cc-safe-setup 9.1.0 → 9.3.0

package/README.md

@@ -6,7 +6,7 @@
 
 **One command to make Claude Code safe for autonomous operation.** [日本語](docs/README.ja.md)
 
-8 built-in + 104 examples = **112 hooks**. 34 CLI commands. 457 tests. 4 languages. [Web Tool](https://yurukusa.github.io/cc-safe-setup/) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Migration](https://yurukusa.github.io/cc-safe-setup/migration-guide.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
+8 built-in + 104 examples = **112 hooks**. 34 CLI commands. 457 tests. 4 languages. [**Hub**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/hooks-cheatsheet.html) · [Builder](https://yurukusa.github.io/cc-safe-setup/builder.html) · [FAQ](https://yurukusa.github.io/cc-safe-setup/faq.html) · [Examples](https://yurukusa.github.io/cc-safe-setup/by-example.html) · [Matrix](https://yurukusa.github.io/cc-safe-setup/matrix.html) · [Playground](https://yurukusa.github.io/cc-hook-registry/playground.html)
 
 ```bash
 npx cc-safe-setup

package/docs/hub.html

@@ -0,0 +1,155 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>cc-safe-setup — Claude Code Safety Hub</title>
+<meta name="description" content="112 hooks, 34 commands, 10 tools. Everything you need to make Claude Code safe.">
+<style>
+*{box-sizing:border-box;margin:0;padding:0}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;background:#0d1117;color:#c9d1d9;min-height:100vh}
+.hero{text-align:center;padding:3rem 1.5rem 2rem}
+h1{color:#f0f6fc;font-size:2rem;margin-bottom:.5rem}
+.tagline{color:#8b949e;font-size:1rem;margin-bottom:1.5rem}
+.stats{display:flex;justify-content:center;gap:2rem;flex-wrap:wrap;margin:1rem 0}
+.stat{text-align:center}
+.stat-num{font-size:1.8rem;font-weight:700;color:#f0f6fc}
+.stat-label{font-size:.75rem;color:#8b949e}
+.install{background:#238636;color:#fff;padding:.7rem 1.5rem;border-radius:8px;font-family:monospace;font-size:1rem;border:none;cursor:pointer;margin:1.5rem 0;display:inline-block}
+.install:hover{background:#2ea043}
+.grid{max-width:1000px;margin:0 auto;padding:0 1.5rem 2rem;display:grid;grid-template-columns:repeat(auto-fill,minmax(280px,1fr));gap:.8rem}
+.card{background:#161b22;border:1px solid #30363d;border-radius:8px;padding:1rem;transition:border-color .2s;text-decoration:none;color:inherit;display:block}
+.card:hover{border-color:#58a6ff}
+.card-icon{font-size:1.5rem;margin-bottom:.4rem}
+.card-title{font-weight:700;color:#f0f6fc;font-size:.95rem;margin-bottom:.3rem}
+.card-desc{color:#8b949e;font-size:.8rem;line-height:1.4}
+.card-tag{display:inline-block;background:#21262d;color:#8b949e;font-size:.65rem;padding:.1rem .3rem;border-radius:3px;margin-top:.4rem}
+.section-title{text-align:center;color:#f0f6fc;font-size:1.1rem;margin:2rem 0 1rem;padding-top:1rem;border-top:1px solid #21262d}
+.footer{text-align:center;padding:2rem;color:#484f58;font-size:.75rem}
+a{color:#58a6ff;text-decoration:none}
+.start{max-width:600px;margin:0 auto;padding:0 1.5rem}
+.start-step{display:flex;gap:.8rem;align-items:flex-start;margin:.5rem 0}
+.start-num{background:#238636;color:#fff;width:24px;height:24px;border-radius:50%;display:flex;align-items:center;justify-content:center;font-size:.75rem;font-weight:700;flex-shrink:0}
+.start-text{font-size:.85rem;color:#c9d1d9}
+code{background:#21262d;padding:.15rem .3rem;border-radius:3px;font-size:.8rem}
+</style>
+</head>
+<body>
+
+<div class="hero">
+<h1>cc-safe-setup</h1>
+<div class="tagline">Make Claude Code safe for autonomous operation</div>
+
+<div class="stats">
+<div class="stat"><div class="stat-num">112</div><div class="stat-label">hooks</div></div>
+<div class="stat"><div class="stat-num">34</div><div class="stat-label">commands</div></div>
+<div class="stat"><div class="stat-num">457</div><div class="stat-label">tests</div></div>
+<div class="stat"><div class="stat-num">10</div><div class="stat-label">web tools</div></div>
+</div>
+
+<button class="install" onclick="navigator.clipboard.writeText('npx cc-safe-setup --shield');this.textContent='Copied!';setTimeout(()=>this.textContent='npx cc-safe-setup --shield',1500)">npx cc-safe-setup --shield</button>
+<div style="color:#8b949e;font-size:.8rem">One command. 30 seconds. Zero dependencies.</div>
+</div>
+
+<div class="section-title">Get Started</div>
+<div class="start">
+<div class="start-step"><div class="start-num">1</div><div class="start-text">Run <code>npx cc-safe-setup --shield</code> — installs hooks, detects your stack, generates CLAUDE.md</div></div>
+<div class="start-step"><div class="start-num">2</div><div class="start-text">Run <code>npx cc-safe-setup --verify</code> — confirms all hooks block correctly</div></div>
