{"id":47612158,"url":"https://github.com/yurukusa/cc-safe-setup","last_synced_at":"2026-04-17T07:01:29.202Z","repository":{"id":345638152,"uuid":"1186763834","full_name":"yurukusa/cc-safe-setup","owner":"yurukusa","description":"One command to make Claude Code safe for autonomous operation. 658 example hooks · 14,096 tests · 1,000+ installs/day","archived":false,"fork":false,"pushed_at":"2026-04-11T14:40:15.000Z","size":5176,"stargazers_count":8,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-11T15:10:12.868Z","etag":null,"topics":["agent","agentic-coding","ai-safety","anthropic","automation","autonomous","bash","claude","claude-code","cli","coding-agent","database-protection","developer-tools","hooks","llm-tools","owasp","pretooluse","safety","security","token-consumption"],"latest_commit_sha":null,"homepage":"https://zenn.dev/yurukusa/books/6076c23b1cb18b","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yurukusa.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":"audit-web/index.html","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"yurukusa","ko_fi":"yurukusa","custom":["https://yurukusa.github.io/cc-ops-kit-landing/?ref=safe-setup"]}},"created_at":"2026-03-20T00:57:09.000Z","updated_at":"2026-04-11T14:40:23.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/yurukusa/cc-safe-setup","commit_stats":null,"previous_names":["yurukusa/cc-safe-setup"],"tags_count":54,"template":false,"template_full_name":null,"purl":"pkg:github/yurukusa/cc-safe-setup","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fcc-safe-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fcc-safe-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fcc-safe-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fcc-safe-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yurukusa","download_url":"https://codeload.github.com/yurukusa/cc-safe-setup/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fcc-safe-setup/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31918838,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"online","status_checked_at":"2026-04-17T02:00:06.879Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","agentic-coding","ai-safety","anthropic","automation","autonomous","bash","claude","claude-code","cli","coding-agent","database-protection","developer-tools","hooks","llm-tools","owasp","pretooluse","safety","security","token-consumption"],"created_at":"2026-04-01T20:33:47.656Z","updated_at":"2026-04-17T07:01:29.193Z","avatar_url":"https://github.com/yurukusa.png","language":"Shell","funding_links":["https://github.com/sponsors/yurukusa","https://ko-fi.com/yurukusa","https://yurukusa.github.io/cc-ops-kit-landing/?ref=safe-setup"],"categories":["Plugins"],"sub_categories":["All Plugins"],"readme":"# cc-safe-setup\n\n[![npm version](https://img.shields.io/npm/v/cc-safe-setup)](https://www.npmjs.com/package/cc-safe-setup)\n[![npm downloads](https://img.shields.io/npm/dw/cc-safe-setup)](https://www.npmjs.com/package/cc-safe-setup)\n[![tests](https://github.com/yurukusa/cc-safe-setup/actions/workflows/test.yml/badge.svg)](https://github.com/yurukusa/cc-safe-setup/actions/workflows/test.yml)\n\n**One command to make Claude Code safe for autonomous operation.** 673 example hooks · 9,200+ tests · 1,200+ installs/week · [日本語](docs/README.ja.md)\n\n```bash\nnpx cc-safe-setup\n```\n\nInstalls 8 safety hooks in ~10 seconds. Blocks `rm -rf /`, prevents pushes to main, catches secret leaks, validates syntax after every edit. Zero dependencies.\n\n\u003e **What's a hook?** A checkpoint that runs before Claude executes a command. Like airport security — it inspects what's about to happen and blocks anything dangerous before it reaches the gate.\n\n[**Getting Started**](https://yurukusa.github.io/cc-safe-setup/getting-started.html) · [**Hook Selector**](https://yurukusa.github.io/cc-safe-setup/hook-selector.html) · [**Token Checkup**](https://yurukusa.github.io/cc-safe-setup/token-checkup.html) · [**Cache Health**](https://yurukusa.github.io/cc-safe-setup/cache-health.html) · [**Version Check**](https://yurukusa.github.io/cc-safe-setup/version-check.html) · [**CLAUDE.md Analyzer**](https://yurukusa.github.io/cc-safe-setup/claudemd-analyzer.html) · [**All Tools**](https://yurukusa.github.io/cc-safe-setup/hub.html) · [**Recipes**](https://yurukusa.github.io/cc-safe-setup/recipes.html) · [Validate your settings.json](https://yurukusa.github.io/cc-safe-setup/validator.html) · [**Check your score**](https://yurukusa.github.io/cc-health-check/) (`npx cc-health-check`) · [**Safety Audit**](https://yurukusa.github.io/cc-safe-setup/safety-audit.html)\n\n```\n  cc-safe-setup\n  Make Claude Code safe for autonomous operation\n\n  Prevents real incidents (from GitHub Issues):\n  ✗ rm -rf deleted 3,467 files (~7 GB) without confirmation (#46058)\n  ✗ rm -rf deleted entire user directory via NTFS junction (#36339)\n  ✗ Remove-Item -Recurse -Force destroyed unpushed source (#37331)\n  ✗ Entire Mac filesystem deleted during cleanup (#36233)\n  ✗ Untested code pushed to main at 3am\n  ✗ Force-push rewrote shared branch history\n  ✗ API keys committed to public repos via git add .\n  ✗ Syntax errors cascading through 30+ files\n  ✗ Sessions losing all context with no warning\n  ✗ CLAUDE.md rules silently ignored after context compaction\n  ✗ Claude ran destructive DDL on production database (#46684)\n  ✗ AI executed delete/kill operations on production environment (#46650)\n  ✗ Subagents ignoring all CLAUDE.md rules since v2.1.84 (#40459)\n\n  Hooks to install:\n\n  ● Destructive Command Blocker\n  ● Branch Push Protector\n  ● Post-Edit Syntax Validator\n  ● Context Window Monitor\n  ● Bash Comment Stripper\n  ● cd+git Auto-Approver\n  ● Secret Leak Prevention\n\n  Install all 8 safety hooks? [Y/n] Y\n\n  ✓ Done. 8 safety hooks installed.