIND commits behind $DEFAULT." >&2
+fi
+
+exit 0

package/examples/symlink-guard.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+# ================================================================
+# symlink-guard.sh — Detect symlink/junction traversal before rm
+# ================================================================
+# PURPOSE:
+#   rm -rf on a directory containing symlinks can follow them and
+#   delete data outside the target. NTFS junctions on WSL2 are
+#   especially dangerous (#36339: entire C:\Users deleted).
+#
+#   This hook checks if the rm target contains symlinks pointing
+#   outside the current project.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Bash"
+#
+# WHAT IT BLOCKS:
+#   - rm -rf on directories containing symlinks to outside paths
+#   - rm on targets that are themselves symlinks to sensitive dirs
+#
+# GitHub Issues: #36339 (93r), #764 (63r), #24964 (135r)
+# ================================================================
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+
+if [[ -z "$COMMAND" ]]; then
+    exit 0
+fi
+
+# Only check rm commands with recursive flags
+if ! echo "$COMMAND" | grep -qE '^\s*rm\s+.*-[rf]'; then
+    exit 0
+fi
+
+# Extract target path
+TARGET=$(echo "$COMMAND" | grep -oP 'rm\s+(-[rf]+\s+)*\K\S+' | tail -1)
+
+if [[ -z "$TARGET" ]] || [[ ! -e "$TARGET" ]]; then
+    exit 0
+fi
+
+# Check 1: Is the target itself a symlink?
+if [ -L "$TARGET" ]; then
+    REAL=$(readlink -f "$TARGET" 2>/dev/null)
+    echo "WARNING: rm target is a symlink." >&2
+    echo "  Target: $TARGET" >&2
+    echo "  Points to: $REAL" >&2
+    echo "  rm -rf will follow and delete the real path." >&2
+    # Don't block, just warn — user may intend to delete the link
+fi
+
+# Check 2: Does the target directory contain symlinks to outside?
+if [ -d "$TARGET" ]; then
+    PROJECT_DIR=$(pwd)
+    DANGEROUS_LINKS=$(find "$TARGET" -maxdepth 3 -type l 2>/dev/null | while read link; do
+        REAL=$(readlink -f "$link" 2>/dev/null)
+        # Check if symlink points outside the project
+        if [[ -n "$REAL" ]] && [[ "$REAL" != "$PROJECT_DIR"* ]]; then
+            echo "$link -> $REAL"
+        fi
+    done | head -3)
+
+    if [[ -n "$DANGEROUS_LINKS" ]]; then
+        echo "BLOCKED: rm target contains symlinks pointing outside project." >&2
+        echo "" >&2
+        echo "Command: $COMMAND" >&2
+        echo "Dangerous links:" >&2
+        echo "$DANGEROUS_LINKS" | while read line; do
+            echo "  $line" >&2
+        done
+        echo "" >&2
+        echo "rm -rf would follow these links and delete external data." >&2
+        echo "Remove the symlinks first, then delete the directory." >&2
+        exit 2
+    fi
+fi
+
+exit 0

package/index.mjs

@@ -86,6 +86,8 @@ const SHARE = process.argv.includes('--share');
 const BENCHMARK = process.argv.includes('--benchmark');
 const DASHBOARD = process.argv.includes('--dashboard');
 const ISSUES = process.argv.includes('--issues');
+const COMPARE_IDX = process.argv.findIndex(a => a === '--compare');
+const COMPARE = COMPARE_IDX !== -1 ? { a: process.argv[COMPARE_IDX + 1], b: process.argv[COMPARE_IDX + 2] } : null;
 const CREATE_IDX = process.argv.findIndex(a => a === '--create');
 const CREATE_DESC = CREATE_IDX !== -1 ? process.argv.slice(CREATE_IDX + 1).join(' ') : null;
 
@@ -107,6 +109,7 @@ if (HELP) {
     npx cc-safe-setup --audit --json  Machine-readable output for CI/CD
     npx cc-safe-setup --scan       Detect tech stack, recommend hooks
     npx cc-safe-setup --learn      Learn from your block history
+    npx cc-safe-setup --compare <a> <b>  Compare two hooks side-by-side
     npx cc-safe-setup --issues        Show GitHub Issues each hook addresses
     npx cc-safe-setup --dashboard     Real-time status dashboard
     npx cc-safe-setup --benchmark     Measure hook execution time
@@ -807,6 +810,90 @@ async function fullSetup() {
   console.log();
 }
 
