cc-safe-setup 7.6.0 → 7.8.0

package/README.md

@@ -6,7 +6,7 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 71 examples = **79 hooks**. 28 CLI commands. 405 tests. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Hooks Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html) · [Troubleshooting](TROUBLESHOOTING.md)
+8 built-in + 75 examples = **83 hooks**. 28 CLI commands. 420 tests. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Hooks Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html) · [Troubleshooting](TROUBLESHOOTING.md)
 
 ```bash
 npx cc-safe-setup
@@ -87,7 +87,7 @@ Each hook exists because a real incident happened without it.
 | `--scan [--apply]` | Tech stack detection |
 | `--export / --import` | Team config sharing |
 | `--verify` | Test each hook |
-| `--install-example <name>` | Install from 71 examples |
+| `--install-example <name>` | Install from 75 examples |
 | `--examples [filter]` | Browse examples by keyword |
 | `--full` | All-in-one setup |
 | `--status` | Check installed hooks |

package/examples/error-memory-guard.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# ================================================================
+# error-memory-guard.sh — Detect repeated failed commands
+# ================================================================
+# PURPOSE:
+#   Claude often retries the exact same command that just failed,
+#   sometimes 5-10 times before trying a different approach.
+#   This hook tracks command+error pairs and blocks retries of
+#   commands that have already failed with the same error.
+#
+# TRIGGER: PostToolUse  MATCHER: "Bash"
+#
+# Unlike loop-detector (which catches any repetition), this
+# specifically targets the "same command, same error" pattern.
+# ================================================================
+
+INPUT=$(cat)
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+EXIT_CODE=$(echo "$INPUT" | jq -r '.tool_result_exit_code // 0' 2>/dev/null)
+ERROR=$(echo "$INPUT" | jq -r '.tool_result // empty' 2>/dev/null | tail -5)
+
+# Only track failures
+[ "$EXIT_CODE" = "0" ] && exit 0
+
+STATE="/tmp/cc-error-memory-$(echo "$PWD" | md5sum | cut -c1-8)"
+HASH=$(echo "$COMMAND" | md5sum | cut -c1-16)
+
+# Check if this exact command already failed
+if grep -q "^$HASH:" "$STATE" 2>/dev/null; then
+    PREV_COUNT=$(grep "^$HASH:" "$STATE" | cut -d: -f2)
+    NEW_COUNT=$((PREV_COUNT + 1))
+    sed -i "s/^$HASH:.*/$HASH:$NEW_COUNT/" "$STATE"
+
+    if [ "$NEW_COUNT" -ge 3 ]; then
+        echo "BLOCKED: This command has failed $NEW_COUNT times with the same error." >&2
+        echo "Try a different approach instead of retrying." >&2
+        echo "Command: $(echo "$COMMAND" | head -c 80)" >&2
+        echo "Reset: rm $STATE" >&2
+        exit 2
+    elif [ "$NEW_COUNT" -ge 2 ]; then
+        echo "WARNING: Command failed $NEW_COUNT times. Consider a different approach." >&2
+    fi
+else
+    echo "$HASH:1" >> "$STATE"
+fi
+
+exit 0

package/examples/large-read-guard.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# ================================================================
+# large-read-guard.sh — Warn before reading large files
+# ================================================================
+# PURPOSE:
+#   Claude sometimes cats entire log files, database dumps, or
+#   minified bundles into context, wasting tokens and accelerating
+#   context exhaustion. This hook warns before reading files larger
+#   than a threshold.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+#
+# CONFIG:
+#   CC_MAX_READ_KB=100  (warn above 100KB)
+# ================================================================
+
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+MAX_KB="${CC_MAX_READ_KB:-100}"
+
+# Detect file-reading commands
+FILE=""
+if echo "$COMMAND" | grep -qE '^\s*cat\s+'; then
+    FILE=$(echo "$COMMAND" | grep -oE 'cat\s+([^ |>]+)' | awk '{print $2}')
+elif echo "$COMMAND" | grep -qE '^\s*less\s+|^\s*more\s+'; then
+    FILE=$(echo "$COMMAND" | awk '{print $2}')
+fi
+
+[ -z "$FILE" ] && exit 0
+[ ! -f "$FILE" ] && exit 0
+
+# Check file size
+SIZE_KB=$(du -k "$FILE" 2>/dev/null | cut -f1)
+[ -z "$SIZE_KB" ] && exit 0
+
+if [ "$SIZE_KB" -gt "$MAX_KB" ]; then
+    LINES=$(wc -l < "$FILE" 2>/dev/null || echo "?")
