cc-safe-setup 7.3.0 → 7.5.0

package/README.md

@@ -6,7 +6,7 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 51 examples = **59 hooks**. 26 CLI commands. 284 tests. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html) · [Troubleshooting](TROUBLESHOOTING.md)
+8 built-in + 68 examples = **76 hooks**. 28 CLI commands. 394 tests. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html) · [Troubleshooting](TROUBLESHOOTING.md)
 
 ```bash
 npx cc-safe-setup
@@ -87,7 +87,7 @@ Each hook exists because a real incident happened without it.
 | `--scan [--apply]` | Tech stack detection |
 | `--export / --import` | Team config sharing |
 | `--verify` | Test each hook |
-| `--install-example <name>` | Install from 51 examples |
+| `--install-example <name>` | Install from 68 examples |
 | `--examples [filter]` | Browse examples by keyword |
 | `--full` | All-in-one setup |
 | `--status` | Check installed hooks |

package/examples/conflict-marker-guard.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# ================================================================
+# conflict-marker-guard.sh — Block commits with conflict markers
+# ================================================================
+# PURPOSE:
+#   Claude sometimes resolves merge conflicts incorrectly, leaving
+#   <<<<<<< / ======= / >>>>>>> markers in files. This hook checks
+#   staged files for conflict markers before allowing a commit.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+# ================================================================
+
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check on git commit
+echo "$COMMAND" | grep -qE '^\s*git\s+commit' || exit 0
+
+# Check staged files for conflict markers
+CONFLICTS=$(git diff --cached --name-only 2>/dev/null | while read -r f; do
+    [ -f "$f" ] && grep -lE '^(<{7}|={7}|>{7})' "$f" 2>/dev/null
+done)
+
+if [ -n "$CONFLICTS" ]; then
+    COUNT=$(echo "$CONFLICTS" | wc -l)
+    echo "BLOCKED: $COUNT file(s) contain merge conflict markers:" >&2
+    echo "$CONFLICTS" | head -5 | sed 's/^/  /' >&2
+    echo "" >&2
+    echo "Resolve conflicts before committing." >&2
+    exit 2
+fi
+
+exit 0

package/examples/disk-space-guard.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# ================================================================
+# disk-space-guard.sh — Warn when disk space is running low
+# ================================================================
+# PURPOSE:
+#   Long Claude Code sessions can generate large files, logs, and
+#   build artifacts. This hook warns before writes when disk space
+#   is below a threshold.
+#
+# TRIGGER: PreToolUse  MATCHER: "Write|Bash"
+#
+# CONFIG:
+#   CC_DISK_WARN_PCT=90  (warn at this percentage used)
+# ================================================================
+
+WARN_PCT="${CC_DISK_WARN_PCT:-90}"
+
+# Check disk usage (percentage used on the working directory's partition)
+USAGE=$(df --output=pcent . 2>/dev/null | tail -1 | tr -d ' %')
+[ -z "$USAGE" ] && exit 0
+
+if [ "$USAGE" -ge "$WARN_PCT" ]; then
+    AVAIL=$(df -h --output=avail . 2>/dev/null | tail -1 | tr -d ' ')
+    echo "WARNING: Disk usage is ${USAGE}% (${AVAIL} available)." >&2
+    echo "Consider cleaning up build artifacts, logs, or /tmp files." >&2
+fi
+
+exit 0

package/examples/fact-check-gate.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# ================================================================
+# fact-check-gate.sh — Warn when docs reference unread source files
+# ================================================================
+# PURPOSE:
+#   Claude writes documentation that references source code without
+#   actually reading the files first. This leads to hallucinated
+#   function signatures, wrong parameter names, and false claims.
+#
+#   This hook tracks which files were Read in the session, and warns
+#   when a doc edit mentions source files that weren't read.
