npm - cc-safe-setup - Versions diffs - 7.4.0 → 7.5.0 - Mend

cc-safe-setup 7.4.0 → 7.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +2 -2
package/examples/conflict-marker-guard.sh +33 -0
package/examples/fact-check-gate.sh +53 -0
package/examples/token-budget-guard.sh +54 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -6,7 +6,7 @@
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
-8 built-in + 51 examples = **59 hooks**. 26 CLI commands. 284 tests. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html) · [Troubleshooting](TROUBLESHOOTING.md)
+8 built-in + 68 examples = **76 hooks**. 28 CLI commands. 394 tests. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html) · [Troubleshooting](TROUBLESHOOTING.md)
 ```bash
 npx cc-safe-setup
@@ -87,7 +87,7 @@ Each hook exists because a real incident happened without it.
 | `--scan [--apply]` | Tech stack detection |
 | `--export / --import` | Team config sharing |
 | `--verify` | Test each hook |
-| `--install-example <name>` | Install from 51 examples |
+| `--install-example <name>` | Install from 68 examples |
 | `--examples [filter]` | Browse examples by keyword |
 | `--full` | All-in-one setup |
 | `--status` | Check installed hooks |

package/examples/conflict-marker-guard.sh ADDED Viewed

@@ -0,0 +1,33 @@
+#!/bin/bash
+# ================================================================
+# conflict-marker-guard.sh — Block commits with conflict markers
+# ================================================================
+# PURPOSE:
+#   Claude sometimes resolves merge conflicts incorrectly, leaving
+#   <<<<<<< / ======= / >>>>>>> markers in files. This hook checks
+#   staged files for conflict markers before allowing a commit.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+# ================================================================
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+# Only check on git commit
+echo "$COMMAND" | grep -qE '^\s*git\s+commit' || exit 0
+# Check staged files for conflict markers
+CONFLICTS=$(git diff --cached --name-only 2>/dev/null | while read -r f; do
+    [ -f "$f" ] && grep -lE '^(<{7}|={7}|>{7})' "$f" 2>/dev/null
+done)
+if [ -n "$CONFLICTS" ]; then
+    COUNT=$(echo "$CONFLICTS" | wc -l)
+    echo "BLOCKED: $COUNT file(s) contain merge conflict markers:" >&2
+    echo "$CONFLICTS" | head -5 | sed 's/^/  /' >&2
+    echo "" >&2
+    echo "Resolve conflicts before committing." >&2
+    exit 2
+fi
+exit 0

package/examples/fact-check-gate.sh ADDED Viewed

@@ -0,0 +1,53 @@
+#!/bin/bash
+# ================================================================
+# fact-check-gate.sh — Warn when docs reference unread source files
+# ================================================================
+# PURPOSE:
+#   Claude writes documentation that references source code without
+#   actually reading the files first. This leads to hallucinated
+#   function signatures, wrong parameter names, and false claims.
+#
+#   This hook tracks which files were Read in the session, and warns
+#   when a doc edit mentions source files that weren't read.
+#
+# TRIGGER: PostToolUse  MATCHER: "Edit|Write"
+#
+# Born from: https://github.com/anthropics/claude-code/issues/38057
+#   "Claude produces false claims in technical docs"
+# ================================================================
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+# Only check documentation files
+case "$FILE" in
+    *.md|*.rst|*.txt|*/docs/*|*/doc/*|*README*|*CHANGELOG*|*CONTRIBUTING*)
+        ;;
+    *)
+        exit 0
+        ;;
+esac
+# Track reads in a session state file
+STATE="/tmp/cc-fact-check-reads-$(echo "$PWD" | md5sum | cut -c1-8)"
+# Get the content being written
+CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // .tool_input.content // empty' 2>/dev/null)
+[ -z "$CONTENT" ] && exit 0
+# Extract referenced source files from the doc content
+# Looks for: `filename.ext`, filename.ext, import from, require()
+REFS=$(echo "$CONTENT" | grep -oE '`[a-zA-Z0-9_/-]+\.(js|ts|py|go|rs|java|rb|sh|mjs|cjs|jsx|tsx)`' | tr -d '`' | sort -u)
+[ -z "$REFS" ] && exit 0
+# Check if referenced files were read in this session
+if [ ! -f "$STATE" ]; then
+    # No reads tracked yet — warn about all references
+    COUNT=$(echo "$REFS" | wc -l)
+    echo "WARNING: Doc references $COUNT source file(s) that may not have been read:" >&2
+    echo "$REFS" | head -5 | sed 's/^/  /' >&2
+    echo "Read the source files before documenting them to avoid hallucination." >&2
+fi
+exit 0

package/examples/token-budget-guard.sh ADDED Viewed

@@ -0,0 +1,54 @@
+#!/bin/bash
+# ================================================================
+# token-budget-guard.sh — Estimate and limit session token cost
+# ================================================================
+# PURPOSE:
+#   Claude Code sessions can consume hundreds of dollars in tokens
+#   without the user realizing it. This hook estimates cumulative
+#   cost and warns/blocks when a budget threshold is exceeded.
+#
+# TRIGGER: PostToolUse  MATCHER: ""
+#
+# CONFIG:
+#   CC_TOKEN_BUDGET=10    (warn at $10 estimated cost)
+#   CC_TOKEN_BLOCK=50     (block at $50 estimated cost)
+#
+# Born from: https://github.com/anthropics/claude-code/issues/38029
+#   "652k output tokens ($342) without user input"
+# ================================================================
+WARN_BUDGET="${CC_TOKEN_BUDGET:-10}"
+BLOCK_BUDGET="${CC_TOKEN_BLOCK:-50}"
+STATE="/tmp/cc-token-budget-$(echo "$PWD" | md5sum | cut -c1-8)"
+# Estimate tokens from tool output size
+INPUT=$(cat)
+OUTPUT=$(echo "$INPUT" | jq -r '.tool_result // empty' 2>/dev/null)
+OUTPUT_LEN=${#OUTPUT}
+# Rough estimation: 1 token ≈ 4 chars, $15/M input + $75/M output for Opus
+# This is approximate — actual costs depend on model and caching
+TOKENS=$((OUTPUT_LEN / 4))
+# Accumulate
+TOTAL=0
+[ -f "$STATE" ] && TOTAL=$(cat "$STATE" 2>/dev/null || echo 0)
+TOTAL=$((TOTAL + TOKENS))
+echo "$TOTAL" > "$STATE"
+# Estimate cost (output tokens at $75/M for Opus)
+# Using integer math: cost_cents = tokens * 75 / 10000
+COST_CENTS=$((TOTAL * 75 / 10000))
+if [ "$COST_CENTS" -ge "$((BLOCK_BUDGET * 100))" ]; then
+    echo "BLOCKED: Estimated session cost ~\$${COST_CENTS%??}.${COST_CENTS: -2} exceeds \$$BLOCK_BUDGET budget." >&2
+    echo "Reset: rm $STATE" >&2
+    exit 2
+fi
+if [ "$COST_CENTS" -ge "$((WARN_BUDGET * 100))" ]; then
+    echo "WARNING: Estimated session cost ~\$${COST_CENTS%??}.${COST_CENTS: -2} approaching \$$BLOCK_BUDGET limit." >&2
+    echo "Consider using /compact or starting a new session." >&2
+fi
+exit 0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "7.4.0",
+  "version": "7.5.0",
   "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
   "main": "index.mjs",
   "bin": {