+<div class="start-step"><div class="start-num">3</div><div class="start-text">For teams: <code>npx cc-safe-setup --team</code> — commit <code>.claude/</code> to share with everyone</div></div>
+</div>
+
+<div class="section-title">Tools & Documentation</div>
+
+<div class="grid">
+<a href="index.html" class="card">
+<div class="card-icon">🔍</div>
+<div class="card-title">Safety Audit</div>
+<div class="card-desc">Score your Claude Code setup out of 100. Find gaps and get fix suggestions.</div>
+<span class="card-tag">interactive</span>
+</a>
+
+<a href="hooks-cheatsheet.html" class="card">
+<div class="card-icon">📋</div>
+<div class="card-title">Cheat Sheet</div>
+<div class="card-desc">30+ copy-paste hook patterns. Block, approve, monitor — with one-click copy.</div>
+<span class="card-tag">reference</span>
+</a>
+
+<a href="builder.html" class="card">
+<div class="card-icon">🔧</div>
+<div class="card-title">Hook Builder</div>
+<div class="card-desc">Describe what you want in English. Get a working hook + settings.json entry.</div>
+<span class="card-tag">generator</span>
+</a>
+
+<a href="by-example.html" class="card">
+<div class="card-icon">⚡</div>
+<div class="card-title">By Example</div>
+<div class="card-desc">10 real GitHub Issues. See the before (disaster) and after (hook saves it).</div>
+<span class="card-tag">learn</span>
+</a>
+
+<a href="matrix.html" class="card">
+<div class="card-icon">📊</div>
+<div class="card-title">Hook Matrix</div>
+<div class="card-desc">All hooks in a sortable, filterable table. Find exactly what you need.</div>
+<span class="card-tag">interactive</span>
+</a>
+
+<a href="faq.html" class="card">
+<div class="card-icon">❓</div>
+<div class="card-title">FAQ</div>
+<div class="card-desc">15 questions answered. How hooks work, performance, debugging, and more.</div>
+<span class="card-tag">reference</span>
+</a>
+
+<a href="settings-reference.html" class="card">
+<div class="card-icon">⚙️</div>
+<div class="card-title">Settings Reference</div>
+<div class="card-desc">Every settings.json field explained. Hooks, permissions, env, models.</div>
+<span class="card-tag">reference</span>
+</a>
+
+<a href="troubleshooting.html" class="card">
+<div class="card-icon">🔧</div>
+<div class="card-title">Troubleshooting</div>
+<div class="card-desc">10 common problems with step-by-step fixes. Hook not firing? Start here.</div>
+<span class="card-tag">debug</span>
+</a>
+
+<a href="migration-guide.html" class="card">
+<div class="card-icon">🔀</div>
+<div class="card-title">Migration Guide</div>
+<div class="card-desc">Moving from Cursor, Windsurf, Aider, or Copilot? Map your safety setup.</div>
+<span class="card-tag">guide</span>
+</a>
+
+<a href="https://yurukusa.github.io/cc-hook-registry/playground.html" class="card">
+<div class="card-icon">🎮</div>
+<div class="card-title">Playground</div>
+<div class="card-desc">Type any command, see which hooks fire. Test before you install.</div>
+<span class="card-tag">interactive</span>
+</a>
+</div>
+
+<div class="section-title">Also Available</div>
+<div class="grid">
+<a href="https://github.com/yurukusa/cc-safe-setup" class="card">
+<div class="card-title">GitHub Repository</div>
+<div class="card-desc">Source code, issues, releases. Star if useful.</div>
+</a>
+<a href="https://www.npmjs.com/package/cc-safe-setup" class="card">
+<div class="card-title">npm Package</div>
+<div class="card-desc">2,500+ daily downloads. Zero dependencies.</div>
+</a>
+<a href="https://yurukusa.github.io/cc-hook-registry/" class="card">
+<div class="card-title">Hook Registry</div>
+<div class="card-desc">70 hooks from 7 projects. Search, browse, install.</div>
+</a>
+</div>
+
+<div class="footer">
+cc-safe-setup — MIT License · <a href="https://github.com/yurukusa/cc-safe-setup">GitHub</a> · <a href="https://www.npmjs.com/package/cc-safe-setup">npm</a>
+</div>
+</body>
+</html>

package/docs/matrix.html

@@ -0,0 +1,139 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Claude Code Hooks Matrix — 112 Hooks at a Glance</title>
+<meta name="description" content="Interactive matrix of all 112 Claude Code hooks. Filter by trigger, category, and action type.">
+<style>
+*{box-sizing:border-box;margin:0;padding:0}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;background:#0d1117;color:#c9d1d9;padding:1rem;font-size:.82rem}
+.c{max-width:1100px;margin:0 auto}
+h1{color:#f0f6fc;font-size:1.3rem;margin-bottom:.2rem}
+.sub{color:#8b949e;font-size:.8rem;margin-bottom:.8rem}
+a{color:#58a6ff;text-decoration:none}
+input{width:100%;padding:.5rem;background:#161b22;border:1px solid #30363d;border-radius:6px;color:#c9d1d9;font-size:.85rem;margin-bottom:.5rem}
+input::placeholder{color:#484f58}