\n```\n\n## Why This Exists\n\nA user [lost 3,467 files (~7 GB)](https://github.com/anthropics/claude-code/issues/46058) when Claude ran `rm -rf` on their data directory without confirmation. Another [lost their entire C:\\Users directory](https://github.com/anthropics/claude-code/issues/36339) when `rm -rf` followed NTFS junctions. Another [lost all source code](https://github.com/anthropics/claude-code/issues/37331) when Claude ran `Remove-Item -Recurse -Force *` on a repo. One user's Claude [ran destructive DDL on a production database](https://github.com/anthropics/claude-code/issues/46684) when asked only to investigate. Another had Claude [execute delete and kill operations on production systems](https://github.com/anthropics/claude-code/issues/46650). Others had untested code pushed to main at 3am. API keys got committed via `git add .`. Syntax errors cascaded through 30+ files before anyone noticed. And [CLAUDE.md rules get silently dropped](https://github.com/anthropics/claude-code/issues/6354) after context compaction — your instructions vanish mid-session.\n\nOne user [analyzed 6,852 sessions](https://github.com/anthropics/claude-code/issues/42796) and found the Read:Edit ratio dropped from 6.6 to 2.0 — Claude editing files it never read jumped from 6% to 34%. That issue has over 2,100 reactions. The `read-before-edit` example hook catches this pattern before damage happens.\n\nIn April 2026, [$1,446 was transferred without authorization](https://github.com/anthropics/claude-code/issues/46828) when Claude moved funds between exchange accounts. A user [lost $367 and got their account suspended](https://github.com/anthropics/claude-code/issues/47046) from a Claude-generated script. [Physical coordinates were uploaded to a public website](https://github.com/anthropics/claude-code/issues/46910) despite 17 sessions of \"no PII\" in CLAUDE.md. And [deny rules can be bypassed with 50+ subcommands](https://adversa.ai/blog/claude-code-security-bypass-deny-rules-disabled/).\n\nClaude Code ships with no safety hooks by default. This tool fixes that. ([Standalone guard script](https://gist.github.com/yurukusa/87f51b97bb655357dd148b66109d0c14) for quick setup | [Database protection hooks](https://gist.github.com/yurukusa/ad27e541769992e9e0cd15c1b487a1d2) | [Credential protection hooks](https://gist.github.com/yurukusa/7292ead735df0aa673f0485eba5587f3) | [Fabrication detection hook](https://gist.github.com/yurukusa/03f4bbbab61f7ddf31049cc28a01d0d9) | [Security vulnerability hooks](https://gist.github.com/yurukusa/81f79ae6d760b27c17f2cd642ea846d7))\n\n**Works with Auto Mode.** Claude Code's [Auto Mode sandboxing](https://www.anthropic.com/engineering/claude-code-sandboxing) provides container-level isolation. cc-safe-setup adds process-level hooks as defense-in-depth — catching destructive commands even outside sandboxed environments.\n\n**Works with subagents.** Since v2.1.84, subagents and teammates [don't receive CLAUDE.md](https://github.com/anthropics/claude-code/issues/40459) — your project rules are silently skipped. Hooks operate at the process level, but [subagent tool calls may bypass PreToolUse hooks](https://github.com/anthropics/claude-code/issues/21460) in some configurations. As defense-in-depth, cc-safe-setup installs hooks at the user level (`~/.claude/settings.json`). The `subagent-claudemd-inject` example hook re-injects critical rules into subagent prompts.\n\n## What Gets Installed\n\n| Hook | Prevents | Related Issues |\n|------|----------|----------------|\n| **Destructive Guard** | `rm -rf /`, `git reset --hard`, `git clean -fd`, `git checkout --force`, `sudo` + destructive, PowerShell `Remove-Item -Recurse -Force`, `rd /s /q`, NFS mount detection | [#46058](https://github.com/anthropics/claude-code/issues/46058) [#36339](https://github.com/anthropics/claude-code/issues/36339) [#36640](https://github.com/anthropics/claude-code/issues/36640) [#37331](https://github.com/anthropics/claude-code/issues/37331) |\n| **Branch Guard** | Pushes to main/master + force-push (`--force`) on all branches | |\n| **Secret Guard** | `git add .env`, credential files, `git add .` with .env present | [#6527](https://github.com/anthropics/claude-code/issues/6527) |\n| **Syntax Check** | Python, Shell, JSON, YAML, JS errors after edits | |\n| **Context Monitor** | Session state loss from context window overflow (40%→25%→20%→15% warnings) | |\n| **Comment Stripper** | Bash comments breaking permission allowlists | [#29582](https://github.com/anthropics/claude-code/issues/29582) |\n| **cd+git Auto-Approver** | Permission prompt spam for `cd /path \u0026\u0026 git log` | [#32985](https://github.com/anthropics/claude-code/issues/32985) [#16561](https://github.com/anthropics/claude-code/issues/16561) |\n| **API Error Alert** | Silent session death from rate limits or API errors — desktop notification + log | |\n\n\u003e 🛡️ **Is your setup safe?** [Take the Security Checkup](https://yurukusa.github.io/cc-safe-setup/security-checkup.html) — 6 questions based on real incidents ($1,800+ in losses, April 2026).\n\u003e\n\u003e 📘 Tokens disappearing too fast? [Take the free Token Checkup](https://yurukusa.github.io/cc-safe-setup/token-checkup.html) to diagnose where your tokens are going. [Version Check](https://yurukusa.github.io/cc-safe-setup/version-check.html): is your CC version affected by cache inflation ([#46917](https://github.com/anthropics/claude-code/issues/46917))? Free [CLAUDE.md templates](https://github.com/yurukusa/claude-code-token-templates) optimized for cache efficiency. For the full guide: [Token Book](https://yurukusa.github.io/cc-safe-setup/token-book.html) (¥2,500) — CLAUDE.md optimization, hook-based guards, context management, workflow design. 44,000 words from 800+ hours of operation. See also: [Safety Guide](https://zenn.dev/yurukusa/books/6076c23b1cb18b) (¥800, Chapter 3 free).\n\nEach hook exists because a real incident happened without it.\n\n### v2.1.85: `if` Field Support\n\nHooks now support an `if` field for conditional execution. The hook process only spawns when the command matches the pattern — `ls` won't trigger a git-only hook.