cc-safety-net 0.8.0 → 0.8.2

package/README.md

@@ -164,11 +164,9 @@ Running both together provides defense-in-depth. Sandboxing handles unknown thre
 ```bash
 /plugin marketplace add kenryu42/cc-marketplace
 /plugin install safety-net@cc-marketplace
+/reload-plugins
 ```
 
-> [!NOTE]
-> After installing the plugin, you need to restart your Claude Code for it to take effect.
-
 ### Claude Code Auto-Update
 
 1. Run `/plugin` → Select `Marketplaces` → Choose `cc-marketplace` → Enable auto-update
@@ -207,95 +205,14 @@ gemini extensions install https://github.com/kenryu42/gemini-safety-net
 
 ### GitHub Copilot CLI Installation
 
-Safety Net supports GitHub Copilot CLI via its [hooks system](https://docs.github.com/en/copilot/concepts/agents/coding-agent/about-hooks).
-
-> [!NOTE]
-> Copilot CLI currently supports two hook configuration styles:
->
-> - Hook files:
->   - repository: `.github/hooks/*.json`
->   - user: `~/.copilot/hooks/*.json` on Copilot CLI `0.0.422+`
-> - Inline `hooks` inside Copilot config files on Copilot CLI `1.0.8+`:
->   - user: `~/.copilot/config.json`
->   - repository: `.github/copilot/settings.json`
->   - local override: `.github/copilot/settings.local.json`
->
-> Copilot settings cascade from user -> repository -> local (later files override earlier ones, so local overrides repository overrides user). `disableAllHooks: true` disables both repo-level and user-level hooks. If you use `COPILOT_HOME`, replace `~/.copilot` with that directory.
-
-#### Option A: Hook Files
-
-This is the classic hook-file format. It still works, and it is the easiest shared setup for a repository.
-
-1. **Create the hooks directory** in your repository:
-
-   ```bash
-   mkdir -p .github/hooks
-   ```
-
-2. **Create `.github/hooks/safety-net.json`**:
-
-   ```json
-   {
-     "version": 1,
-     "hooks": {
-       "preToolUse": [
-         {
-           "type": "command",
-           "bash": "npx -y cc-safety-net --copilot-cli",
-           "cwd": ".",
-           "timeoutSec": 15
-         }
-       ]
-     }
-   }
-   ```
-
-3. **Restart Copilot CLI** — hooks are loaded at session start.
-
-The hook will intercept shell commands and block destructive operations before they execute.
-
-To install the same hook globally for your user account on Copilot CLI `0.0.422+`, place the same JSON file in:
-
-- `~/.copilot/hooks/safety-net.json`
-
-#### Option B: Inline Hooks In Copilot Settings
-
-On Copilot CLI `1.0.8+`, you can define the same hook inline in Copilot settings files instead of a separate `.json` file under `.github/hooks` or `~/.copilot/hooks`.
-
-```json
-{
-  "hooks": {
-    "preToolUse": [
-      {
-        "type": "command",
-        "bash": "npx -y cc-safety-net --copilot-cli",
-        "cwd": ".",
-        "timeoutSec": 15
-      }
-    ]
-  }
-}
+```bash
+/plugin install kenryu42/copilot-safety-net
 ```
 
-Use that schema in one of these files:
-
-- `~/.copilot/config.json`
-- `.github/copilot/settings.json`
-- `.github/copilot/settings.local.json`
-
-Recommended usage:
-
-- Use `~/.copilot/config.json` for your personal default across repositories.
-- Use `.github/copilot/settings.json` for a committed repository-wide setup.
-- Use `.github/copilot/settings.local.json` for personal repo-specific overrides, and add it to `.gitignore`.
-
-If you need to turn hooks off explicitly, set:
+> [!NOTE]
+> After installing the plugin, you need to restart your Copilot CLI for it to take effect.