+.filters{display:flex;gap:.3rem;flex-wrap:wrap;margin-bottom:.5rem}
+.f{padding:.2rem .5rem;border-radius:3px;border:1px solid #30363d;background:transparent;color:#8b949e;cursor:pointer;font-size:.7rem}
+.f.on{background:#238636;border-color:#238636;color:#fff}
+table{width:100%;border-collapse:collapse}
+th,td{padding:.3rem .4rem;border:1px solid #21262d;text-align:left;font-size:.75rem}
+th{background:#161b22;color:#f0f6fc;position:sticky;top:0;cursor:pointer}
+th:hover{background:#21262d}
+tr:hover td{background:#161b2288}
+.act-block{color:#f85149;font-weight:bold}
+.act-warn{color:#d29922}
+.act-approve{color:#3fb950}
+.act-monitor{color:#58a6ff}
+.count{color:#8b949e;font-size:.78rem;margin:.3rem 0}
+.footer{text-align:center;color:#484f58;font-size:.65rem;margin-top:1rem}
+td code{background:#21262d;padding:.1rem .2rem;border-radius:2px;font-size:.7rem;cursor:pointer}
+td code:hover{color:#58a6ff}
+</style>
+</head>
+<body>
+<div class="c">
+<h1>Hook Matrix</h1>
+<p class="sub">112 hooks. Click column headers to sort. Search to filter.</p>
+
+<input id="q" placeholder="Filter hooks..." oninput="render()">
+<div class="filters" id="filters"></div>
+<div class="count" id="count"></div>
+<div style="overflow-x:auto"><table id="tbl"><thead><tr>
+<th onclick="sortBy('name')">Hook</th>
+<th onclick="sortBy('cat')">Category</th>
+<th onclick="sortBy('trigger')">Trigger</th>
+<th onclick="sortBy('action')">Action</th>
+<th>Description</th>
+<th>Install</th>
+</tr></thead><tbody id="tbody"></tbody></table></div>
+
+<div class="footer">
+<a href="hooks-cheatsheet.html">Cheat Sheet</a> ·
+<a href="builder.html">Builder</a> ·
+<a href="troubleshooting.html">Troubleshoot</a> ·
+<a href="https://github.com/yurukusa/cc-safe-setup">GitHub</a>
+</div>
+</div>
+
+<script>
+const H=[
+{n:'destructive-guard',c:'safety',t:'Pre',a:'block',d:'rm -rf, git reset --hard, git clean',i:'npx cc-safe-setup'},
+{n:'branch-guard',c:'safety',t:'Pre',a:'block',d:'Push to main/master, force-push',i:'npx cc-safe-setup'},
+{n:'secret-guard',c:'safety',t:'Pre',a:'block',d:'git add .env, credential files',i:'npx cc-safe-setup'},
+{n:'syntax-check',c:'quality',t:'Post',a:'warn',d:'Python/Shell/JSON/JS syntax after edits',i:'npx cc-safe-setup'},
+{n:'context-monitor',c:'monitor',t:'Post',a:'warn',d:'Context warnings at 40/25/20/15%',i:'npx cc-safe-setup'},
+{n:'comment-strip',c:'utility',t:'Pre',a:'warn',d:'Fix bash comments breaking permissions',i:'npx cc-safe-setup'},
+{n:'cd-git-allow',c:'approve',t:'Pre',a:'approve',d:'Auto-approve cd && git compounds',i:'npx cc-safe-setup'},
+{n:'api-error-alert',c:'monitor',t:'Stop',a:'monitor',d:'Notify on session API errors',i:'npx cc-safe-setup'},
+{n:'scope-guard',c:'safety',t:'Pre',a:'block',d:'Block operations outside project',i:'--install-example scope-guard'},
+{n:'no-sudo-guard',c:'safety',t:'Pre',a:'block',d:'Block all sudo commands',i:'--install-example no-sudo-guard'},
+{n:'protect-claudemd',c:'safety',t:'Pre',a:'block',d:'Block edits to CLAUDE.md/settings',i:'--install-example protect-claudemd'},
+{n:'protect-dotfiles',c:'safety',t:'Pre',a:'block',d:'Block .bashrc, .aws/, .ssh/ changes',i:'--install-example protect-dotfiles'},
+{n:'block-database-wipe',c:'safety',t:'Pre',a:'block',d:'DROP DATABASE, migrate:fresh, prisma reset',i:'--install-example block-database-wipe'},
+{n:'deploy-guard',c:'deploy',t:'Pre',a:'warn',d:'Warn deploy with uncommitted changes',i:'--install-example deploy-guard'},
+{n:'no-deploy-friday',c:'deploy',t:'Pre',a:'block',d:'Block deploys on Fridays',i:'--install-example no-deploy-friday'},
+{n:'work-hours-guard',c:'deploy',t:'Pre',a:'warn',d:'Restrict risky ops outside hours',i:'--install-example work-hours-guard'},
+{n:'uncommitted-work-guard',c:'safety',t:'Pre',a:'block',d:'Block destructive git when dirty',i:'--install-example uncommitted-work-guard'},
+{n:'test-deletion-guard',c:'quality',t:'Pre',a:'warn',d:'Warn when removing test assertions',i:'--install-example test-deletion-guard'},
+{n:'overwrite-guard',c:'safety',t:'Pre',a:'warn',d:'Warn before overwriting files',i:'--install-example overwrite-guard'},
+{n:'memory-write-guard',c:'safety',t:'Pre',a:'warn',d:'Log writes to ~/.claude/',i:'--install-example memory-write-guard'},
+{n:'fact-check-gate',c:'quality',t:'Post',a:'warn',d:'Docs reference unread source files',i:'--install-example fact-check-gate'},
+{n:'token-budget-guard',c:'monitor',t:'Post',a:'block',d:'Block when cost exceeds budget',i:'--install-example token-budget-guard'},
+{n:'conflict-marker-guard',c:'quality',t:'Pre',a:'block',d:'Block commits with conflict markers',i:'--install-example conflict-marker-guard'},
+{n:'error-memory-guard',c:'safety',t:'Post',a:'block',d:'Block retries of failed commands',i:'--install-example error-memory-guard'},