\n\n```json\n{\n  \"type\": \"command\",\n  \"if\": \"Bash(git push *)\",\n  \"command\": \"~/.claude/hooks/test-before-push.sh\"\n}\n```\n\nAll example hooks include `if` field documentation in their headers.\n\n## PermissionRequest Hooks (NEW)\n\nOverride Claude Code's built-in confirmation prompts. These run **after** the built-in safety checks, so they can auto-approve prompts that `permissions.allow` cannot suppress.\n\n| Hook | What It Solves | Issue |\n|------|---------------|-------|\n| `quoted-flag-approver` | \"Quoted characters in flag names\" prompt on `git commit -m \"msg\"` | [#27957](https://github.com/anthropics/claude-code/issues/27957) |\n| `bash-heuristic-approver` | Safety heuristic prompts for `$()`, backticks, ANSI-C quoting | [#30435](https://github.com/anthropics/claude-code/issues/30435) |\n| `edit-always-allow` | Edit prompts in `.claude/skills/` despite `bypassPermissions` | [#36192](https://github.com/anthropics/claude-code/issues/36192) |\n| `allow-git-hooks-dir` | Edit prompts in `.git/hooks/` for pre-commit/pre-push setup | |\n| `allow-protected-dirs` | All protected directory prompts (CI/Docker environments) | [#36168](https://github.com/anthropics/claude-code/issues/36168) |\n| `git-show-flag-sanitizer` | Strips invalid `--no-stat` from `git show` (wastes context on error) | [#13071](https://github.com/anthropics/claude-code/issues/13071) |\n| `compact-blocker` | Blocks auto-compaction via PreCompact (preserves full context) | [#6689](https://github.com/anthropics/claude-code/issues/6689) |\n| `webfetch-domain-allow` | Auto-approves WebFetch by domain (fixes broken `domain:*` wildcard) | [#9329](https://github.com/anthropics/claude-code/issues/9329) |\n\nInstall any of these: `npx cc-safe-setup --install-example \u003cname\u003e`\n\n## Session Protection Hooks\n\nGuards against issues that corrupt sessions or waste tokens silently.\n\n| Hook | What It Solves | Issue |\n|------|---------------|-------|\n| `cch-cache-guard` | Blocks reads of Claude session/billing files that poison prompt cache via `cch=` substitution | [#40652](https://github.com/anthropics/claude-code/issues/40652) |\n| `image-file-validator` | Blocks Read of fake image files (text in .png) that permanently corrupt sessions | [#24387](https://github.com/anthropics/claude-code/issues/24387) |\n| `terminal-state-restore` | Restores Kitty keyboard protocol, cursor, bracketed paste on exit | [#39096](https://github.com/anthropics/claude-code/issues/39096) [#39272](https://github.com/anthropics/claude-code/issues/39272) |\n| `large-read-guard` | Warns before reading large files via `cat`/`less` that waste context tokens | [#41617](https://github.com/anthropics/claude-code/issues/41617) |\n| `prompt-usage-logger` | Logs every prompt with timestamps to track token consumption patterns | [#41249](https://github.com/anthropics/claude-code/issues/41249) |\n| `compact-alert-notification` | Alerts when auto-compaction fires (tracks compact-rebuild cycles that burn tokens) | [#41788](https://github.com/anthropics/claude-code/issues/41788) |\n| `token-budget-guard` | Blocks tool calls when estimated session cost exceeds a configurable threshold | [#38335](https://github.com/anthropics/claude-code/issues/38335) |\n| `session-index-repair` | Rebuilds `sessions-index.json` on exit so `claude --resume` finds all sessions | [#25032](https://github.com/anthropics/claude-code/issues/25032) |\n| `session-backup-on-start` | Backs up session JSONL files on start (protects against silent deletion) | [#41874](https://github.com/anthropics/claude-code/issues/41874) |\n| `working-directory-fence` | Blocks Read/Edit/Write outside CWD (prevents operating on wrong project copy) | [#41850](https://github.com/anthropics/claude-code/issues/41850) |\n| `mcp-warmup-wait` | Waits for MCP servers to initialize on session start (fixes first-turn tool errors) | [#41778](https://github.com/anthropics/claude-code/issues/41778) |\n| `pre-compact-transcript-backup` | Full JSONL backup before compaction (protects against rate-limit data loss) | [#40352](https://github.com/anthropics/claude-code/issues/40352) |\n| `conversation-history-guard` | Blocks access to session JSONL files (prevents 20x cache poisoning) | [#40524](https://github.com/anthropics/claude-code/issues/40524) |\n| `read-before-edit` | Warns when Edit targets a file not recently Read (Read:Edit ratio dropped 70% — [#42796](https://github.com/anthropics/claude-code/issues/42796)) | [#42796](https://github.com/anthropics/claude-code/issues/42796) |\n| `replace-all-guard` | Warns/blocks Edit `replace_all:true` (prevents bulk data corruption) | [#41681](https://github.com/anthropics/claude-code/issues/41681) |\n| `ripgrep-permission-fix` | Auto-fixes vendored ripgrep +x permission on start (fixes broken commands/skills) | [#41933](https://github.com/anthropics/claude-code/issues/41933) |\n\n## All 49 Commands\n\n| Command | What It Does |\n|---------|-------------|\n| `npx cc-safe-setup` | Install 8 safety hooks |\n| `--create \"desc\"` | Generate hook from plain English |\n| `--audit [--fix\\|--json\\|--badge]` | Safety score 0-100 |\n| `--lint` | Static analysis of config |\n| `--diff \u003cfile\u003e` | Compare settings |\n| `--compare \u003ca\u003e \u003cb\u003e` | Side-by-side hook comparison |\n| `--migrate` | Detect hooks from other projects |\n| `--generate-ci` | Create GitHub Actions workflow |\n| `--share` | Generate shareable URL |\n| `--benchmark` | Measure hook speed |\n| `--dashboard` | Real-time terminal UI |\n| `--issues` | GitHub Issues each hook addresses |\n| `--doctor` | Diagnose hook problems |\n| `--watch` | Live blocked command feed |\n| `--stats` | Block history analytics |\n| `--learn [--apply]` | Pattern learning |\n| `--scan [--apply]` | Tech stack detection |\n| `--export / --import` | Team config sharing |\n| `--verify` | Test each hook |\n| `--install-example \u003cname\u003e` | Install from 667 