cc-safe-setup 5.4.0 → 6.1.0

package/README.md

@@ -226,6 +226,15 @@ Or browse all available examples in [`examples/`](examples/):
 - **dependency-audit.sh** — Warn when installing packages not in manifest (npm/pip/cargo supply chain awareness)
 - **env-source-guard.sh** — Block sourcing .env files into shell environment ([#401](https://github.com/anthropics/claude-code/issues/401))
 - **symlink-guard.sh** — Detect symlink/junction traversal in rm targets ([#36339](https://github.com/anthropics/claude-code/issues/36339) [#764](https://github.com/anthropics/claude-code/issues/764))
+- **no-sudo-guard.sh** — Block all sudo commands
+- **no-install-global.sh** — Block npm -g and system-wide pip
+- **no-curl-upload.sh** — Warn on curl POST/upload (data exfiltration)
+- **no-port-bind.sh** — Warn on network port binding
+- **git-tag-guard.sh** — Block pushing all tags at once
+- **npm-publish-guard.sh** — Version check before npm publish
+- **max-file-count-guard.sh** — Warn when 20+ new files created per session
+- **protect-claudemd.sh** — Block edits to CLAUDE.md and settings files
+- **reinject-claudemd.sh** — Re-inject CLAUDE.md rules after compaction ([#6354](https://github.com/anthropics/claude-code/issues/6354))
 - **binary-file-guard.sh** — Warn when Write targets binary file types (images, archives)
 - **stale-branch-guard.sh** — Warn when working branch is far behind default
 - **cost-tracker.sh** — Estimate session token cost and warn at thresholds ($1, $5)
@@ -253,7 +262,7 @@ Or browse all available examples in [`examples/`](examples/):
 - [Hooks Cookbook](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 25 recipes from real GitHub Issues ([interactive version](https://yurukusa.github.io/claude-code-hooks/))
 - [Japanese guide (Qiita)](https://qiita.com/yurukusa/items/a9714b33f5d974e8f1e8) — この記事の日本語解説
 - [Hook Test Runner](https://github.com/yurukusa/cc-hook-test) — `npx cc-hook-test <hook.sh>` to auto-test any hook
-- [Hook Registry](https://github.com/yurukusa/cc-hook-registry) — `npx cc-hook-registry search database` to find community hooks
+- [Hook Registry](https://github.com/yurukusa/cc-hook-registry) — `npx cc-hook-registry search database` ([browse online](https://yurukusa.github.io/cc-hook-registry/))
 - [Hooks Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html) — printable A4 quick reference
 - [Ecosystem Comparison](https://yurukusa.github.io/cc-safe-setup/ecosystem.html) — all Claude Code hook projects compared
 - [The incident that inspired this tool](https://github.com/anthropics/claude-code/issues/36339) — NTFS junction rm -rf

package/examples/git-tag-guard.sh

@@ -0,0 +1,10 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if echo "$COMMAND" | grep -qE 'git\s+tag\s+(-a\s+|-d\s+)?v'; then
+    echo "WARNING: Creating git tag. Verify version number." >&2
+fi
+if echo "$COMMAND" | grep -qE 'git\s+push.*--tags'; then
+    echo "BLOCKED: Pushing all tags. Push specific tags instead." >&2
+    exit 2
+fi
+exit 0

package/examples/max-file-count-guard.sh

@@ -0,0 +1,8 @@
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+STATE="/tmp/cc-new-files-count"
+echo "$FILE" >> "$STATE"
+COUNT=$(wc -l < "$STATE" 2>/dev/null || echo 0)
+[ "$COUNT" -ge 20 ] && echo "WARNING: $COUNT new files created this session." >&2
+exit 0

package/examples/no-curl-upload.sh

@@ -0,0 +1,6 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if echo "$COMMAND" | grep -qE 'curl\s+.*(-X\s+POST|-d\s+@|--data-binary|--upload-file)'; then
+    echo "WARNING: curl upload/POST detected. Verify no sensitive data." >&2
+fi
+exit 0