+{n:'strict-allowlist',c:'safety',t:'Pre',a:'block',d:'Only allow permitted commands',i:'--install-example strict-allowlist'},
+{n:'hardcoded-secret-detector',c:'security',t:'Post',a:'warn',d:'Detect AWS keys, passwords, JWT',i:'--install-example hardcoded-secret-detector'},
+{n:'auto-approve-build',c:'approve',t:'Pre',a:'approve',d:'npm test, cargo build, go test',i:'--install-example auto-approve-build'},
+{n:'auto-approve-python',c:'approve',t:'Pre',a:'approve',d:'pytest, mypy, ruff, black',i:'--install-example auto-approve-python'},
+{n:'auto-approve-docker',c:'approve',t:'Pre',a:'approve',d:'docker build, compose, ps',i:'--install-example auto-approve-docker'},
+{n:'auto-approve-go',c:'approve',t:'Pre',a:'approve',d:'go build/test/vet/fmt',i:'--install-example auto-approve-go'},
+{n:'auto-approve-cargo',c:'approve',t:'Pre',a:'approve',d:'cargo build/test/clippy',i:'--install-example auto-approve-cargo'},
+{n:'auto-approve-make',c:'approve',t:'Pre',a:'approve',d:'make build/test/lint',i:'--install-example auto-approve-make'},
+{n:'auto-approve-gradle',c:'approve',t:'Pre',a:'approve',d:'gradle build/test',i:'--install-example auto-approve-gradle'},
+{n:'auto-approve-maven',c:'approve',t:'Pre',a:'approve',d:'mvn compile/test/verify',i:'--install-example auto-approve-maven'},
+{n:'loop-detector',c:'safety',t:'Pre',a:'block',d:'Break command repetition loops',i:'--install-example loop-detector'},
+{n:'cost-tracker',c:'monitor',t:'Post',a:'monitor',d:'Estimate session token cost',i:'--install-example cost-tracker'},
+{n:'session-handoff',c:'utility',t:'Stop',a:'monitor',d:'Save state for next session',i:'--install-example session-handoff'},
+{n:'revert-helper',c:'utility',t:'Stop',a:'monitor',d:'Show undo on session end',i:'--install-example revert-helper'},
+{n:'compact-reminder',c:'utility',t:'Stop',a:'warn',d:'Suggest /compact after N calls',i:'--install-example compact-reminder'},
+{n:'env-drift-guard',c:'quality',t:'Post',a:'warn',d:'.env vs .env.example mismatch',i:'--install-example env-drift-guard'},
+{n:'package-script-guard',c:'quality',t:'Pre',a:'warn',d:'Warn on package.json script changes',i:'--install-example package-script-guard'},
+{n:'git-blame-context',c:'quality',t:'Pre',a:'monitor',d:'Show file ownership before edits',i:'--install-example git-blame-context'},
+{n:'import-cycle-warn',c:'quality',t:'Post',a:'warn',d:'Detect circular imports',i:'--install-example import-cycle-warn'},
+{n:'lockfile-guard',c:'quality',t:'Pre',a:'warn',d:'Warn when lockfiles modified',i:'--install-example lockfile-guard'},
+{n:'context-snapshot',c:'utility',t:'Stop',a:'monitor',d:'Save branch/files/TODOs state',i:'--install-example context-snapshot'},
+{n:'prompt-injection-guard',c:'security',t:'Post',a:'warn',d:'Detect injection in output',i:'--install-example prompt-injection-guard'},
+{n:'no-eval',c:'security',t:'Post',a:'warn',d:'Warn on eval() usage',i:'--install-example no-eval'},
+{n:'no-console-log',c:'quality',t:'Post',a:'warn',d:'Warn on console.log in prod',i:'--install-example no-console-log'},
+{n:'no-wildcard-import',c:'quality',t:'Post',a:'warn',d:'Warn on import * patterns',i:'--install-example no-wildcard-import'},
+];
+
+const cats=[...new Set(H.map(h=>h.c))].sort();
+const actClass={block:'act-block',warn:'act-warn',approve:'act-approve',monitor:'act-monitor'};
+let filter='all',sortKey='name',sortDir=1;
+
+document.getElementById('filters').innerHTML=['all',...cats].map(c=>`<button class="f${c==='all'?' on':''}" onclick="setF('${c}')">${c}</button>`).join('');
+
+function setF(f){filter=f;document.querySelectorAll('.f').forEach(b=>b.classList.toggle('on',b.textContent===f));render();}
+function sortBy(k){if(sortKey===k)sortDir*=-1;else{sortKey=k;sortDir=1;}render();}
+
+function render(){
+  const q=document.getElementById('q').value.toLowerCase();
+  let list=H.filter(h=>(filter==='all'||h.c===filter)&&(!q||h.n.includes(q)||h.d.toLowerCase().includes(q)||h.c.includes(q)));
+  list.sort((a,b)=>{const av=a[sortKey]||'',bv=b[sortKey]||'';return av<bv?-sortDir:av>bv?sortDir:0;});
+  document.getElementById('count').textContent=list.length+'/'+H.length+' hooks';
+  document.getElementById('tbody').innerHTML=list.map(h=>`<tr>
+    <td><strong>${h.n}</strong></td>
+    <td>${h.c}</td>
+    <td>${h.t}</td>
+    <td class="${actClass[h.a]||''}">${h.a}</td>
+    <td>${h.d}</td>
+    <td><code onclick="navigator.clipboard.writeText('npx cc-safe-setup ${h.i}');this.textContent='✓'">${h.i.substring(0,25)}</code></td>
+  </tr>`).join('');
+}
+render();
+</script>
+</body>
+</html>

package/docs/troubleshooting.html