+    echo "WARNING: $FILE is ${SIZE_KB}KB ($LINES lines)." >&2
+    echo "Reading large files wastes context tokens." >&2
+    echo "Consider: head -100 $FILE, grep pattern $FILE, or tail -50 $FILE" >&2
+fi
+
+exit 0

package/examples/parallel-edit-guard.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# ================================================================
+# parallel-edit-guard.sh — Detect concurrent edits to same file
+# ================================================================
+# PURPOSE:
+#   When Claude uses subagents (Agent tool), multiple agents can
+#   try to edit the same file simultaneously, causing conflicts
+#   and lost changes. This hook uses lock files to detect and
+#   warn about concurrent edits.
+#
+# TRIGGER: PreToolUse  MATCHER: "Edit|Write"
+# ================================================================
+
+INPUT=$(cat)
+FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null)
+[ -z "$FILE" ] && exit 0
+
+# Create a lock directory for tracking
+LOCK_DIR="/tmp/cc-edit-locks"
+mkdir -p "$LOCK_DIR"
+
+# Normalize file path for lock name
+LOCK_FILE="$LOCK_DIR/$(echo "$FILE" | md5sum | cut -c1-16).lock"
+
+# Check if another process has a lock
+if [ -f "$LOCK_FILE" ]; then
+    LOCK_AGE=$(($(date +%s) - $(stat -c %Y "$LOCK_FILE" 2>/dev/null || echo 0)))
+    LOCK_PID=$(cat "$LOCK_FILE" 2>/dev/null)
+
+    # Lock is stale if older than 30 seconds
+    if [ "$LOCK_AGE" -lt 30 ] && [ "$LOCK_PID" != "$$" ]; then
+        echo "WARNING: File $FILE may be edited by another agent." >&2
+        echo "Lock age: ${LOCK_AGE}s, PID: $LOCK_PID" >&2
+        echo "Wait for the other edit to complete." >&2
+    fi
+fi
+
+# Set our lock
+echo "$$" > "$LOCK_FILE"
+
+# Clean up lock after 30s in background
+(sleep 30 && rm -f "$LOCK_FILE") &>/dev/null &
+
+exit 0

package/examples/revert-helper.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# ================================================================
+# revert-helper.sh — Show revert command when session ends badly
+# ================================================================
+# PURPOSE:
+#   When a Claude Code session ends (Stop event), check if there
+#   are uncommitted changes and show a one-line revert command.
+#   Makes it easy to undo everything Claude did if it went wrong.
+#
+# TRIGGER: Stop  MATCHER: ""
+# ================================================================
+
+# Check if we're in a git repo
+git rev-parse --git-dir &>/dev/null || exit 0
+
+# Check for uncommitted changes
+DIRTY=$(git status --porcelain 2>/dev/null)
+[ -z "$DIRTY" ] && exit 0
+
+COUNT=$(echo "$DIRTY" | wc -l)
+LAST_COMMIT=$(git log --oneline -1 2>/dev/null | head -c 50)
+
+echo "" >&2
+echo "Session ended with $COUNT uncommitted change(s)." >&2
+echo "Last commit: $LAST_COMMIT" >&2
+echo "" >&2
+echo "To undo all changes:" >&2
+echo "  git checkout -- . && git clean -fd" >&2
+echo "" >&2
+echo "To review changes:" >&2
+echo "  git diff --stat" >&2
+
+exit 0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "7.6.0",
+  "version": "7.8.0",
   "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
   "main": "index.mjs",
   "bin": {