examples |\n| `--examples [filter]` | Browse examples by keyword |\n| `--full` | All-in-one setup |\n| `--status` | Check installed hooks |\n| `--dry-run` | Preview changes |\n| `--uninstall` | Remove all hooks |\n| `--shield` | Maximum safety in one command |\n| `--guard \"rule\"` | Instantly enforce a rule from English |\n| `--suggest` | Predict risks from project analysis |\n| `--from-claudemd` | Convert CLAUDE.md rules to hooks |\n| `--team` | Project-level hooks for git sharing |\n| `--profile [level]` | Switch safety profiles |\n| `--save-profile \u003cname\u003e` | Save current hooks as profile |\n| `--analyze` | Session analysis dashboard |\n| `--health` | Hook health table |\n| `--quickfix` | Auto-fix common problems |\n| `--replay` | Visual blocked commands timeline |\n| `--why \u003chook\u003e` | Show real incident behind hook |\n| `--migrate-from \u003ctool\u003e` | Migrate from other hook tools |\n| `--diff-hooks [path]` | Compare hook configurations |\n| `--init-project` | Full project setup (hooks + CLAUDE.md + CI) |\n| `--score` | CI-friendly safety score (exit 1 if below threshold) |\n| `--test-hook \u003cname\u003e` | Test a specific hook with sample input |\n| `--simulate \"cmd\"` | Preview how all hooks react to a command |\n| `--protect \u003cpath\u003e` | Block edits to a file or directory |\n| `--rules [file]` | Compile YAML rules into hooks |\n| `--validate` | Validate all hook scripts (syntax + structure) |\n| `--safe-mode` | Maximum protection: all safety hooks + strict config |\n| `--changelog` | Show what changed in each version |\n| `--report` | Generate safety report |\n| `--help` | Show help |\n\n## Quick Start by Scenario\n\n| I want to... | Command |\n|---|---|\n| Make Claude Code safe right now | `npx cc-safe-setup --shield` |\n| Stop permission prompt spam | `npx cc-safe-setup --install-example auto-approve-readonly` |\n| Enforce a rule instantly | `npx cc-safe-setup --guard \"never delete production data\"` |\n| See what risks my project has | `npx cc-safe-setup --suggest` |\n| Convert CLAUDE.md rules to hooks | `npx cc-safe-setup --from-claudemd` |\n| Share hooks with my team | `npx cc-safe-setup --team \u0026\u0026 git add .claude/` |\n| Choose a safety level | `npx cc-safe-setup --profile strict` |\n| See what Claude blocked today | `npx cc-safe-setup --replay` |\n| Know why a hook exists | `npx cc-safe-setup --why destructive-guard` |\n| Block silent memory file edits | `npx cc-safe-setup --install-example memory-write-guard` |\n| Stop built-in skills editing opaquely | `npx cc-safe-setup --install-example skill-gate` |\n| Diagnose why hooks aren't working | `npx cc-safe-setup --doctor` |\n| Preview how hooks react to a command | `npx cc-safe-setup --simulate \"git push origin main\"` |\n| Protect a specific file from edits | `npx cc-safe-setup --protect .env` |\n| Stop .git/ write prompts | `npx cc-safe-setup --install-example allow-git-hooks-dir` |\n| Auto-approve compound git commands | `npx cc-safe-setup --install-example auto-approve-compound-git` |\n| Detect prompt injection patterns | `npx cc-safe-setup --install-example prompt-injection-detector` |\n| Define rules in YAML, compile to hooks | `npx cc-safe-setup --rules rules.yaml` |\n| Validate all hook scripts are correct | `npx cc-safe-setup --validate` |\n| Maximum protection mode | `npx cc-safe-setup --safe-mode` |\n| Migrate from Cursor/Windsurf | [Migration Guide](https://yurukusa.github.io/cc-safe-setup/migration-guide.html) |\n\n## Plugin Marketplace\n\nInstall safety hooks as Claude Code plugins — no npm required:\n\n```bash\n/plugin marketplace add yurukusa/cc-safe-setup\n/plugin install safety-essentials@cc-safe-setup\n```\n\n| Plugin | What it blocks |\n|---|---|\n| `safety-essentials` | rm -rf, force-push, hard-reset, .env overwrite, npm publish |\n| `git-protection` | Force-push, main/master push, git clean, branch -D |\n| `credential-guard` | .env write/edit, API keys in commands, service account files |\n\nAlso listed on [claudemarketplaces.com](https://claudemarketplaces.com).\n\n## Common Pain Points (from GitHub Issues)\n\n| Problem | Issue | Fix |\n|---|---|---|\n| Claude uses `cat`/`grep`/`sed` instead of built-in Read/Edit/Grep | [#19649](https://github.com/anthropics/claude-code/issues/19649) (48👍) | `npx cc-safe-setup --install-example prefer-builtin-tools` |\n| `cd /path \u0026\u0026 cmd` bypasses permission allowlist | [#28240](https://github.com/anthropics/claude-code/issues/28240) (88👍) | `npx cc-safe-setup --install-example compound-command-approver` |\n| Multiline commands skip pattern matching | [#11932](https://github.com/anthropics/claude-code/issues/11932) (47👍) | Use hooks instead of allowlist patterns for complex commands |\n| No notification when Claude asks a question | [#13024](https://github.com/anthropics/claude-code/issues/13024) (52👍) | `npx cc-safe-setup --install-example notify-waiting` |\n| `allow` overrides `ask` in permissions | [#6527](https://github.com/anthropics/claude-code/issues/6527) (17👍) | Use hooks to block dangerous commands instead of `ask` rules |\n| Plans stored in `~/.claude/` with random names | [#12619](https://github.com/anthropics/claude-code/issues/12619) (163👍) | `npx cc-safe-setup --install-example plan-repo-sync` |\n\n## How It Works\n\n1. Writes hook scripts to `~/.claude/hooks/`\n2. Updates `~/.claude/settings.json` to register the hooks\n3. Restart Claude Code — hooks are active\n\nSafe to run multiple times. Existing settings are preserved. A backup is created if settings.json can't be parsed.\n\n**Maximum safety:** `npx cc-safe-setup --shield` — one command: fix environment, install hooks, detect stack, configure settings, generate CLAUDE.md.\n\n**Instant rule:** `npx cc-safe-setup --guard \"never touch the database\"` — generates, installs, activates a hook instantly from plain English.\n\n**Team setup:** `npx cc-safe-setup --team` — copy hooks to `.claude/hooks/` with relative paths, commit to repo for team sharing.