@@ -0,0 +1,189 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Claude Code Troubleshooting — Fix Any Problem in 2 Minutes</title>
+<meta name="description" content="Hook not firing? Claude ignoring rules? Permission prompt spam? Fix every common Claude Code problem.">
+<style>
+*{box-sizing:border-box;margin:0;padding:0}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;background:#0d1117;color:#c9d1d9;padding:1.5rem;line-height:1.6}
+.c{max-width:800px;margin:0 auto}
+h1{color:#f0f6fc;font-size:1.4rem;margin-bottom:.3rem}
+h2{color:#f0f6fc;font-size:1rem;margin:1.2rem 0 .4rem}
+.sub{color:#8b949e;font-size:.83rem;margin-bottom:1rem}
+a{color:#58a6ff;text-decoration:none}
+code{background:#161b22;padding:.12rem .25rem;border-radius:3px;font-size:.82rem}
+pre{background:#161b22;border:1px solid #30363d;border-radius:6px;padding:.5rem;font-size:.78rem;color:#e6edf3;overflow-x:auto;margin:.3rem 0}
+.problem{background:#161b22;border:1px solid #30363d;border-radius:8px;margin:.6rem 0;overflow:hidden}
+.problem-header{padding:.6rem .8rem;cursor:pointer;font-weight:600;color:#f0f6fc;font-size:.88rem;display:flex;align-items:center;gap:.5rem}
+.problem-header:hover{background:#21262d}
+.problem-icon{font-size:1rem}
+.problem-body{padding:0 .8rem .6rem;font-size:.82rem;display:none}
+.problem.open .problem-body{display:block}
+.step{background:#0d1117;border-radius:4px;padding:.4rem .6rem;margin:.3rem 0;border-left:3px solid #30363d}
+.step-yes{border-left-color:#238636}
+.step-no{border-left-color:#da3633}
+.step-fix{border-left-color:#58a6ff}
+.footer{text-align:center;color:#484f58;font-size:.7rem;margin-top:2rem;padding-top:1rem;border-top:1px solid #21262d}
+.quick{background:#161b22;border:1px solid #30363d;border-radius:6px;padding:.6rem;margin:.5rem 0;font-size:.82rem}
+</style>
+</head>
+<body>
+<div class="c">
+
+<h1>Troubleshooting</h1>
+<p class="sub">Click your problem. Follow the steps. Fixed in 2 minutes.</p>
+
+<div class="quick">
+<strong>Quick fix for most problems:</strong> <code>npx cc-safe-setup --quickfix</code>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">🔇</span> My hook doesn't fire</div>
+<div class="problem-body">
+<div class="step">1. Is the hook file executable? <code>ls -la ~/.claude/hooks/your-hook.sh</code></div>
+<div class="step-fix">Fix: <code>chmod +x ~/.claude/hooks/your-hook.sh</code></div>
+
+<div class="step">2. Does it have a shebang? First line must be <code>#!/bin/bash</code></div>
+<div class="step-fix">Fix: Add <code>#!/bin/bash</code> as the very first line</div>
+
+<div class="step">3. Is it registered in settings.json?</div>
+<pre>cat ~/.claude/settings.json | python3 -m json.tool | grep your-hook</pre>
+<div class="step-fix">Fix: <code>npx cc-safe-setup --shield</code> (auto-registers all hooks)</div>
+
+<div class="step">4. Is the matcher correct? <code>"Bash"</code> won't fire for Edit/Write</div>
+<div class="step-fix">Use <code>""</code> (empty) to match all tools, or <code>"Edit|Write"</code> for file ops</div>
+
+<div class="step">5. Is jq installed? <code>which jq</code></div>
+<div class="step-fix">Install: <code>brew install jq</code> (macOS) or <code>sudo apt install jq</code> (Linux)</div>
+
+<div class="step">6. Test it manually:</div>
+<pre>echo '{"tool_input":{"command":"rm -rf /"}}' | bash ~/.claude/hooks/your-hook.sh; echo "Exit: $?"</pre>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">🚫</span> My hook blocks everything</div>
+<div class="problem-body">
+<div class="step">Your regex pattern is too broad. Test with a safe command:</div>
+<pre>echo '{"tool_input":{"command":"ls -la"}}' | bash ~/.claude/hooks/your-hook.sh; echo "Exit: $?"</pre>
+<div class="step">If it exits 2 for <code>ls</code>, your grep pattern matches too much.</div>
+<div class="step-fix">Check the <code>grep -qE</code> pattern in your hook. Add <code>\b</code> word boundaries.</div>
+<div class="step-fix">Example: <code>grep -qE '\brm\s+.*-rf\s+/'</code> instead of <code>grep -q 'rm'</code></div>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">📋</span> Claude ignores CLAUDE.md rules</div>
+<div class="problem-body">
+<div class="step">This is normal — CLAUDE.md rules degrade as context fills up.</div>
+<div class="step-fix"><strong>Solution: Convert critical rules to hooks.</strong></div>
+<pre># Example: "Don't push to main" as a hook instead of a rule
+npx cc-safe-setup  # Installs branch-guard</pre>
+<div class="step">For any rule that must be enforced 100%, create a hook:</div>
+<pre>npx cc-safe-setup --create "your rule in plain English"</pre>
+<div class="step-fix">CLAUDE.md is for guidelines. Hooks are for hard constraints. Use both.</div>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">🔔</span> Too many permission prompts</div>
