cc-safe-setup 6.0.0 → 6.2.0

package/README.md

@@ -226,6 +226,15 @@ Or browse all available examples in [`examples/`](examples/):
 - **dependency-audit.sh** — Warn when installing packages not in manifest (npm/pip/cargo supply chain awareness)
 - **env-source-guard.sh** — Block sourcing .env files into shell environment ([#401](https://github.com/anthropics/claude-code/issues/401))
 - **symlink-guard.sh** — Detect symlink/junction traversal in rm targets ([#36339](https://github.com/anthropics/claude-code/issues/36339) [#764](https://github.com/anthropics/claude-code/issues/764))
+- **no-sudo-guard.sh** — Block all sudo commands
+- **no-install-global.sh** — Block npm -g and system-wide pip
+- **no-curl-upload.sh** — Warn on curl POST/upload (data exfiltration)
+- **no-port-bind.sh** — Warn on network port binding
+- **git-tag-guard.sh** — Block pushing all tags at once
+- **npm-publish-guard.sh** — Version check before npm publish
+- **max-file-count-guard.sh** — Warn when 20+ new files created per session
+- **protect-claudemd.sh** — Block edits to CLAUDE.md and settings files
+- **reinject-claudemd.sh** — Re-inject CLAUDE.md rules after compaction ([#6354](https://github.com/anthropics/claude-code/issues/6354))
 - **binary-file-guard.sh** — Warn when Write targets binary file types (images, archives)
 - **stale-branch-guard.sh** — Warn when working branch is far behind default
 - **cost-tracker.sh** — Estimate session token cost and warn at thresholds ($1, $5)

package/examples/protect-claudemd.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# ================================================================
+# protect-claudemd.sh — Block edits to CLAUDE.md and settings files
+# ================================================================
+# PURPOSE:
+#   Claude Code sometimes modifies CLAUDE.md, settings.json, or
+#   other configuration files without permission. This hook blocks
+#   Edit/Write to these critical files.
+#
+# TRIGGER: PreToolUse
+# MATCHER: "Edit|Write"
+# ================================================================
+
+INPUT=$(cat)
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // empty' 2>/dev/null)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+
+if [[ "$TOOL" != "Edit" && "$TOOL" != "Write" ]]; then
+    exit 0
+fi
+
+if [[ -z "$FILE" ]]; then
+    exit 0
+fi
+
+BASENAME=$(basename "$FILE")
+
+# Protected files
+case "$BASENAME" in
+    CLAUDE.md|.claude.json|settings.json|settings.local.json)
+        echo "BLOCKED: Cannot modify configuration file: $BASENAME" >&2
+        echo "File: $FILE" >&2
+        echo "" >&2
+        echo "Configuration files should be edited manually, not by Claude." >&2
+        exit 2
+        ;;
+esac
+
+# Protected directories
+if echo "$FILE" | grep -qE '\.claude/(hooks|settings|plugins)/'; then
+    echo "BLOCKED: Cannot modify .claude system directory: $FILE" >&2
+    exit 2
+fi
+
+exit 0

package/index.mjs

@@ -86,6 +86,7 @@ const SHARE = process.argv.includes('--share');
 const BENCHMARK = process.argv.includes('--benchmark');
 const DASHBOARD = process.argv.includes('--dashboard');
 const ISSUES = process.argv.includes('--issues');
+const MIGRATE = process.argv.includes('--migrate');
 const COMPARE_IDX = process.argv.findIndex(a => a === '--compare');
 const COMPARE = COMPARE_IDX !== -1 ? { a: process.argv[COMPARE_IDX + 1], b: process.argv[COMPARE_IDX + 2] } : null;
 const CREATE_IDX = process.argv.findIndex(a => a === '--create');
@@ -109,6 +110,7 @@ if (HELP) {
     npx cc-safe-setup --audit --json  Machine-readable output for CI/CD
     npx cc-safe-setup --scan       Detect tech stack, recommend hooks
     npx cc-safe-setup --learn      Learn from your block history
+    npx cc-safe-setup --migrate       Detect hooks from other projects, suggest replacements
     npx cc-safe-setup --compare <a> <b>  Compare two hooks side-by-side
     npx cc-safe-setup --issues        Show GitHub Issues each hook addresses
     npx cc-safe-setup --dashboard     Real-time status dashboard
@@ -370,6 +372,15 @@ function examples() {
       'symlink-guard.sh': 'Detect symlink/junction traversal in rm targets',
       'cost-tracker.sh': 'Estimate session token cost ($1 warn, $5 alert)',
       'read-before-edit.sh': 'Warn when editing files not recently read',
+      'no-sudo-guard.sh': 'Block all sudo commands',
+      'no-install-global.sh': 'Block npm -g and system-wide pip',
+      'no-curl-upload.sh': 'Warn on curl POST/upload',
+      'no-port-bind.sh': 'Warn on network port binding',
+      'git-tag-guard.sh': 'Block pushing all tags at once',
+      'npm-publish-guard.sh': 'Version check before npm publish',
+      'max-file-count-guard.sh': 'Warn when 20+ files created per session',
+      'protect-claudemd.sh': 'Block edits to CLAUDE.md and settings files',
+      'reinject-claudemd.sh': 'Re-inject CLAUDE.md rules after compaction',
     },
   };
 