\n\n**Preview first:** `npx cc-safe-setup --dry-run`\n\n**Check status:** `npx cc-safe-setup --status` — see which hooks are installed (exit code 1 if missing).\n\n**Verify hooks work:** `npx cc-safe-setup --verify` — sends test inputs to each hook and confirms they block/allow correctly.\n\n**Troubleshoot:** `npx cc-safe-setup --doctor` — diagnoses why hooks aren't working (jq, permissions, paths, shebang).\n\n**Live monitor:** `npx cc-safe-setup --watch` — real-time dashboard of blocked commands during autonomous sessions.\n\n**Uninstall:** `npx cc-safe-setup --uninstall` — removes all hooks and cleans settings.json.\n\n**Requires:** [jq](https://jqlang.github.io/jq/) for JSON parsing (`brew install jq` / `apt install jq`).\n\n**Note:** Hooks are skipped when Claude Code runs with `--bare` or `--dangerously-skip-permissions`. These modes bypass all safety hooks by design.\n\n**Known limitations:**\n\n- In headless mode (`-p` / `--print`), hook exit code 2 may not block tool execution ([#36071](https://github.com/anthropics/claude-code/issues/36071)). For CI pipelines, use interactive mode with hooks rather than `-p` mode.\n- `FileChanged` notifications inject file contents into model context **before** hooks can intervene. If a sensitive file (`.env`, `credentials.json`) is modified externally during a session, its contents may appear in the conversation transcript regardless of hooks ([#44909](https://github.com/anthropics/claude-code/issues/44909)). Mitigation: use `dotenv-watch` to get alerted, and avoid editing sensitive files while Claude Code is running.\n\n## Before / After\n\nRun `npx cc-health-check` to see the difference:\n\n| | Before | After |\n|---|--------|-------|\n| Safety Guards | 25% | **75%** |\n| Overall Score | 50/100 | **95/100** |\n| Destructive commands | Unprotected | Blocked |\n| Force push | Allowed | Blocked |\n| `.env` in git | Possible | Blocked |\n| Context warnings | None | 4-stage alerts |\n\n## Configuration\n\n| Variable | Hook | Default |\n|----------|------|---------|\n| `CC_ALLOW_DESTRUCTIVE=1` | destructive-guard | `0` (protection on) |\n| `CC_SAFE_DELETE_DIRS` | destructive-guard | `node_modules:dist:build:.cache:__pycache__:coverage` |\n| `CC_PROTECT_BRANCHES` | branch-guard | `main:master` |\n| `CC_ALLOW_FORCE_PUSH=1` | branch-guard | `0` (protection on) |\n| `CC_SECRET_PATTERNS` | secret-guard | `.env:.env.local:credentials:*.pem:*.key` |\n| `CC_CONTEXT_MISSION_FILE` | context-monitor | `$HOME/mission.md` |\n\n## After Installing\n\nVerify your setup:\n\n```bash\nnpx cc-health-check\n```\n\n## Full Kit\n\ncc-safe-setup gives you 8 essential hooks. Want to know what else your setup needs?\n\nRun `npx cc-health-check` (free, 20 checks) to see your current score. If it's below 80, the **[Claude Code Ops Kit](https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=github\u0026utm_medium=readme\u0026utm_campaign=safe-setup)** fills the gaps — 6 hooks + 5 templates + 9 scripts + install.sh. Pay What You Want ($0+).\n\n**Starter Kit:** Want hooks + settings + templates in one download? The **[Claude Code Safety Kit](https://yurukusa.itch.io/claude-code-safety-kit)** bundles 5 safety hooks, a pre-configured settings.json, CLAUDE.md templates, and 800-hour operation tips. Name your price ($0+).\n\nOr browse the free hooks: [claude-code-hooks](https://github.com/yurukusa/claude-code-hooks)\n\n## Examples\n\n## Safety Audit\n\n**[Try it in your browser](https://yurukusa.github.io/cc-safe-setup/)** — paste your settings.json, get a score instantly. Nothing leaves your browser.\n\nOr from the CLI:\n\n```bash\nnpx cc-safe-setup --audit\n```\n\nAnalyzes 9 safety dimensions and gives you a score (0-100) with one-command fixes for each risk.\n\n### CI Integration (GitHub Action)\n\n```yaml\n# .github/workflows/safety.yml\n- uses: yurukusa/cc-safe-setup@main\n  with:\n    threshold: 70  # CI fails if score drops below this\n```\n\n### Project Scanner\n\n```bash\nnpx cc-safe-setup --scan         # detect tech stack, recommend hooks\nnpx cc-safe-setup --scan --apply # auto-create CLAUDE.md with project rules\n```\n\n### Create Hooks from Plain English\n\n```bash\nnpx cc-safe-setup --create \"block npm publish without tests\"\nnpx cc-safe-setup --create \"auto approve test commands\"\nnpx cc-safe-setup --create \"block curl pipe to bash\"\nnpx cc-safe-setup --create \"block DROP TABLE and TRUNCATE\"\n```\n\n9 built-in templates + generic fallback. Creates the script, registers it, and runs a smoke test.\n\n### Self-Learning Safety\n\n```bash\nnpx cc-safe-setup --learn        # analyze your block history for patterns\nnpx cc-safe-setup --learn --apply # auto-generate custom hooks from patterns\n```\n\n## Examples\n\nNeed custom hooks beyond the 8 built-in ones? Install any example with one command:\n\n```bash\nnpx cc-safe-setup --install-example block-database-wipe\n```\n\nOr browse all available examples in [`examples/`](examples/):\n\n- **auto-approve-git-read.sh** — Auto-approve `git status`, `git log`, even with `-C` flags\n- **auto-approve-ssh.sh** — Auto-approve safe SSH commands (`uptime`, `whoami`, etc.)