+<div class="problem-body">
+<div class="step">Install auto-approve hooks for safe commands:</div>
+<pre>npx cc-safe-setup --install-example auto-approve-build    # npm test, cargo build
+npx cc-safe-setup --install-example auto-approve-python   # pytest, mypy
+npx cc-safe-setup --install-example auto-approve-git-read # git status, git log
+npx cc-safe-setup --install-example compound-command-approver # cd && git log</pre>
+<div class="step">Or add permissions in settings.json:</div>
+<pre>"permissions": {"allow": ["Bash(npm test)", "Bash(git status)", "Read(*)"]}</pre>
+<div class="step-fix">The <code>--profile standard</code> includes auto-approve hooks for common commands.</div>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">💾</span> settings.json won't parse</div>
+<div class="problem-body">
+<div class="step">Validate:</div>
+<pre>python3 -c "import json; json.load(open('$HOME/.claude/settings.json'))"</pre>
+<div class="step-fix">Common causes: trailing commas, comments (JSON doesn't allow them), unescaped quotes</div>
+<div class="step">Auto-fix:</div>
+<pre>npx cc-safe-setup --quickfix</pre>
+<div class="step-fix">If totally broken: <code>echo '{}' > ~/.claude/settings.json</code> then re-run setup</div>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">🔄</span> Claude keeps retrying the same failed command</div>
+<div class="problem-body">
+<div class="step">Install the error memory guard:</div>
+<pre>npx cc-safe-setup --install-example error-memory-guard</pre>
+<div class="step-fix">After 3 failures of the same command, it blocks and says "try a different approach".</div>
+<div class="step">Also useful: loop detector</div>
+<pre>npx cc-safe-setup --install-example loop-detector</pre>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">💸</span> Session costs too much</div>
+<div class="problem-body">
+<div class="step">Install token budget guard:</div>
+<pre>npx cc-safe-setup --install-example token-budget-guard</pre>
+<div class="step-fix">Warns at $10, blocks at $50 (configurable via <code>CC_TOKEN_BUDGET</code> and <code>CC_TOKEN_BLOCK</code>)</div>
+<div class="step">Monitor with:</div>
+<pre>npx cc-safe-setup --analyze</pre>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">🧠</span> Context fills up too fast</div>
+<div class="problem-body">
+<div class="step">Three hooks help:</div>
+<pre>npx cc-safe-setup --install-example output-length-guard   # Warn on large outputs
+npx cc-safe-setup --install-example large-read-guard      # Warn before cat on large files
+npx cc-safe-setup --install-example compact-reminder      # Suggest /compact after N calls</pre>
+<div class="step-fix">The context-monitor hook (installed by default) warns at 40%, 25%, 20%, 15%.</div>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">👥</span> Team members have different hook setups</div>
+<div class="problem-body">
+<div class="step">Use project-level hooks:</div>
+<pre>npx cc-safe-setup --team
+git add .claude/
+git commit -m "chore: add team safety hooks"</pre>
+<div class="step-fix">Hooks are copied to <code>.claude/hooks/</code> with relative paths. Works on any machine.</div>
+<div class="step">Generate CI to enforce:</div>
+<pre>npx cc-safe-setup --generate-ci</pre>
+</div>
+</div>
+
+<div class="problem" onclick="this.classList.toggle('open')">
+<div class="problem-header"><span class="problem-icon">🔀</span> Hooks from different tools conflict</div>
+<div class="problem-body">
+<div class="step">Analyze what you have:</div>
+<pre>npx cc-safe-setup --migrate-from manual  # See all existing hooks
+npx cc-safe-setup --health               # Check hook health</pre>
+<div class="step-fix">Hooks in the same group run sequentially. If one consumes stdin, the next gets nothing.</div>
+<div class="step">Fix: Put each hook in a separate matcher group in settings.json.</div>
+</div>
+</div>
+
+<div class="quick" style="margin-top:1rem">
+<strong>Still stuck?</strong>
+<code>npx cc-safe-setup --doctor</code> — full diagnosis<br>
+<code>npx cc-safe-setup --quickfix</code> — auto-fix common issues<br>
+<a href="faq.html">FAQ</a> — 15 questions answered
+</div>
+
+<div class="footer">
+  <a href="hooks-cheatsheet.html">Cheat Sheet</a> ·
+  <a href="builder.html">Builder</a> ·
+  <a href="faq.html">FAQ</a> ·
+  <a href="settings-reference.html">Settings Ref</a> ·
+  <a href="https://github.com/yurukusa/cc-safe-setup">GitHub</a>
+</div>
+</div>
+</body>
+</html>

package/examples/rust/destructive_guard.rs

@@ -0,0 +1,72 @@
+// destructive_guard.rs — Claude Code PreToolUse hook in Rust
+//
+// Blocks rm -rf /, git reset --hard, git clean -fd, and similar
+// destructive commands. Exit code 2 = block, 0 = allow.