+#
+# TRIGGER: PostToolUse  MATCHER: "Edit|Write"
+#
+# Born from: https://github.com/anthropics/claude-code/issues/38057
+#   "Claude produces false claims in technical docs"
+# ================================================================
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Only check documentation files
+case "$FILE" in
+    *.md|*.rst|*.txt|*/docs/*|*/doc/*|*README*|*CHANGELOG*|*CONTRIBUTING*)
+        ;;
+    *)
+        exit 0
+        ;;
+esac
+
+# Track reads in a session state file
+STATE="/tmp/cc-fact-check-reads-$(echo "$PWD" | md5sum | cut -c1-8)"
+
+# Get the content being written
+CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+
+# Extract referenced source files from the doc content
+# Looks for: `filename.ext`, filename.ext, import from, require()
+REFS=$(echo "$CONTENT" | grep -oE '`[a-zA-Z0-9_/-]+\.(js|ts|py|go|rs|java|rb|sh|mjs|cjs|jsx|tsx)`' | tr -d '`' | sort -u)
+[ -z "$REFS" ] && exit 0
+
+# Check if referenced files were read in this session
+if [ ! -f "$STATE" ]; then
+    # No reads tracked yet — warn about all references
+    COUNT=$(echo "$REFS" | wc -l)
+    echo "WARNING: Doc references $COUNT source file(s) that may not have been read:" >&2
+    echo "$REFS" | head -5 | sed 's/^/  /' >&2
+    echo "Read the source files before documenting them to avoid hallucination." >&2
+fi
+
+exit 0

package/examples/memory-write-guard.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# ================================================================
+# memory-write-guard.sh — Log writes to ~/.claude/ directory
+# ================================================================
+# PURPOSE:
+#   Claude auto-writes to ~/.claude/projects/*/memory/ without
+#   user visibility. This hook logs all writes to ~/.claude/ paths
+#   so users know what's being stored.
+#
+# TRIGGER: PreToolUse  MATCHER: "Write|Edit"
+#
+# Born from: https://github.com/anthropics/claude-code/issues/38040
+#   "No way to enforce approval on all file modifications"
+# ================================================================
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Check if targeting ~/.claude/
+case "$FILE" in
+    */.claude/*|~/.claude/*)
+        # Log the write
+        LOG="$HOME/.claude/memory-writes.log"
+        echo "[$(date -Iseconds)] Write to: $FILE" >> "$LOG" 2>/dev/null
+
+        # Only warn (don't block) — memory writes are usually intentional
+        echo "NOTE: Writing to Claude config directory: $FILE" >&2
+
+        # Block writes to settings.json unless explicitly allowed
+        case "$FILE" in
+            */settings.json|*/settings.local.json)
+                echo "WARNING: Modifying Claude Code settings file." >&2
+                echo "Verify this change is intentional." >&2
+                ;;
+        esac
+        ;;
+esac
+
+exit 0

package/examples/overwrite-guard.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# ================================================================
+# overwrite-guard.sh — Warn before overwriting existing files
+# ================================================================
+# PURPOSE:
+#   Claude's Write tool can silently overwrite files without
+#   confirmation. This hook warns when a Write targets a file
+#   that already exists, giving visibility into potential data loss.
+#
+# TRIGGER: PreToolUse  MATCHER: "Write"
+#
+# Born from: https://github.com/anthropics/claude-code/issues/37595
+#   "/export overwrites existing files without warning"
+# ================================================================
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Expand ~ to home directory
+FILE="${FILE/#\~/$HOME}"
+
+if [ -f "$FILE" ]; then
+    SIZE=$(wc -c < "$FILE" 2>/dev/null || echo 0)
+    if [ "$SIZE" -gt 0 ]; then
+        LINES=$(wc -l < "$FILE" 2>/dev/null || echo 0)
+        echo "WARNING: Overwriting existing file: $FILE ($LINES lines, $SIZE bytes)" >&2
+        echo "Use Edit tool instead to make targeted changes." >&2
+    fi
+fi
+
+exit 0

package/examples/prompt-injection-guard.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# ================================================================
+# prompt-injection-guard.sh — Detect prompt injection in tool output
+# ================================================================
+# PURPOSE:
+#   When Claude reads files or fetches web content, malicious
+#   instructions can be injected. This hook warns when tool output
+#   contains common prompt injection patterns.
+#
+# TRIGGER: PostToolUse  MATCHER: ""
+#
+# Born from: https://github.com/anthropics/claude-code/issues/38046
+#   "Prompt Injection in /insights output"
+# ================================================================
+
+INPUT=$(cat)
+OUTPUT=$(echo "$INPUT" | jq -r '.tool_result // empty' 2>/dev/null)
+[ -z "$OUTPUT" ] && exit 0
+
+# Check for common prompt injection patterns
+SUSPICIOUS=0
+
+# "Ignore previous instructions" pattern
+if echo "$OUTPUT" | grep -qiE 'ignore\s+(all\s+)?previous\s+instructions'; then
+    echo "WARNING: Possible prompt injection detected: 'ignore previous instructions'" >&2
+    SUSPICIOUS=1
+fi
+
+# "You are now" role reassignment
+if echo "$OUTPUT" | grep -qiE 'you\s+are\s+now\s+(a|an)\s+'; then
+    echo "WARNING: Possible prompt injection detected: role reassignment" >&2
+    SUSPICIOUS=1
+fi
+
+# "System prompt" manipulation
+if echo "$OUTPUT" | grep -qiE '(new|updated|override)\s+system\s+prompt'; then
+    echo "WARNING: Possible prompt injection detected: system prompt override" >&2
+    SUSPICIOUS=1
+fi
+
+# Hidden instructions in HTML comments or zero-width chars
+if echo "$OUTPUT" | grep -qP '<!--.*(?:execute|run|delete|remove).*-->'; then
+    echo "WARNING: Possible prompt injection in HTML comment" >&2
+    SUSPICIOUS=1
+fi
+
+if [ "$SUSPICIOUS" -eq 1 ]; then
+    echo "Review the output carefully before acting on it." >&2
+fi
+
+exit 0

package/examples/test-deletion-guard.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# ================================================================
+# test-deletion-guard.sh — Block deletion of test assertions
+# ================================================================
+# PURPOSE:
+#   Claude sometimes deletes or comments out failing tests instead
+#   of fixing the underlying code. This hook detects when an Edit
+#   to a test file removes test assertions.