\n- **enforce-tests.sh** — Warn when source files change without corresponding test files\n- **notify-waiting.sh** — Desktop notification when Claude Code waits for input (macOS/Linux/WSL2)\n- **edit-guard.sh** — Block Edit/Write to protected files (defense-in-depth for [#37210](https://github.com/anthropics/claude-code/issues/37210))\n- **auto-approve-build.sh** — Auto-approve npm/yarn/cargo/go/python build, test, and lint commands\n- **auto-approve-docker.sh** — Auto-approve docker build, compose, ps, logs, and other safe commands\n- **block-database-wipe.sh** — Block destructive database commands: Laravel `migrate:fresh`, Django `flush`, Rails `db:drop`, raw `DROP DATABASE` ([#46684](https://github.com/anthropics/claude-code/issues/46684) [#46650](https://github.com/anthropics/claude-code/issues/46650) [#37405](https://github.com/anthropics/claude-code/issues/37405) [#37439](https://github.com/anthropics/claude-code/issues/37439))\n- **auto-approve-python.sh** — Auto-approve pytest, mypy, ruff, black, isort, flake8, pylint commands\n- **auto-snapshot.sh** — Auto-save file snapshots before edits for rollback protection ([#37386](https://github.com/anthropics/claude-code/issues/37386) [#37457](https://github.com/anthropics/claude-code/issues/37457))\n- **allowlist.sh** — Block everything not explicitly approved — inverse permission model ([#37471](https://github.com/anthropics/claude-code/issues/37471))\n- **protect-dotfiles.sh** — Block modifications to `~/.bashrc`, `~/.aws/`, `~/.ssh/` and chezmoi without diff ([#37478](https://github.com/anthropics/claude-code/issues/37478))\n- **scope-guard.sh** — Block file operations outside project directory — absolute paths, home, parent escapes ([#36233](https://github.com/anthropics/claude-code/issues/36233))\n- **auto-checkpoint.sh** — Auto-commit after every edit for rollback protection ([#34674](https://github.com/anthropics/claude-code/issues/34674))\n- **git-config-guard.sh** — Block `git config --global` modifications without consent ([#37201](https://github.com/anthropics/claude-code/issues/37201))\n- **deploy-guard.sh** — Block deploy commands when uncommitted changes exist ([#37314](https://github.com/anthropics/claude-code/issues/37314))\n- **network-guard.sh** — Warn on suspicious network commands sending file contents ([#37420](https://github.com/anthropics/claude-code/issues/37420))\n- **test-before-push.sh** — Block `git push` when tests haven't been run ([#36970](https://github.com/anthropics/claude-code/issues/36970))\n- **large-file-guard.sh** — Warn when Write tool creates files over 500KB\n- **commit-message-check.sh** — Warn on non-conventional commit messages (feat:, fix:, docs:, etc.)\n- **env-var-check.sh** — Block hardcoded API keys (sk-, ghp_, glpat-) in export commands\n- **timeout-guard.sh** — Warn before long-running commands (npm start, rails s, docker-compose up)\n- **branch-name-check.sh** — Warn on non-conventional branch names (feature/, fix/, etc.)\n- **todo-check.sh** — Warn when committing files with TODO/FIXME/HACK markers\n- **path-traversal-guard.sh** — Block Edit/Write with `../../` path traversal and system directories\n- **case-sensitive-guard.sh** — Detect case-insensitive filesystems (exFAT, NTFS, HFS+) and block rm/mkdir that would collide due to case folding ([#37875](https://github.com/anthropics/claude-code/issues/37875))\n- **compound-command-approver.sh** — Auto-approve safe compound commands (`cd \u0026\u0026 git log`, `cd \u0026\u0026 npm test`) that the permission system can't match ([#30519](https://github.com/anthropics/claude-code/issues/30519) [#16561](https://github.com/anthropics/claude-code/issues/16561))\n- **tmp-cleanup.sh** — Clean up accumulated `/tmp/claude-*-cwd` files on session end ([#8856](https://github.com/anthropics/claude-code/issues/8856))\n- **session-checkpoint.sh** — Save session state to mission file before context compaction ([#37866](https://github.com/anthropics/claude-code/issues/37866))\n- **verify-before-commit.sh** — Block git commit when lint/test commands haven't been run ([#37818](https://github.com/anthropics/claude-code/issues/37818))\n- **hook-debug-wrapper.sh** — Wrap any hook to log input/output/exit code/timing to `~/.claude/hook-debug.log`\n- **loop-detector.sh** — Detect and break command repetition loops (warn at 3, block at 5 repeats)\n- **commit-quality-gate.sh** — Warn on vague commit messages (\"update code\"), long subjects, mega-commits\n- **session-handoff.sh** — Auto-save git state and session info to `~/.claude/session-handoff.md` on session end\n- **diff-size-guard.sh** — Warn/block when committing too many files at once (default: warn at 10, block at 50)\n- **dependency-audit.sh** — Warn when installing packages not in manifest (npm/pip/cargo supply chain awareness)\n- **env-source-guard.sh** — Block sourcing .env files into shell environment ([#401](https://github.com/anthropics/claude-code/issues/401))\n- **symlink-guard.sh** — Detect symlink/junction traversal in rm targets ([#36339](https://github.com/anthropics/claude-code/issues/36339) [#764](https://github.com/anthropics/claude-code/issues/764))\n- **no-sudo-guard.sh** — Block all sudo commands\n- **no-install-global.sh** — Block npm -g and system-wide pip\n- **no-curl-upload.sh** — Warn on curl POST/upload (data exfiltration)\n- **no-port-bind.sh** — Warn on network port binding\n- **git-tag-guard.sh** — Block pushing all tags at once\n- **npm-publish-guard.sh** — Version check before npm publish\n- **max-file-count-guard.sh** — Warn when 20+ new files created per session\n- **protect-claudemd.sh** — Block edits to CLAUDE.md and settings files\n- **reinject-claudemd.sh** — Re-inject CLAUDE.md rules after compaction ([#6354](https://github.com/anthropics/claude-code/issues/6354))\n- **binary-file-guard.sh** — Warn when Write targets binary file types (images, archives)\n- **stale-branch-guard.sh** — Warn when working branch is far behind default\n- **cost-tracker.sh** — Estimate session token cost and warn at thresholds ($1, $5)\n- **read-before-edit.sh** — Warn when editing files not recently read (prevents old_string mismatches)\n\n## Safety Checklist\n\n**[SAFETY_CHECKLIST.md](SAFETY_CHECKLIST.md)** — Copy-paste checklist for before/during/after autonomous sessions.\n\n## Windows Support\n\nWorks on Windows via WSL or Git Bash. Native PowerShell is not supported (hooks are bash scripts).\n\n**Common issue:** If you see `Permission denied` or `No such file` errors after install, run:\n\n```bash\nnpx cc-safe-setup --doctor\n```\n\nThis detects Windows backslash paths (`C:\\Users\\...` → `C:/Users/...`) and missing execute permissions.\n\nSee [Issue #1](https://github.com/yurukusa/cc-safe-setup/issues/1) for details.\n\n## Troubleshooting\n\n**[TROUBLESHOOTING.md](TROUBLESHOOTING.md)** — \"Hook doesn't work\" → step-by-step diagnosis. Covers every common failure pattern.