 
-```json
-{
-  "disableAllHooks": true
-}
-```
+---
 
 ## Status Line Integration
 

package/dist/bin/cc-safety-net.js

@@ -2865,6 +2865,7 @@ function normalizePathForComparison(p) {
 }
 var REASON_RM_RF = "rm -rf outside cwd is blocked. Use explicit paths within the current directory, or delete manually.";
 var REASON_RM_RF_ROOT_HOME = "rm -rf targeting root or home directory is extremely dangerous and always blocked.";
+var REASON_RM_HOME_CWD = "rm -rf in home directory is dangerous. Change to a project directory first.";
 function analyzeRm(tokens, options = {}) {
   const {
     cwd,
@@ -2921,18 +2922,16 @@ function classifyTarget(target, ctx) {
   if (isDangerousRootOrHomeTarget(target)) {
     return { kind: "root_or_home_target" };
   }
-  const anchoredCwd = ctx.anchoredCwd;
-  if (anchoredCwd) {
-    if (isCwdSelfTarget(target, anchoredCwd)) {
-      return { kind: "cwd_self_target" };
-    }
-  }
   if (isTempTarget(target, ctx.trustTmpdirVar)) {
     return { kind: "temp_target" };
   }
+  const anchoredCwd = ctx.anchoredCwd;
   if (anchoredCwd) {
     if (isCwdHomeForRmPolicy(anchoredCwd, ctx.homeDir)) {
-      return { kind: "root_or_home_target" };
+      return { kind: "home_cwd_target" };
+    }
+    if (isCwdSelfTarget(target, anchoredCwd)) {
+      return { kind: "cwd_self_target" };
     }
     if (isTargetWithinCwd(target, anchoredCwd, ctx.resolvedCwd ?? anchoredCwd)) {
       return { kind: "within_anchored_cwd" };
@@ -2944,10 +2943,12 @@ function reasonForClassification(classification, ctx) {
   switch (classification.kind) {
     case "root_or_home_target":
       return REASON_RM_RF_ROOT_HOME;
-    case "cwd_self_target":
-      return REASON_RM_RF;
     case "temp_target":
       return null;
+    case "home_cwd_target":
+      return REASON_RM_HOME_CWD;
+    case "cwd_self_target":
+      return REASON_RM_RF;
     case "within_anchored_cwd":
       if (ctx.paranoid) {
         return `${REASON_RM_RF} (SAFETY_NET_PARANOID_RM enabled)`;
@@ -3069,14 +3070,6 @@ function isTargetWithinCwd(target, originalCwd, effectiveCwd) {
     return false;
   }
 }
-function isHomeDirectory(cwd) {
-  const home = process.env.HOME ?? homedir3();
-  try {
-    return normalizePathForComparison(cwd) === normalizePathForComparison(home);
-  } catch {
-    return false;
-  }
-}
 
 // src/core/analyze/parallel.ts
 var REASON_PARALLEL_RM = "parallel rm -rf with dynamic input is dangerous. Use explicit file list instead.";
@@ -3497,7 +3490,6 @@ function matchesBlockArgs(tokens, blockArgs, shortOpts) {
 // src/core/analyze/segment.ts
 var REASON_INTERPRETER_DANGEROUS = "Detected potentially dangerous command in interpreter code.";
 var REASON_INTERPRETER_BLOCKED = "Interpreter one-liners are blocked in paranoid mode.";
-var REASON_RM_HOME_CWD = "rm -rf in home directory is dangerous. Change to a project directory first.";
 function deriveCwdContext(options) {
   const cwdUnknown = options.effectiveCwd === null;
   const cwdForRm = cwdUnknown ? undefined : options.effectiveCwd ?? options.cwd;
@@ -3561,11 +3553,6 @@ function analyzeSegment(tokens, depth, options) {
     }
   }
   if (isRm) {
-    if (cwdForRm && isHomeDirectory(cwdForRm)) {
-      if (hasRecursiveForceFlags(stripped)) {
-        return REASON_RM_HOME_CWD;
-      }
-    }
     const rmResult = analyzeRm(stripped, {
       cwd: cwdForRm,
       originalCwd,
@@ -3731,6 +3718,7 @@ function analyzeCommand(command, options = {}) {
 }
 
 // src/bin/doctor/hooks.ts
+var COPILOT_PLUGIN_CONFIG_PATH = "copilot-plugin";
 var SELF_TEST_CASES = [
   { command: "git reset --hard", description: "git reset --hard", expectBlocked: true },
   { command: "rm -rf /", description: "rm -rf /", expectBlocked: true },
@@ -4178,13 +4166,15 @@ function detectAllHooks(cwd, options) {
         errors: errors.length > 0 ? errors : undefined
       };
     }
-    if (hooksCheck.activeConfigPaths.length > 0) {
+    if (options?.copilotPluginInstalled === true || hooksCheck.activeConfigPaths.length > 0) {
+      const viaPlugin = options?.copilotPluginInstalled === true;
+      const primaryConfigPath = hooksCheck.activeConfigPaths[0];
       return {
         platform: "copilot-cli",
         status: "configured",
-        method: "hook config",
-        configPath: hooksCheck.activeConfigPaths[0],
-        configPaths: hooksCheck.activeConfigPaths,