+//
+// Build: rustc destructive_guard.rs -o destructive-guard
+// Usage: {"type": "command", "command": "/path/to/destructive-guard"}
+
+use std::io::{self, Read};
+use std::process;
+
+fn main() {
+    let mut input = String::new();
+    if io::stdin().read_to_string(&mut input).is_err() {
+        process::exit(0);
+    }
+
+    // Simple JSON parsing without serde (zero dependencies)
+    let cmd = extract_command(&input);
+    if cmd.is_empty() {
+        process::exit(0);
+    }
+
+    // Skip echo/printf context
+    let trimmed = cmd.trim_start().to_lowercase();
+    if trimmed.starts_with("echo ") || trimmed.starts_with("printf ") {
+        process::exit(0);
+    }
+
+    let patterns: &[&str] = &[
+        "rm -rf /",
+        "rm -rf ~/",
+        "rm -rf ../",
+        "rm -rf .",
+        "git reset --hard",
+        "git clean -f",
+        "git checkout --force",
+        "chmod 777 /",
+        "find / -delete",
+        "--no-preserve-root",
+        "sudo mkfs",
+    ];
+
+    for pattern in patterns {
+        if cmd.to_lowercase().contains(&pattern.to_lowercase()) {
+            eprintln!("BLOCKED: Dangerous command detected");
+            eprintln!("Command: {}", cmd);
+            process::exit(2);
+        }
+    }
+
+    process::exit(0);
+}
+
+fn extract_command(json: &str) -> String {
+    // Extract .tool_input.command from JSON without a parser
+    if let Some(pos) = json.find("\"command\"") {
+        let rest = &json[pos + 9..];
+        if let Some(start) = rest.find('"') {
+            let value_start = start + 1;
+            let mut end = value_start;
+            let bytes = rest.as_bytes();
+            while end < bytes.len() {
+                if bytes[end] == b'"' && (end == 0 || bytes[end - 1] != b'\\') {
+                    return rest[value_start..end].replace("\\\"", "\"").replace("\\\\", "\\");
+                }
+                end += 1;
+            }
+        }
+    }
+    String::new()
+}

package/index.mjs

@@ -96,6 +96,7 @@ const TEAM = process.argv.includes('--team');
 const MIGRATE_FROM_IDX = process.argv.findIndex(a => a === '--migrate-from');
 const MIGRATE_FROM = MIGRATE_FROM_IDX !== -1 ? process.argv[MIGRATE_FROM_IDX + 1] : null;
 const HEALTH = process.argv.includes('--health');
+const FROM_CLAUDEMD = process.argv.includes('--from-claudemd');
 const PROFILE_IDX = process.argv.findIndex(a => a === '--profile');
 const PROFILE = PROFILE_IDX !== -1 ? process.argv[PROFILE_IDX + 1] : null;
 const COMPARE_IDX = process.argv.findIndex(a => a === '--compare');
@@ -133,6 +134,7 @@ if (HELP) {
     npx cc-safe-setup --doctor     Diagnose why hooks aren't working
     npx cc-safe-setup --watch      Live dashboard of blocked commands
     npx cc-safe-setup --create "<desc>"  Generate a custom hook from description
+    npx cc-safe-setup --from-claudemd  Convert CLAUDE.md rules into hooks
     npx cc-safe-setup --health        Hook health dashboard (size, permissions, age)
     npx cc-safe-setup --migrate-from <tool>  Migrate from safety-net/hooks-mastery/etc.
