cc-safe-setup 8.5.0 → 8.6.0

package/README.md

@@ -6,7 +6,7 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 92 examples = **100 hooks**. 32 CLI commands. 457 tests. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
+8 built-in + 95 examples = **103 hooks**. 33 CLI commands. 457 tests. 4 languages. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
 
 ```bash
 npx cc-safe-setup

package/examples/context-snapshot.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+# ================================================================
+# context-snapshot.sh — Save session state before context loss
+# ================================================================
+# PURPOSE:
+#   After /compact or when context is low, Claude loses track of
+#   what files were being edited, which branch it's on, and what
+#   the current task was. This hook saves a snapshot of the session
+#   state after every Stop event, so the next message can recover.
+#
+# TRIGGER: Stop  MATCHER: ""
+#
+# Creates: .claude/session-snapshot.md (overwritten each time)
+# ================================================================
+
+SNAPSHOT=".claude/session-snapshot.md"
+mkdir -p .claude 2>/dev/null
+
+{
+  echo "# Session Snapshot (auto-generated)"
+  echo "Updated: $(date -Iseconds)"
+  echo ""
+
+  # Git state
+  BRANCH=$(git branch --show-current 2>/dev/null)
+  if [ -n "$BRANCH" ]; then
+    echo "## Git"
+    echo "- Branch: \`$BRANCH\`"
+    DIRTY=$(git status --porcelain 2>/dev/null | wc -l)
+    echo "- Uncommitted changes: $DIRTY file(s)"
+    if [ "$DIRTY" -gt 0 ]; then
+      echo '```'
+      git status --short 2>/dev/null | head -15
+      echo '```'
+    fi
+    echo "- Last commit: $(git log --oneline -1 2>/dev/null)"
+    echo ""
+  fi
+
+  # Recently modified files
+  echo "## Recent Files"
+  echo '```'
+  find . -name '*.js' -o -name '*.ts' -o -name '*.py' -o -name '*.go' -o -name '*.rs' \
+    -o -name '*.java' -o -name '*.sh' -o -name '*.md' 2>/dev/null \
+    | xargs ls -lt 2>/dev/null | head -10 | awk '{print $NF}'
+  echo '```'
+  echo ""
+
+  # Active TODO/FIXME
+  TODOS=$(grep -rl 'TODO\|FIXME' --include='*.js' --include='*.ts' --include='*.py' . 2>/dev/null | wc -l)
+  if [ "$TODOS" -gt 0 ]; then
+    echo "## Active TODOs: $TODOS file(s)"
+    echo ""
+  fi
+
+} > "$SNAPSHOT" 2>/dev/null
+
+exit 0

package/examples/git-lfs-guard.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+# ================================================================
+# git-lfs-guard.sh — Suggest Git LFS for large binary files
+# ================================================================
+# PURPOSE:
+#   Claude sometimes git-adds large binary files (images, videos,
+#   compiled binaries) that bloat the repository. This hook warns
+#   when staging files larger than a threshold and suggests LFS.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+#
+# CONFIG:
+#   CC_LFS_THRESHOLD_KB=500  (warn above 500KB)
+# ================================================================
+
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+echo "$COMMAND" | grep -qE '^\s*git\s+add' || exit 0
+
+THRESHOLD="${CC_LFS_THRESHOLD_KB:-500}"
+
+# Extract files being added
+FILES=$(echo "$COMMAND" | sed 's/git add//' | tr ' ' '\n' | grep -v '^-' | grep -v '^$')
+
+for f in $FILES; do
+    [ -f "$f" ] || continue
+    SIZE_KB=$(du -k "$f" 2>/dev/null | cut -f1)
+    [ -z "$SIZE_KB" ] && continue
+
+    if [ "$SIZE_KB" -gt "$THRESHOLD" ]; then
+        echo "WARNING: $f is ${SIZE_KB}KB — consider Git LFS." >&2
+        echo "  git lfs track '$f' && git add .gitattributes $f" >&2
+    fi
+done
+
+exit 0

package/examples/lockfile-guard.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# ================================================================
+# lockfile-guard.sh — Warn when lockfiles are modified unexpectedly
+# ================================================================
+# PURPOSE:
+#   Claude sometimes runs npm install or pip install that modifies
+#   lockfiles (package-lock.json, yarn.lock, Cargo.lock, etc.)
+#   without the user intending a dependency change. This hook warns
+#   when a lockfile appears in staged changes.
+#
+# TRIGGER: PreToolUse  MATCHER: "Bash"
+# ================================================================
+
+COMMAND=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
+[ -z "$COMMAND" ] && exit 0
+
+# Only check git commit
+echo "$COMMAND" | grep -qE '^\s*git\s+(commit|add)' || exit 0
+
+# Check for lockfile changes
+LOCKFILES=$(git diff --cached --name-only 2>/dev/null | grep -E '(package-lock\.json|yarn\.lock|pnpm-lock\.yaml|Cargo\.lock|Gemfile\.lock|poetry\.lock|composer\.lock|go\.sum)' 2>/dev/null)
+
+if [ -n "$LOCKFILES" ]; then
+    COUNT=$(echo "$LOCKFILES" | wc -l)
+    echo "WARNING: $COUNT lockfile(s) modified:" >&2
+    echo "$LOCKFILES" | sed 's/^/  /' >&2
+    echo "Verify the dependency change was intentional." >&2
+fi
+
+exit 0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "8.5.0",
+  "version": "8.6.0",
   "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
   "main": "index.mjs",
   "bin": {