+        method: viaPlugin ? "plugin list" : "hook config",
+        configPath: primaryConfigPath ?? (viaPlugin ? COPILOT_PLUGIN_CONFIG_PATH : undefined),
+        configPaths: hooksCheck.activeConfigPaths.length > 0 ? hooksCheck.activeConfigPaths : undefined,
         selfTest: runSelfTest(),
         errors: errors.length > 0 ? errors : undefined
       };
@@ -4205,11 +4195,12 @@ function detectAllHooks(cwd, options) {
 
 // src/bin/doctor/system-info.ts
 import { spawn } from "node:child_process";
-var CURRENT_VERSION = "0.8.0";
+var CURRENT_VERSION = "0.8.2";
 var VERSION_FETCH_TIMEOUT_MS = 2000;
 function getPackageVersion() {
   return CURRENT_VERSION;
 }
+var COPILOT_PLUGIN_ID = "copilot-safety-net";
 var defaultVersionFetcher = async (args) => {
   const [cmd, ...rest] = args;
   if (!cmd)
@@ -4260,6 +4251,12 @@ function parseVersion(output) {
 `)[0]?.trim();
   return firstLine || null;
 }
+function hasCopilotSafetyNetPlugin(output) {
+  if (!output)
+    return false;
+  const pluginPattern = new RegExp(`(^|[^a-z0-9-])${COPILOT_PLUGIN_ID}([^a-z0-9-]|$)`, "m");
+  return pluginPattern.test(output);
+}
 async function getSystemInfo(fetcher = defaultVersionFetcher) {
   const fetchCopilotVersion = async () => {
     const binaryVersionPromise = fetcher(["copilot", "--binary-version"]);
@@ -4270,14 +4267,15 @@ async function getSystemInfo(fetcher = defaultVersionFetcher) {
     }
     return fallbackVersionPromise;
   };
-  const [claudeRaw, openCodeRaw, geminiRaw, copilotRaw, nodeRaw, npmRaw, bunRaw] = await Promise.all([
+  const [claudeRaw, openCodeRaw, geminiRaw, copilotRaw, nodeRaw, npmRaw, bunRaw, pluginListRaw] = await Promise.all([
     fetcher(["claude", "--version"]),
     fetcher(["opencode", "--version"]),
     fetcher(["gemini", "--version"]),
     fetchCopilotVersion(),
     fetcher(["node", "--version"]),
     fetcher(["npm", "--version"]),
-    fetcher(["bun", "--version"])
+    fetcher(["bun", "--version"]),
+    fetcher(["copilot", "plugin", "list"])
   ]);
   return {
     version: CURRENT_VERSION,
@@ -4288,6 +4286,7 @@ async function getSystemInfo(fetcher = defaultVersionFetcher) {
     nodeVersion: parseVersion(nodeRaw),
     npmVersion: parseVersion(npmRaw),
     bunVersion: parseVersion(bunRaw),
+    copilotPluginInstalled: hasCopilotSafetyNetPlugin(pluginListRaw),
     platform: `${process.platform} ${process.arch}`
   };
 }
@@ -4353,7 +4352,10 @@ function parseDoctorFlags(args) {
 async function runDoctor(options = {}) {
   const cwd = options.cwd ?? process.cwd();
   const system = await getSystemInfo();
-  const hooks = detectAllHooks(cwd, { copilotCliVersion: system.copilotCliVersion });
+  const hooks = detectAllHooks(cwd, {
+    copilotCliVersion: system.copilotCliVersion,
+    copilotPluginInstalled: system.copilotPluginInstalled
+  });
   const configInfo = getConfigInfo(cwd);
   const environment = getEnvironmentInfo();
   const activity = getActivitySummary(7);
@@ -4667,19 +4669,9 @@ function explainSegment(tokens, depth, options, steps) {
       return { reason };
   }
   if (isRm) {
-    if (effectiveCwd && isHomeDirectory(effectiveCwd) && hasRecursiveForceFlags(strippedTokens)) {
-      const reason2 = "rm -rf in home directory is dangerous. Change to a project directory first.";
-      steps.push({
-        type: "rule-check",
-        ruleModule: "rules-rm.ts",
-        ruleFunction: "isHomeDirectory",
-        matched: true,
-        reason: reason2
-      });
-      return { reason: reason2 };
-    }
     const reason = analyzeRm(strippedTokens, {
-      cwd: effectiveCwd ?? undefined,
+      cwd: cwdForRm,
+      originalCwd,
       paranoid: options.paranoidRm,
       allowTmpdirVar
     });
@@ -5276,7 +5268,7 @@ function formatTraceJson(result) {
   return JSON.stringify(result, null, 2);
 }
 // src/bin/help.ts
-var version = "0.8.0";
+var version = "0.8.2";
 var INDENT = "  ";
 var PROGRAM_NAME = "cc-safety-net";
 function formatOptionFlags(option) {

package/dist/bin/doctor/hooks.d.ts

@@ -6,6 +6,7 @@ import type { LoadConfigOptions } from '@/core/config';
 interface HookDetectOptions extends LoadConfigOptions {
     homeDir?: string;
     copilotCliVersion?: string | null;
+    copilotPluginInstalled?: boolean;
 }
 /**
  * Strip JSONC-style comments and trailing commas from a string.