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit"
+#
+# Born from: https://github.com/anthropics/claude-code/issues/38050
+#   "Claude skips/deletes tests instead of fixing them"
+# ================================================================
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Only check test files
+case "$FILE" in
+    *test*|*spec*|*__tests__*|*_test.go|*_test.py|*Test.java|*Test.kt)
+        ;;
+    *)
+        exit 0
+        ;;
+esac
+
+OLD=$(echo "$INPUT" | jq -r '.tool_input.old_string // empty' 2>/dev/null)
+NEW=$(echo "$INPUT" | jq -r '.tool_input.new_string // empty' 2>/dev/null)
+[ -z "$OLD" ] && exit 0
+
+# Count test assertions in old vs new
+count_tests() {
+    echo "$1" | grep -cE '(it\(|test\(|describe\(|def test_|#\[test\]|@Test|assert|expect\(|should\b)' 2>/dev/null || echo 0
+}
+
+OLD_COUNT=$(count_tests "$OLD")
+NEW_COUNT=$(count_tests "$NEW")
+
+if [ "$OLD_COUNT" -gt 0 ] && [ "$NEW_COUNT" -lt "$OLD_COUNT" ]; then
+    REMOVED=$((OLD_COUNT - NEW_COUNT))
+    echo "WARNING: This edit removes $REMOVED test assertion(s) from $FILE." >&2
+    echo "If tests are failing, fix the code instead of deleting tests." >&2
+    echo "Old assertions: $OLD_COUNT → New assertions: $NEW_COUNT" >&2
+fi
+
+exit 0

package/examples/token-budget-guard.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+# ================================================================
+# token-budget-guard.sh — Estimate and limit session token cost
+# ================================================================
+# PURPOSE:
+#   Claude Code sessions can consume hundreds of dollars in tokens
+#   without the user realizing it. This hook estimates cumulative
+#   cost and warns/blocks when a budget threshold is exceeded.
+#
+# TRIGGER: PostToolUse  MATCHER: ""
+#
+# CONFIG:
+#   CC_TOKEN_BUDGET=10    (warn at $10 estimated cost)
+#   CC_TOKEN_BLOCK=50     (block at $50 estimated cost)
+#
+# Born from: https://github.com/anthropics/claude-code/issues/38029
+#   "652k output tokens ($342) without user input"
+# ================================================================
+
+WARN_BUDGET="${CC_TOKEN_BUDGET:-10}"
+BLOCK_BUDGET="${CC_TOKEN_BLOCK:-50}"
+STATE="/tmp/cc-token-budget-$(echo "$PWD" | md5sum | cut -c1-8)"
+
+# Estimate tokens from tool output size
+INPUT=$(cat)
+OUTPUT=$(echo "$INPUT" | jq -r '.tool_result // empty' 2>/dev/null)
+OUTPUT_LEN=${#OUTPUT}
+
+# Rough estimation: 1 token ≈ 4 chars, $15/M input + $75/M output for Opus
+# This is approximate — actual costs depend on model and caching
+TOKENS=$((OUTPUT_LEN / 4))
+
+# Accumulate
+TOTAL=0
+[ -f "$STATE" ] && TOTAL=$(cat "$STATE" 2>/dev/null || echo 0)
+TOTAL=$((TOTAL + TOKENS))
+echo "$TOTAL" > "$STATE"
+
+# Estimate cost (output tokens at $75/M for Opus)
+# Using integer math: cost_cents = tokens * 75 / 10000
+COST_CENTS=$((TOTAL * 75 / 10000))
+
+if [ "$COST_CENTS" -ge "$((BLOCK_BUDGET * 100))" ]; then
+    echo "BLOCKED: Estimated session cost ~\$${COST_CENTS%??}.${COST_CENTS: -2} exceeds \$$BLOCK_BUDGET budget." >&2
+    echo "Reset: rm $STATE" >&2
+    exit 2
+fi
+
+if [ "$COST_CENTS" -ge "$((WARN_BUDGET * 100))" ]; then
+    echo "WARNING: Estimated session cost ~\$${COST_CENTS%??}.${COST_CENTS: -2} approaching \$$BLOCK_BUDGET limit." >&2
+    echo "Consider using /compact or starting a new session." >&2
+fi
+
+exit 0

package/examples/uncommitted-work-guard.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# ================================================================
+# uncommitted-work-guard.sh — Block destructive git when dirty