\n\n## settings.json Reference\n\n**[SETTINGS_REFERENCE.md](SETTINGS_REFERENCE.md)** — Complete reference for permissions, hooks, modes, and common configurations. Includes known limitations and workarounds.\n\n## Migration Guide\n\n**[MIGRATION.md](MIGRATION.md)** — Step-by-step guide for moving from permissions-only to permissions + hooks. Keep your existing config, add safety layers on top.\n\n## Learn More\n\n- **[Token Book (¥2,500)](https://zenn.dev/yurukusa/books/token-savings-guide)** — Cut token consumption in half. CLAUDE.md optimization, hook-based guards, context management, workflow design. 44,000 words with copy-paste templates. Intro + Ch.1 free. [Details](https://yurukusa.github.io/cc-safe-setup/token-book.html)\n- **[Safety Guide (¥800)](https://zenn.dev/yurukusa/books/6076c23b1cb18b)** — Token consumption diagnosis, file loss prevention, autonomous operation safety. From 800+ hours of real incidents. [Chapter 3 free](https://zenn.dev/yurukusa/books/6076c23b1cb18b/viewer/3-code-quality)\n- **[800 Hours Operation Record (¥1,500)](https://zenn.dev/yurukusa/books/3c3c3baee85f0a19)** — Non-engineer running Claude Code autonomously for 800 hours. Failures, recovery, revenue reality. [Chapter 2 free](https://zenn.dev/yurukusa/books/3c3c3baee85f0a19/viewer/2-first-failures)\n- **Wiki Guides**: [Token FAQ](https://github.com/yurukusa/cc-safe-setup/wiki/Claude-Code-Token-FAQ) · [CLAUDE.md Best Practices](https://github.com/yurukusa/cc-safe-setup/wiki/CLAUDE-md-Best-Practices) · [Token Optimization](https://github.com/yurukusa/cc-safe-setup/wiki/Token-Optimization-Guide)\n- [Cookbook](COOKBOOK.md) — 26 practical recipes (block, approve, protect, monitor, diagnose)\n- [Official Hooks Reference](https://code.claude.com/docs/en/hooks) — Claude Code hooks documentation\n- [Hooks Cookbook](https://github.com/yurukusa/claude-code-hooks/blob/main/COOKBOOK.md) — 25 recipes from real GitHub Issues ([interactive version](https://yurukusa.github.io/claude-code-hooks/))\n- [Skills Guide deep-dive (Qiita, 19K+ views)](https://qiita.com/yurukusa/items/f69920b4a02cf7e2988c) — Anthropic's official Skills PDF analyzed with 40% token reduction\n- [Japanese guide (Qiita)](https://qiita.com/yurukusa/items/a9714b33f5d974e8f1e8) — この記事の日本語解説\n- [v2.1.85 `if` field guide (Qiita)](https://qiita.com/yurukusa/items/7079866e9dc239fcdd57) — Reduce hook overhead with conditional execution\n- [Deny rules bypass vulnerability (Qiita)](https://qiita.com/yurukusa/items/f9c48bb44569bbf4492e) — 50+ subcommands disable all deny rules; hook-based defense\n- [Hook Test Runner](https://github.com/yurukusa/cc-hook-test) — `npx cc-hook-test \u003chook.sh\u003e` to auto-test any hook\n- [Hook Registry](https://github.com/yurukusa/cc-hook-registry) — `npx cc-hook-registry search database` ([browse online](https://yurukusa.github.io/cc-hook-registry/))\n- [Hooks Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html) — printable A4 quick reference\n- [Ecosystem Comparison](https://yurukusa.github.io/cc-safe-setup/ecosystem.html) — all Claude Code hook projects compared\n- [The incident that inspired this tool](https://github.com/anthropics/claude-code/issues/36339) — NTFS junction rm -rf\n- [How to prevent rm -rf disasters](https://yurukusa.github.io/cc-safe-setup/prevent-rm-rf.html) — real incidents and the hook that stops them\n- [How to prevent force-push to main](https://yurukusa.github.io/cc-safe-setup/prevent-force-push.html) — branch protection via hooks\n- [How to prevent secret leaks](https://yurukusa.github.io/cc-safe-setup/prevent-secret-leaks.html) — stop git add . from committing .env\n\n### Free Gists\n\n- [settings.json Complete Template](https://gist.github.com/yurukusa/8ec367cf65042bf9fbd83c35931e7ed1) — copy-paste ready safety configuration\n- [First 3 Safety Steps](https://gist.github.com/yurukusa/72513272be9a4ee29b058e2b08453e1a) — 5-minute safety setup from scratch\n- [CLAUDE.md Before/After](https://gist.github.com/yurukusa/f9d7df5930bfb6d36a25673e69720f7e) — 40% token reduction through better writing patterns\n- [Token Savings Cheat Card](https://gist.github.com/yurukusa/cfe44bfbb3756eccaf51660466913a2d) — 5 techniques to cut consumption in half\n- [Token Consumption Checklist](https://gist.github.com/yurukusa/db8700a9f9fa331d36664df2868274cb) — 10-item diagnostic\n- [Outage Survival Kit](https://gist.github.com/yurukusa/a0e31171eecb527d0df1d5498bf5f5d0) — what to do when Claude Code is down\n- [CLAUDE.md Token Optimizer](https://gist.github.com/yurukusa/2b98fd2e90c0c13f6918c9f915e08e27) — 35-line template, 40% token reduction (800h tested)\n- [Worktree Safety Hooks](https://gist.github.com/yurukusa/98bd43c5d0d8a6ebbf2cf21bfc1e2907) — 3 hooks to protect against worktree deletion and cross-tree destruction\n- [Cache TTL Mitigation Guide](https://gist.github.com/yurukusa/178d3949cd2bd6fbfc275b408f9711d4) — #46829 cache TTL change (1h→5m) impact and 4 mitigations\n- [Security Checkup Hooks](https://gist.github.com/yurukusa/81f79ae6d760b27c17f2cd642ea846d7) — 4 hooks for financial, PII, deny bypass, and background task protection\n- [Cache Breakage Fix](https://gist.github.com/yurukusa/fe6ba0a6aee14207f27ecc84419878b4) — 2 root causes of prompt cache invalidation (#47107 git status, #47098 session restart)\n- [CLAUDE.md Token Optimization Cheat Sheet](https://gist.github.com/yurukusa/556f67c493a2729ce9b1703f5003a227) — 5 CLAUDE.md patterns that reduce token consumption with before/after examples\n- [Token Troubleshooting Guide](https://gist.github.com/yurukusa/47b8c3eadb77cf74946f450f992ddac2) — fix quota drain, cache bugs, 1M context trap. Symptom-based diagnosis with latest issue references\n- [Token Optimization Guide (English)](https://gist.github.com/yurukusa/70ff830c0ad3dff83e53be26cd80bd0a) — 3 biggest token levers with hook code, practical walkthrough\n- [Token Book Sampler: 5 