+async function compare(hookA, hookB) {
+  const { spawnSync } = await import('child_process');
+  const { statSync } = await import('fs');
+
+  console.log();
+  console.log(c.bold + '  cc-safe-setup --compare' + c.reset);
+  console.log();
+
+  if (!hookA || !hookB) {
+    console.log(c.red + '  Usage: npx cc-safe-setup --compare <hook-a.sh> <hook-b.sh>' + c.reset);
+    process.exit(1);
+  }
+
+  // Resolve paths
+  const resolveHook = (h) => {
+    if (existsSync(h)) return h;
+    const inHooks = join(HOOKS_DIR, h);
+    if (existsSync(inHooks)) return inHooks;
+    const inExamples = join(__dirname, 'examples', h);
+    if (existsSync(inExamples)) return inExamples;
+    return null;
+  };
+
+  const pathA = resolveHook(hookA);
+  const pathB = resolveHook(hookB);
+
+  if (!pathA) { console.log(c.red + '  Hook A not found: ' + hookA + c.reset); process.exit(1); }
+  if (!pathB) { console.log(c.red + '  Hook B not found: ' + hookB + c.reset); process.exit(1); }
+
+  const nameA = hookA.split('/').pop();
+  const nameB = hookB.split('/').pop();
+
+  // Test cases
+  const tests = [
+    { name: 'empty input', input: '{}' },
+    { name: 'safe command', input: '{"tool_input":{"command":"echo hello"}}' },
+    { name: 'rm -rf /', input: '{"tool_input":{"command":"rm -rf /"}}' },
+    { name: 'rm -rf ~', input: '{"tool_input":{"command":"rm -rf ~"}}' },
+    { name: 'git push main', input: '{"tool_input":{"command":"git push origin main"}}' },
+    { name: 'git push --force', input: '{"tool_input":{"command":"git push --force"}}' },
+    { name: 'git add .env', input: '{"tool_input":{"command":"git add .env"}}' },
+    { name: 'git reset --hard', input: '{"tool_input":{"command":"git reset --hard"}}' },
+    { name: 'npm test', input: '{"tool_input":{"command":"npm test"}}' },
+    { name: 'cd && git log', input: '{"tool_input":{"command":"cd /tmp && git log"}}' },
+  ];
+
+  function runHook(path, input) {
+    const start = process.hrtime.bigint();
+    const result = spawnSync('bash', [path], { input, timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'] });
+    const ms = Number(process.hrtime.bigint() - start) / 1_000_000;
+    return { exit: result.status ?? -1, ms, stderr: (result.stderr || Buffer.alloc(0)).toString().slice(0, 80) };
+  }
+
+  // Header
+  console.log('  ' + c.bold + 'Test'.padEnd(20) + nameA.padEnd(25) + nameB + c.reset);
+  console.log('  ' + '-'.repeat(65));
+
+  let sameCount = 0;
+  let diffCount = 0;
+
+  for (const test of tests) {
+    const a = runHook(pathA, test.input);
+    const b = runHook(pathB, test.input);
+    const same = a.exit === b.exit;
+    if (same) sameCount++; else diffCount++;
+
+    const exitA = a.exit === 0 ? c.green + 'allow' + c.reset : a.exit === 2 ? c.red + 'BLOCK' + c.reset : c.yellow + 'err' + a.exit + c.reset;
+    const exitB = b.exit === 0 ? c.green + 'allow' + c.reset : b.exit === 2 ? c.red + 'BLOCK' + c.reset : c.yellow + 'err' + b.exit + c.reset;
+    const marker = same ? ' ' : c.yellow + '≠' + c.reset;
+
+    console.log('  ' + marker + ' ' + test.name.padEnd(18) + (exitA + ' ' + a.ms.toFixed(0) + 'ms').padEnd(30) + exitB + ' ' + b.ms.toFixed(0) + 'ms');
+  }
+
+  // Size comparison
+  const sizeA = statSync(pathA).size;
+  const sizeB = statSync(pathB).size;
+
+  console.log('  ' + '-'.repeat(65));
+  console.log('  Same decisions: ' + sameCount + '/' + tests.length);
+  if (diffCount > 0) console.log('  ' + c.yellow + 'Different: ' + diffCount + c.reset);
+  console.log('  Size: ' + nameA + ' ' + sizeA + 'B vs ' + nameB + ' ' + sizeB + 'B');
+  console.log();
+}
+
 function issues() {
   // Map hooks to the GitHub Issues they address
   const ISSUE_MAP = [
@@ -2327,6 +2414,7 @@ async function main() {
   if (FULL) return fullSetup();
   if (DOCTOR) return doctor();
   if (WATCH) return watch();
+  if (COMPARE) return compare(COMPARE.a, COMPARE.b);
   if (ISSUES) return issues();
   if (DASHBOARD) return dashboard();
   if (BENCHMARK) return benchmark();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "5.1.0",
+  "version": "5.3.0",
   "description": "One command to make Claude Code safe for autonomous operation. 8 built-in + 39 examples. 23 commands including dashboard, issues, create, audit, lint, diff. 260 tests. 2,500+ daily npm downloads.",
   "main": "index.mjs",
   "bin": {