+# ================================================================
+# PURPOSE:
+#   Claude sometimes runs git checkout --, git reset --hard, or
+#   git stash drop when there are uncommitted changes, destroying
+#   hours of work. This hook checks git status before allowing
+#   destructive git commands.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+#
+# Born from: https://github.com/anthropics/claude-code/issues/37888
+#   "Claude runs forbidden destructive git commands, destroys work twice"
+# ================================================================
+
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check destructive git commands
+DESTRUCTIVE=0
+echo "$COMMAND" | grep -qE '\bgit\s+checkout\s+--\s' && DESTRUCTIVE=1
+echo "$COMMAND" | grep -qE '\bgit\s+checkout\s+\.\s*$' && DESTRUCTIVE=1
+echo "$COMMAND" | grep -qE '\bgit\s+restore\s+--staged\s+\.' && DESTRUCTIVE=1
+echo "$COMMAND" | grep -qE '\bgit\s+restore\s+\.\s*$' && DESTRUCTIVE=1
+echo "$COMMAND" | grep -qE '\bgit\s+reset\s+--hard' && DESTRUCTIVE=1
+echo "$COMMAND" | grep -qE '\bgit\s+clean\s+-[a-zA-Z]*f' && DESTRUCTIVE=1
+echo "$COMMAND" | grep -qE '\bgit\s+stash\s+drop' && DESTRUCTIVE=1
+
+[ "$DESTRUCTIVE" -eq 0 ] && exit 0
+
+# Check for uncommitted changes
+DIRTY=$(git status --porcelain 2>/dev/null | head -20)
+if [ -n "$DIRTY" ]; then
+    COUNT=$(echo "$DIRTY" | wc -l)
+    echo "BLOCKED: Destructive git command with $COUNT uncommitted change(s)." >&2
+    echo "Changes that would be lost:" >&2
+    echo "$DIRTY" | head -10 | sed 's/^/  /' >&2
+    [ "$COUNT" -gt 10 ] && echo "  ... and $((COUNT-10)) more" >&2
+    echo "" >&2
+    echo "Commit or stash your changes first, then retry." >&2
+    exit 2
+fi
+
+exit 0

package/examples/verify-before-done.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# ================================================================
+# verify-before-done.sh — Warn when committing without running tests
+# ================================================================
+# PURPOSE:
+#   Claude Code often declares fixes "done" and commits without
+#   verifying the fix actually works. This hook warns when a commit
+#   is made in a project that has tests, but no test command was
+#   run recently in the session.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+#
+# Born from: https://github.com/anthropics/claude-code/issues/37818
+#   "Claude repeatedly declares fixes done without verification"
+# ================================================================
+
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check on git commit
+echo "$COMMAND" | grep -qE '^\s*git\s+commit' || exit 0
+
+# Track test execution via state file
+STATE="/tmp/cc-tests-ran-$(pwd | md5sum | cut -c1-8)"
+
+# Check if tests were run in this session
+if [ ! -f "$STATE" ]; then
+    # Detect if project has tests
+    HAS_TESTS=0
+    [ -f "package.json" ] && grep -q '"test"' package.json 2>/dev/null && HAS_TESTS=1
+    [ -f "pytest.ini" ] || [ -f "setup.cfg" ] || [ -f "pyproject.toml" ] && HAS_TESTS=1
+    [ -f "Cargo.toml" ] && HAS_TESTS=1
+    [ -f "go.mod" ] && HAS_TESTS=1
+    [ -f "Makefile" ] && grep -q 'test:' Makefile 2>/dev/null && HAS_TESTS=1
+
+    if [ "$HAS_TESTS" -eq 1 ]; then
+        echo "WARNING: Committing without running tests first." >&2
+        echo "Run your test suite before committing to verify changes work." >&2
+        echo "To suppress: touch $STATE" >&2
+    fi
+fi
+
+exit 0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "7.3.0",
+  "version": "7.5.0",
   "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
   "main": "index.mjs",
   "bin": {