package/examples/no-install-global.sh

@@ -0,0 +1,11 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if echo "$COMMAND" | grep -qE 'npm\s+install\s+-g\s|npm\s+i\s+-g\s'; then
+    echo "BLOCKED: Global npm install. Use npx or local install." >&2
+    exit 2
+fi
+if echo "$COMMAND" | grep -qE 'sudo\s+pip\s+install|pip\s+install\s+--system'; then
+    echo "BLOCKED: System-wide pip install. Use virtualenv." >&2
+    exit 2
+fi
+exit 0

package/examples/no-port-bind.sh

@@ -0,0 +1,7 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if echo "$COMMAND" | grep -qE '(--port|--listen|-p\s+\d|0\.0\.0\.0|INADDR_ANY|nc\s+-l)'; then
+    echo "WARNING: Command may bind to a network port." >&2
+    echo "Command: $COMMAND" >&2
+fi
+exit 0

package/examples/no-sudo-guard.sh

@@ -0,0 +1,8 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if echo "$COMMAND" | grep -qE '^\s*sudo\s'; then
+    echo "BLOCKED: sudo command detected." >&2
+    echo "Command: $COMMAND" >&2
+    exit 2
+fi
+exit 0

package/examples/npm-publish-guard.sh

@@ -0,0 +1,9 @@
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+if echo "$COMMAND" | grep -qE '^\s*npm\s+publish'; then
+    if [ -f "package.json" ]; then
+        VER=$(python3 -c "import json; print(json.load(open('package.json')).get('version','?'))" 2>/dev/null)
+        echo "NOTE: Publishing version $VER to npm." >&2
+    fi
+fi
+exit 0

package/examples/protect-claudemd.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# ================================================================
+# protect-claudemd.sh — Block edits to CLAUDE.md and settings files
+# ================================================================
+# PURPOSE:
+#   Claude Code sometimes modifies CLAUDE.md, settings.json, or
+#   other configuration files without permission. This hook blocks
+#   Edit/Write to these critical files.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Edit|Write"
+# ================================================================
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+if [[ "$TOOL" != "Edit" && "$TOOL" != "Write" ]]; then
+    exit 0
+fi
+
+if [[ -z "$FILE" ]]; then
+    exit 0
+fi
+
+BASENAME=$(basename "$FILE")
+
+# Protected files
+case "$BASENAME" in
+    CLAUDE.md|.claude.json|settings.json|settings.local.json)
+        echo "BLOCKED: Cannot modify configuration file: $BASENAME" >&2
+        echo "File: $FILE" >&2
+        echo "" >&2
+        echo "Configuration files should be edited manually, not by Claude." >&2
+        exit 2
+        ;;
+esac
+
+# Protected directories
+if echo "$FILE" | grep -qE '\.claude/(hooks|settings|plugins)/'; then
+    echo "BLOCKED: Cannot modify .claude system directory: $FILE" >&2
+    exit 2
+fi
+
+exit 0

package/index.mjs

@@ -370,6 +370,15 @@ function examples() {
       'symlink-guard.sh': 'Detect symlink/junction traversal in rm targets',
       'cost-tracker.sh': 'Estimate session token cost ($1 warn, $5 alert)',
       'read-before-edit.sh': 'Warn when editing files not recently read',
+      'no-sudo-guard.sh': 'Block all sudo commands',
+      'no-install-global.sh': 'Block npm -g and system-wide pip',
+      'no-curl-upload.sh': 'Warn on curl POST/upload',
+      'no-port-bind.sh': 'Warn on network port binding',
+      'git-tag-guard.sh': 'Block pushing all tags at once',
+      'npm-publish-guard.sh': 'Version check before npm publish',
+      'max-file-count-guard.sh': 'Warn when 20+ files created per session',
+      'protect-claudemd.sh': 'Block edits to CLAUDE.md and settings files',
+      'reinject-claudemd.sh': 'Re-inject CLAUDE.md rules after compaction',
     },
   };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "5.4.0",
+  "version": "6.1.0",
   "description": "One command to make Claude Code safe for autonomous operation. 8 built-in + 39 examples. 23 commands including dashboard, issues, create, audit, lint, diff. 260 tests. 2,500+ daily npm downloads.",
   "main": "index.mjs",
   "bin": {