     npx cc-safe-setup --team         Set up project-level hooks (commit to repo for team)
@@ -845,6 +847,89 @@ async function fullSetup() {
   console.log();
 }
 
+async function fromClaudeMd() {
+  console.log();
+  console.log(c.bold + '  cc-safe-setup --from-claudemd' + c.reset);
+  console.log(c.dim + '  Convert CLAUDE.md rules into enforceable hooks' + c.reset);
+  console.log();
+
+  // Find CLAUDE.md
+  const cwd = process.cwd();
+  let claudeMdPath = null;
+  for (const p of [join(cwd, 'CLAUDE.md'), join(cwd, '.claude', 'CLAUDE.md')]) {
+    if (existsSync(p)) { claudeMdPath = p; break; }
+  }
+
+  if (!claudeMdPath) {
+    console.log(c.yellow + '  No CLAUDE.md found in project.' + c.reset);
+    console.log(c.dim + '  Run: npx cc-safe-setup --shield (creates one)' + c.reset);
+    return;
+  }
+
+  const content = readFileSync(claudeMdPath, 'utf-8').toLowerCase();
+  console.log(c.dim + '  Reading: ' + claudeMdPath + c.reset);
+  console.log();
+
+  // Pattern matching: CLAUDE.md rules → hooks
+  const RULE_MAP = [
+    { patterns: ['do not push to main', 'don\'t push to main', 'no push main', 'never push to main'], hook: 'branch-guard', desc: '"Do not push to main" → branch-guard' },
+    { patterns: ['do not force', 'no force push', 'don\'t force push'], hook: 'branch-guard', desc: '"No force push" → branch-guard' },
+    { patterns: ['do not delete', 'don\'t delete', 'no rm -rf', 'never delete'], hook: 'destructive-guard', desc: '"Do not delete files" → destructive-guard' },
+    { patterns: ['do not commit .env', 'don\'t commit secret', 'no credentials', 'never commit .env'], hook: 'secret-guard', desc: '"No .env commits" → secret-guard' },
+    { patterns: ['run tests before', 'test before commit', 'tests must pass'], hook: 'verify-before-done', desc: '"Run tests first" → verify-before-done' },
+    { patterns: ['do not use sudo', 'no sudo', 'don\'t use sudo'], hook: 'no-sudo-guard', desc: '"No sudo" → no-sudo-guard' },
+    { patterns: ['stay in project', 'only this project', 'don\'t modify outside', 'do not edit files outside'], hook: 'scope-guard', desc: '"Stay in project" → scope-guard' },
+    { patterns: ['don\'t modify .bashrc', 'do not edit dotfile', 'protect home'], hook: 'protect-dotfiles', desc: '"Protect dotfiles" → protect-dotfiles' },
+    { patterns: ['do not deploy on friday', 'no friday deploy'], hook: 'no-deploy-friday', desc: '"No Friday deploy" → no-deploy-friday' },
+    { patterns: ['do not install global', 'no npm -g', 'don\'t install globally'], hook: 'no-install-global', desc: '"No global installs" → no-install-global' },
+    { patterns: ['descriptive commit', 'meaningful commit', 'good commit message'], hook: 'commit-quality-gate', desc: '"Good commit messages" → commit-quality-gate' },
+    { patterns: ['one logical change', 'small commit', 'focused commit', 'don\'t commit too many'], hook: 'commit-scope-guard', desc: '"Small commits" → commit-scope-guard' },
+    { patterns: ['feature branch', 'create branch', 'feat/ fix/ chore/'], hook: 'branch-naming-convention', desc: '"Feature branches" → branch-naming-convention' },
+    { patterns: ['do not drop database', 'no migrate:fresh', 'protect database'], hook: 'block-database-wipe', desc: '"Protect database" → block-database-wipe' },
+    { patterns: ['read before edit', 'understand before changing'], hook: 'read-before-edit', desc: '"Read first" → read-before-edit' },
+    { patterns: ['do not overwrite', 'use edit not write'], hook: 'overwrite-guard', desc: '"Use Edit, not Write" → overwrite-guard' },
+  ];
+
+  const matched = [];
+  for (const rule of RULE_MAP) {
+    if (rule.patterns.some(p => content.includes(p))) {
+      matched.push(rule);
+    }
+  }
+
+  if (matched.length === 0) {
+    console.log(c.yellow + '  No enforceable rules detected in CLAUDE.md.' + c.reset);
+    console.log(c.dim + '  CLAUDE.md may contain guidelines that can\'t be converted to hooks.' + c.reset);
+    console.log(c.dim + '  For custom hooks: npx cc-safe-setup --create "your rule"' + c.reset);
+    return;
+  }
+
+  console.log(c.bold + `  Found ${matched.length} rules that can be enforced with hooks:` + c.reset);
+  console.log();
+
+  for (const m of matched) {
+    const hookPath = join(HOOKS_DIR, `${m.hook}.sh`);
+    const installed = existsSync(hookPath);
+    const icon = installed ? c.green + '✓' + c.reset : c.yellow + '○' + c.reset;
+    const status = installed ? c.dim + '(installed)' + c.reset : '';
+    console.log(`  ${icon} ${m.desc} ${status}`);
+    if (!installed) {
+      console.log(c.dim + `    npx cc-safe-setup --install-example ${m.hook}` + c.reset);
+    }
+  }
+
+  const notInstalled = matched.filter(m => !existsSync(join(HOOKS_DIR, `${m.hook}.sh`)));
+  if (notInstalled.length > 0) {
+    console.log();
+    console.log(c.bold + `  Install all ${notInstalled.length} missing hooks:` + c.reset);
+    console.log(c.dim + '  npx cc-safe-setup --shield' + c.reset);
+  } else {
+    console.log();
+    console.log(c.green + '  All detected rules are already enforced by hooks!' + c.reset);
+  }
+  console.log();
+}
+
 async function health() {
   const { readdirSync, statSync } = await import('fs');
   console.log();
@@ -3638,6 +3723,7 @@ async function main() {
   if (FULL) return fullSetup();
   if (DOCTOR) return doctor();
   if (WATCH) return watch();
+  if (FROM_CLAUDEMD) return fromClaudeMd();
   if (HEALTH) return health();
   if (MIGRATE_FROM_IDX !== -1) return migrateFrom(MIGRATE_FROM);
   if (TEAM) return team();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safe-setup",
-  "version": "9.1.0",
+  "version": "9.3.0",
   "description": "One command to make Claude Code safe. 59 hooks (8 built-in + 51 examples). 26 CLI commands: dashboard, create, audit, lint, diff, migrate, compare, generate-ci. 284 tests.",
   "main": "index.mjs",
   "bin": {