package/dist/bin/doctor/types.d.ts

@@ -105,6 +105,8 @@ export interface SystemInfo {
     npmVersion: string | null;
     /** Bun version (from `bun --version`) */
     bunVersion: string | null;
+    /** Whether the copilot-safety-net plugin is installed (from `copilot plugin list`) */
+    copilotPluginInstalled: boolean;
     /** Platform (e.g., "darwin arm64") */
     platform: string;
 }

package/dist/core/rules-rm.d.ts

@@ -6,4 +6,5 @@ export interface AnalyzeRmOptions {
     tmpdirOverridden?: boolean;
 }
 export declare function analyzeRm(tokens: string[], options?: AnalyzeRmOptions): string | null;
+/** @internal Exported for testing */
 export declare function isHomeDirectory(cwd: string): boolean;

package/dist/index.js

@@ -1724,6 +1724,7 @@ function normalizePathForComparison(p) {
 }
 var REASON_RM_RF = "rm -rf outside cwd is blocked. Use explicit paths within the current directory, or delete manually.";
 var REASON_RM_RF_ROOT_HOME = "rm -rf targeting root or home directory is extremely dangerous and always blocked.";
+var REASON_RM_HOME_CWD = "rm -rf in home directory is dangerous. Change to a project directory first.";
 function analyzeRm(tokens, options = {}) {
   const {
     cwd,
@@ -1780,18 +1781,16 @@ function classifyTarget(target, ctx) {
   if (isDangerousRootOrHomeTarget(target)) {
     return { kind: "root_or_home_target" };
   }
-  const anchoredCwd = ctx.anchoredCwd;
-  if (anchoredCwd) {
-    if (isCwdSelfTarget(target, anchoredCwd)) {
-      return { kind: "cwd_self_target" };
-    }
-  }
   if (isTempTarget(target, ctx.trustTmpdirVar)) {
     return { kind: "temp_target" };
   }
+  const anchoredCwd = ctx.anchoredCwd;
   if (anchoredCwd) {
     if (isCwdHomeForRmPolicy(anchoredCwd, ctx.homeDir)) {
-      return { kind: "root_or_home_target" };
+      return { kind: "home_cwd_target" };
+    }
+    if (isCwdSelfTarget(target, anchoredCwd)) {
+      return { kind: "cwd_self_target" };
     }
     if (isTargetWithinCwd(target, anchoredCwd, ctx.resolvedCwd ?? anchoredCwd)) {
       return { kind: "within_anchored_cwd" };
@@ -1803,10 +1802,12 @@ function reasonForClassification(classification, ctx) {
   switch (classification.kind) {
     case "root_or_home_target":
       return REASON_RM_RF_ROOT_HOME;
-    case "cwd_self_target":
-      return REASON_RM_RF;
     case "temp_target":
       return null;
+    case "home_cwd_target":
+      return REASON_RM_HOME_CWD;
+    case "cwd_self_target":
+      return REASON_RM_RF;
     case "within_anchored_cwd":
       if (ctx.paranoid) {
         return `${REASON_RM_RF} (SAFETY_NET_PARANOID_RM enabled)`;
@@ -1928,14 +1929,6 @@ function isTargetWithinCwd(target, originalCwd, effectiveCwd) {
     return false;
   }
 }
-function isHomeDirectory(cwd) {
-  const home = process.env.HOME ?? homedir();
-  try {
-    return normalizePathForComparison(cwd) === normalizePathForComparison(home);
-  } catch {
-    return false;
-  }
-}
 
 // src/core/analyze/parallel.ts
 var REASON_PARALLEL_RM = "parallel rm -rf with dynamic input is dangerous. Use explicit file list instead.";
@@ -2356,7 +2349,6 @@ function matchesBlockArgs(tokens, blockArgs, shortOpts) {
 // src/core/analyze/segment.ts
 var REASON_INTERPRETER_DANGEROUS = "Detected potentially dangerous command in interpreter code.";
 var REASON_INTERPRETER_BLOCKED = "Interpreter one-liners are blocked in paranoid mode.";
-var REASON_RM_HOME_CWD = "rm -rf in home directory is dangerous. Change to a project directory first.";
 function deriveCwdContext(options) {
   const cwdUnknown = options.effectiveCwd === null;
   const cwdForRm = cwdUnknown ? undefined : options.effectiveCwd ?? options.cwd;
@@ -2420,11 +2412,6 @@ function analyzeSegment(tokens, depth, options) {
     }
   }
   if (isRm) {
-    if (cwdForRm && isHomeDirectory(cwdForRm)) {
-      if (hasRecursiveForceFlags(stripped)) {
-        return REASON_RM_HOME_CWD;
-      }
-    }
     const rmResult = analyzeRm(stripped, {
       cwd: cwdForRm,
       originalCwd,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safety-net",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "description": "Claude Code / OpenCode plugin - block destructive git and filesystem commands before execution",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",