Techniques](https://gist.github.com/yurukusa/4a867ba301b480f996c5b76e4b6a6fbc) — free preview of the Token Book — 5 immediate techniques to reduce consumption\n- [Token Optimization Checklist](https://gist.github.com/yurukusa/4b75025beee916f9904f56b79eeb1217) — 10-step checklist to cut token consumption in half, with hook configs\n- [3 Things That Actually Work](https://gist.github.com/yurukusa/621f6d1cc35816df3da2e07876b44e16) — CLAUDE.md sizing, cache TTL, subagent control — based on 800h data\n- [Cache TTL Diagnostic](https://gist.github.com/yurukusa/3a5bdcfdd295bef17b3ee00978b299f2) — 3 patterns that break prompt cache + fixes\n- [Token Book Ch.1 Free Preview](https://gist.github.com/yurukusa/de862573f18d1a0a68d411b696dbcb73) — Where are your Claude Code tokens going? The 4 layers of token consumption explained\n- [Deny Rules Break After 50 Subcommands](https://gist.github.com/yurukusa/0463d240d7b725218289a556414c72a5) — the hook that fixes Claude Code's deny rule bypass vulnerability\n\n### Professional Services\n\nNeed help configuring Claude Code safely? [**Safety Setup Service**](https://yurukusa.github.io/cc-safe-setup/services.html) — audit, token optimization, and custom hooks by the cc-safe-setup team.\n\n## FAQ\n\n**Q: I installed hooks but Claude says \"Unknown skill: claude-code-hooks:setup\"**\n\ncc-safe-setup installs **hooks**, not skills or plugins. Hooks run automatically in the background — you don't invoke them manually. After install + restart, try running a dangerous command; the hook will block it silently.\n\n**Q: `cc-health-check` says to run `cc-safe-setup` but I already did**\n\ncc-safe-setup covers Safety Guards (75-100%) and Monitoring (context-monitor). The other health check dimensions (Code Quality, Recovery, Coordination) require additional CLAUDE.md configuration or manual hook installation from [claude-code-hooks](https://github.com/yurukusa/claude-code-hooks).\n\n**Q: Will hooks slow down Claude Code?**\n\nNo. Each hook runs in ~10ms. They only fire on specific events (before tool use, after edits, on stop). No polling, no background processes.\n\n**Q: My permission patterns don't match compound commands like `cd /path \u0026\u0026 git status`**\n\nThis is a known limitation of Claude Code's permission system ([#16561](https://github.com/anthropics/claude-code/issues/16561), [#28240](https://github.com/anthropics/claude-code/issues/28240)). Permission matching evaluates only the first token (`cd`), not the actual command (`git status`). Use a PreToolUse hook instead — hooks see the full command string and can parse compound commands. See `compound-command-allow.sh` in examples.\n\n**Q: `--dangerously-skip-permissions` still prompts for `.claude/` and `.git/` writes**\n\nSince v2.1.78, protected directories always prompt regardless of permission mode ([#35668](https://github.com/anthropics/claude-code/issues/35668)). Use a PermissionRequest hook to auto-approve specific protected directory operations. See `allow-protected-dirs.sh` in examples.\n\n**Q: `allow: [\"Bash(*)\"]` overrides my `ask` rules**\n\n`allow` takes precedence over `ask`. If you allow all Bash, ask rules are ignored ([#6527](https://github.com/anthropics/claude-code/issues/6527)). Use PreToolUse hooks to block dangerous commands instead of relying on the ask/allow priority system.\n\n**Q: Hooks silently fail on macOS (Homebrew `jq` not found)**\n\nClaude Code runs hooks with a restricted PATH that excludes `/opt/homebrew/bin` ([#46954](https://github.com/anthropics/claude-code/issues/46954)). If `jq` is installed via Homebrew, hooks silently exit 0. Fix: add `export PATH=\"/opt/homebrew/bin:$PATH\"` at the top of your hook script, or use absolute paths like `/opt/homebrew/bin/jq`. Inline hooks in `settings.json` may also be affected — add a PATH export prefix: `export PATH=\"/opt/homebrew/bin:$PATH\"; INPUT=$(cat); ...`\n\n**Q: How is this different from [claude-token-efficient](https://github.com/drona23/claude-token-efficient)?**\n\nDifferent goals. claude-token-efficient optimizes CLAUDE.md to make Claude's responses shorter and cheaper. cc-safe-setup prevents dangerous operations (file deletion, credential leaks, force-push). They work well together: use claude-token-efficient for cost reduction, cc-safe-setup for safety. For comprehensive token optimization beyond CLAUDE.md (hooks, context management, workflow design), see the [Token Book](https://yurukusa.github.io/cc-safe-setup/token-book.html).\n\n**Still stuck?** See the full [Permission Troubleshooting Flowchart](https://gist.github.com/yurukusa/b64217ffcb908fa309dbfcfa368cd84d) for step-by-step diagnosis.\n\n## Contributing\n\n**Report a problem:** Found a false positive or a bypass? Open an [issue](https://github.com/yurukusa/cc-safe-setup/issues/new). Include the command that was incorrectly blocked/allowed and your OS.\n\n**Request a hook:** Describe the problem you're trying to prevent (not the solution). We'll figure out the hook together.\n\n**Write a hook:** Fork, add your `.sh` file to `examples/`, add tests to `test.sh`, and open a PR. Every hook needs:\n- A comment header explaining what it blocks and why\n- At least 7 test cases (block, allow, empty input, edge cases)\n- `bash -n` syntax validation passing\n\n**Share your experience:** Used cc-safe-setup and have feedback? Open a discussion or comment on any issue. We read everything.\n\nIf cc-safe-setup saved you from a disaster (or just saved you time), a ⭐ helps others find it too.\n\n## Also by yurukusa\n\n- [quiet life](https://yurukusa.github.io/quiet-life/) — Touch the dark. Something alive appears\n- [deep breath](https://yurukusa.github.io/deep-breath/) — Breathe with the light\n- [star moss](https://yurukusa.github.io/star-moss/) — Drag to grow\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyurukusa%2Fcc-safe-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyurukusa%2Fcc-safe-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyurukusa%2Fcc-safe-setup/lists"}