cc-safe-setup 7.0.0 → 7.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# auto-approve-gradle.sh — Auto-approve Gradle build/test commands
|
|
3
|
+
# TRIGGER: PreToolUse MATCHER: "Bash"
|
|
4
|
+
COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
5
|
+
[ -z "$COMMAND" ] && exit 0
|
|
6
|
+
if echo "$COMMAND" | grep -qE '^\s*(gradle|gradlew|./gradlew)\s+(build|test|check|assemble|clean|compileJava|compileKotlin|lint)(\s|$)'; then
|
|
7
|
+
jq -n '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"allow","permissionDecisionReason":"gradle command auto-approved"}}'
|
|
8
|
+
fi
|
|
9
|
+
exit 0
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# auto-approve-maven.sh — Auto-approve Maven build/test commands
|
|
3
|
+
# TRIGGER: PreToolUse MATCHER: "Bash"
|
|
4
|
+
COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
5
|
+
[ -z "$COMMAND" ] && exit 0
|
|
6
|
+
if echo "$COMMAND" | grep -qE '^\s*(mvn|mvnw|./mvnw)\s+(compile|test|verify|package|clean|install)(\s|$)'; then
|
|
7
|
+
jq -n '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"allow","permissionDecisionReason":"maven command auto-approved"}}'
|
|
8
|
+
fi
|
|
9
|
+
exit 0
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# max-line-length-check.sh — Warn on lines exceeding max length after edit
|
|
3
|
+
# TRIGGER: PostToolUse MATCHER: "Edit|Write"
|
|
4
|
+
FILE=$(cat | jq -r '.tool_input.file_path // empty' 2>/dev/null)
|
|
5
|
+
[ -z "$FILE" ] || [ ! -f "$FILE" ] && exit 0
|
|
6
|
+
MAX="${CC_MAX_LINE_LENGTH:-120}"
|
|
7
|
+
LONG=$(awk -v max="$MAX" 'length > max {count++} END {print count+0}' "$FILE" 2>/dev/null)
|
|
8
|
+
[ "$LONG" -gt 0 ] && echo "NOTE: $FILE has $LONG lines exceeding $MAX characters." >&2
|
|
9
|
+
exit 0
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# no-deploy-friday.sh — Block deploys on Fridays
|
|
3
|
+
# TRIGGER: PreToolUse MATCHER: "Bash"
|
|
4
|
+
# "Don't deploy on Friday" — every ops team ever
|
|
5
|
+
COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
6
|
+
[ -z "$COMMAND" ] && exit 0
|
|
7
|
+
DOW=$(date +%u) # 5 = Friday
|
|
8
|
+
if [ "$DOW" = "5" ]; then
|
|
9
|
+
if echo "$COMMAND" | grep -qiE '(deploy|firebase|vercel|netlify|fly\s+deploy|heroku|aws\s+s3\s+sync|kubectl\s+apply|docker\s+push)'; then
|
|
10
|
+
echo "BLOCKED: No deploys on Friday." >&2
|
|
11
|
+
echo "Come back Monday." >&2
|
|
12
|
+
exit 2
|
|
13
|
+
fi
|
|
14
|
+
fi
|
|
15
|
+
exit 0
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# require-issue-ref.sh — Warn when commit message lacks issue reference
|
|
3
|
+
# TRIGGER: PreToolUse MATCHER: "Bash"
|
|
4
|
+
COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
5
|
+
[ -z "$COMMAND" ] && exit 0
|
|
6
|
+
if echo "$COMMAND" | grep -qE '^\s*git\s+commit'; then
|
|
7
|
+
MSG=$(echo "$COMMAND" | grep -oP "\-m\s+['\"]?\K[^'\"]+")
|
|
8
|
+
if [ -n "$MSG" ]; then
|
|
9
|
+
if ! echo "$MSG" | grep -qE '#[0-9]+|[A-Z]+-[0-9]+'; then
|
|
10
|
+
echo "WARNING: Commit message has no issue reference (#123 or PROJ-123)." >&2
|
|
11
|
+
echo "Consider linking to an issue for traceability." >&2
|
|
12
|
+
fi
|
|
13
|
+
fi
|
|
14
|
+
fi
|
|
15
|
+
exit 0
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# ================================================================
|
|
3
|
+
# work-hours-guard.sh — Restrict risky operations outside work hours
|
|
4
|
+
# ================================================================
|
|
5
|
+
# PURPOSE:
|
|
6
|
+
# During off-hours (nights/weekends), block high-risk operations
|
|
7
|
+
# that a human should review. Safe read-only ops still pass.
|
|
8
|
+
#
|
|
9
|
+
# TRIGGER: PreToolUse
|
|
10
|
+
# MATCHER: "Bash"
|
|
11
|
+
#
|
|
12
|
+
# CONFIGURATION:
|
|
13
|
+
# CC_WORK_START=9 (default: 9am)
|
|
14
|
+
# CC_WORK_END=18 (default: 6pm)
|
|
15
|
+
# CC_WORK_DAYS=12345 (default: Mon-Fri, 1=Mon 7=Sun)
|
|
16
|
+
# ================================================================
|
|
17
|
+
|
|
18
|
+
INPUT=$(cat)
|
|
19
|
+
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
20
|
+
[ -z "$COMMAND" ] && exit 0
|
|
21
|
+
|
|
22
|
+
HOUR=$(date +%H)
|
|
23
|
+
DOW=$(date +%u) # 1=Monday, 7=Sunday
|
|
24
|
+
|
|
25
|
+
START="${CC_WORK_START:-9}"
|
|
26
|
+
END="${CC_WORK_END:-18}"
|
|
27
|
+
DAYS="${CC_WORK_DAYS:-12345}"
|
|
28
|
+
|
|
29
|
+
# Check if within work hours
|
|
30
|
+
IN_HOURS=0
|
|
31
|
+
if echo "$DAYS" | grep -q "$DOW"; then
|
|
32
|
+
if [ "$HOUR" -ge "$START" ] && [ "$HOUR" -lt "$END" ]; then
|
|
33
|
+
IN_HOURS=1
|
|
34
|
+
fi
|
|
35
|
+
fi
|
|
36
|
+
|
|
37
|
+
# During work hours, allow everything
|
|
38
|
+
[ "$IN_HOURS" = "1" ] && exit 0
|
|
39
|
+
|
|
40
|
+
# Outside work hours, block high-risk operations
|
|
41
|
+
if echo "$COMMAND" | grep -qE 'git\s+push|deploy|npm\s+publish|docker\s+push'; then
|
|
42
|
+
echo "BLOCKED: High-risk operation outside work hours ($HOUR:00)." >&2
|
|
43
|
+
echo "Command: $COMMAND" >&2
|
|
44
|
+
echo "Work hours: ${START}:00-${END}:00 (days: $DAYS)" >&2
|
|
45
|
+
exit 2
|
|
46
|
+
fi
|
|
47
|
+
|
|
48
|
+
exit 0
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cc-safe-setup",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.2.0",
|
|
4
4
|
"description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
|
|
5
5
|
"main": "index.mjs",
|
|
6
6
|
"bin": {
|