@@ -815,6 +826,75 @@ async function fullSetup() {
   console.log();
 }
 
+async function migrate() {
+  const { readdirSync } = await import('fs');
+
+  console.log();
+  console.log(c.bold + '  cc-safe-setup --migrate' + c.reset);
+  console.log(c.dim + '  Detecting hooks from other projects...' + c.reset);
+  console.log();
+
+  if (!existsSync(HOOKS_DIR)) {
+    console.log(c.dim + '  No hooks installed.' + c.reset);
+    process.exit(0);
+  }
+
+  const files = readdirSync(HOOKS_DIR).filter(f => f.endsWith('.sh') || f.endsWith('.js') || f.endsWith('.py'));
+
+  // Detection patterns for other projects
+  const detections = [
+    { pattern: /safety-net|cc-safety-net|SAFETY_LEVEL/i, project: 'claude-code-safety-net', replacement: 'npx cc-safe-setup (destructive-guard, branch-guard)' },
+    { pattern: /karanb192|block-dangerous-commands\.js/i, project: 'karanb192/claude-code-hooks', replacement: 'npx cc-safe-setup (destructive-guard)' },
+    { pattern: /hooks-mastery|disler|pre_tool_use\.py/i, project: 'disler/claude-code-hooks-mastery', replacement: 'npx cc-safe-setup (multiple hooks)' },
+    { pattern: /cchooks|from cchooks/i, project: 'GowayLee/cchooks', replacement: 'npx cc-safe-setup (bash equivalents)' },
+    { pattern: /lasso.*security|prompt.*injection.*pattern/i, project: 'lasso-security/claude-hooks', replacement: 'No direct equivalent (unique functionality)' },
+  ];
+
+  let found = 0;
+  const suggestions = [];
+
+  for (const file of files) {
+    const content = readFileSync(join(HOOKS_DIR, file), 'utf-8');
+
+    for (const det of detections) {
+      if (det.pattern.test(content) || det.pattern.test(file)) {
+        console.log('  ' + c.yellow + '!' + c.reset + ' ' + file + c.dim + ' ← from ' + det.project + c.reset);
+        console.log('    ' + c.dim + 'Replacement: ' + det.replacement + c.reset);
+        found++;
+        break;
+      }
+    }
+
+    // Detect hand-written hooks that duplicate built-in functionality
+    if (content.includes('rm -rf') && !file.includes('destructive-guard')) {
+      suggestions.push({ file, suggest: 'destructive-guard', reason: 'rm -rf detection already built-in' });
+    }
+    if (content.includes('git push') && content.includes('main') && !file.includes('branch-guard')) {
+      suggestions.push({ file, suggest: 'branch-guard', reason: 'branch protection already built-in' });
+    }
+    if (content.includes('.env') && content.includes('git add') && !file.includes('secret-guard')) {
+      suggestions.push({ file, suggest: 'secret-guard', reason: 'secret leak prevention already built-in' });
+    }
+  }
+
+  if (suggestions.length > 0) {
+    console.log();
+    console.log(c.bold + '  Duplicate functionality detected:' + c.reset);
+    for (const s of suggestions) {
+      console.log('  ' + c.dim + s.file + c.reset + ' → ' + c.green + s.suggest + c.reset);
+      console.log('    ' + c.dim + s.reason + c.reset);
+    }
+  }
+
+  console.log();
+  if (found === 0 && suggestions.length === 0) {
+    console.log(c.green + '  No migration needed. All hooks are cc-safe-setup native.' + c.reset);
+  } else {
+    console.log(c.dim + '  Run npx cc-safe-setup to install built-in replacements.' + c.reset);
+  }
+  console.log();
+}
+
 async function compare(hookA, hookB) {
   const { spawnSync } = await import('child_process');
   const { statSync } = await import('fs');
@@ -928,6 +1008,11 @@ function issues() {
     { hook: 'binary-file-guard', issues: ['Binary file corruption from Write tool'] },
     { hook: 'stale-branch-guard', issues: ['Merge conflicts from stale branches'] },
     { hook: 'reinject-claudemd', issues: ['#6354 CLAUDE.md lost after compaction (27r)'] },
+    { hook: 'no-sudo-guard', issues: ['Privilege escalation prevention'] },
+    { hook: 'no-install-global', issues: ['System package pollution'] },
+    { hook: 'protect-claudemd', issues: ['AI modifying its own config files'] },
+    { hook: 'git-tag-guard', issues: ['Accidental tag push'] },
+    { hook: 'npm-publish-guard', issues: ['Accidental publish without version check'] },
   ];
 
   console.log();
@@ -2423,6 +2508,7 @@ async function main() {
   if (FULL) return fullSetup();
   if (DOCTOR) return doctor();
   if (WATCH) return watch();
+  if (MIGRATE) return migrate();
   if (COMPARE) return compare(COMPARE.a, COMPARE.b);
   if (ISSUES) return issues();
   if (DASHBOARD) return dashboard();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "6.0.0",
+  "version": "6.2.0",
   "description": "One command to make Claude Code safe for autonomous operation. 8 built-in + 39 examples. 23 commands including dashboard, issues, create, audit, lint, diff. 260 tests. 2,500+ daily npm downloads.",
   "main": "index.mjs",
   "bin": {