Package Exports
- cc-safe-setup
- cc-safe-setup/index.mjs
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (cc-safe-setup) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
cc-safe-setup
One command to make Claude Code safe for autonomous operation.
Not just a destructive command blocker — 8 hooks covering safety, quality, monitoring, and developer experience.
npx cc-safe-setupInstalls 8 production-tested safety hooks in ~10 seconds. Zero dependencies. No manual configuration.
cc-safe-setup
Make Claude Code safe for autonomous operation
Prevents real incidents (from GitHub Issues):
✗ rm -rf deleted entire user directory via NTFS junction (#36339)
✗ Remove-Item -Recurse -Force destroyed unpushed source (#37331)
✗ Entire Mac filesystem deleted during cleanup (#36233)
✗ Untested code pushed to main at 3am
✗ Force-push rewrote shared branch history
✗ API keys committed to public repos via git add .
✗ Syntax errors cascading through 30+ files
✗ Sessions losing all context with no warning
Hooks to install:
● Destructive Command Blocker
● Branch Push Protector
● Post-Edit Syntax Validator
● Context Window Monitor
● Bash Comment Stripper
● cd+git Auto-Approver
● Secret Leak Prevention
Install all 8 safety hooks? [Y/n] Y
✓ Done. 8 safety hooks installed.Why This Exists
A Claude Code user lost their entire C:\Users directory when rm -rf followed NTFS junctions. Another lost all source code when Claude ran Remove-Item -Recurse -Force * on a repo. Others had untested code pushed to main at 3am. API keys got committed via git add .. Syntax errors cascaded through 30+ files before anyone noticed.
Claude Code ships with no safety hooks by default. This tool fixes that.
What Gets Installed
| Hook | Prevents | Related Issues |
|---|---|---|
| Destructive Guard | rm -rf /, git reset --hard, git clean -fd, git checkout --force, sudo + destructive, PowerShell Remove-Item -Recurse -Force, rd /s /q, NFS mount detection |
#36339 #36640 #37331 |
| Branch Guard | Pushes to main/master + force-push (--force) on all branches |
|
| Secret Guard | git add .env, credential files, git add . with .env present |
#6527 |
| Syntax Check | Python, Shell, JSON, YAML, JS errors after edits | |
| Context Monitor | Session state loss from context window overflow (40%→25%→20%→15% warnings) | |
| Comment Stripper | Bash comments breaking permission allowlists | #29582 |
| cd+git Auto-Approver | Permission prompt spam for cd /path && git log |
#32985 #16561 |
| API Error Alert | Silent session death from rate limits or API errors — desktop notification + log |
Each hook exists because a real incident happened without it.
How It Works
- Writes hook scripts to
~/.claude/hooks/ - Updates
~/.claude/settings.jsonto register the hooks - Restart Claude Code — hooks are active
Safe to run multiple times. Existing settings are preserved. A backup is created if settings.json can't be parsed.
Preview first: npx cc-safe-setup --dry-run
Check status: npx cc-safe-setup --status — see which hooks are installed (exit code 1 if missing).
Verify hooks work: npx cc-safe-setup --verify — sends test inputs to each hook and confirms they block/allow correctly.
Uninstall: npx cc-safe-setup --uninstall — removes all hooks and cleans settings.json.
Requires: jq for JSON parsing (brew install jq / apt install jq).
Note: Hooks are skipped when Claude Code runs with --bare or --dangerously-skip-permissions. These modes bypass all safety hooks by design.
Known limitation: In headless mode (-p / --print), hook exit code 2 may not block tool execution (#36071). For CI pipelines, use interactive mode with hooks rather than -p mode.
Before / After
Run npx cc-health-check to see the difference:
| Before | After | |
|---|---|---|
| Safety Guards | 25% | 75% |
| Overall Score | 50/100 | 95/100 |
| Destructive commands | Unprotected | Blocked |
| Force push | Allowed | Blocked |
.env in git |
Possible | Blocked |
| Context warnings | None | 4-stage alerts |
Configuration
| Variable | Hook | Default |
|---|---|---|
CC_ALLOW_DESTRUCTIVE=1 |
destructive-guard | 0 (protection on) |
CC_SAFE_DELETE_DIRS |
destructive-guard | node_modules:dist:build:.cache:__pycache__:coverage |
CC_PROTECT_BRANCHES |
branch-guard | main:master |
CC_ALLOW_FORCE_PUSH=1 |
branch-guard | 0 (protection on) |
CC_SECRET_PATTERNS |
secret-guard | .env:.env.local:credentials:*.pem:*.key |
CC_CONTEXT_MISSION_FILE |
context-monitor | $HOME/mission.md |
After Installing
Verify your setup:
npx cc-health-checkFull Kit
cc-safe-setup gives you 8 essential hooks. For the complete autonomous operation toolkit:
Claude Code Ops Kit — 16 hooks + 5 templates + 3 exclusive tools + install.sh. Production-ready in 15 minutes.
Or start with the free hooks: claude-code-hooks
Examples
Need custom hooks beyond the 8 built-in ones? Install any example with one command:
npx cc-safe-setup --install-example block-database-wipeOr browse all available examples in examples/:
- auto-approve-git-read.sh — Auto-approve
git status,git log, even with-Cflags - auto-approve-ssh.sh — Auto-approve safe SSH commands (
uptime,whoami, etc.) - enforce-tests.sh — Warn when source files change without corresponding test files
- notify-waiting.sh — Desktop notification when Claude Code waits for input (macOS/Linux/WSL2)
- edit-guard.sh — Block Edit/Write to protected files (defense-in-depth for #37210)
- auto-approve-build.sh — Auto-approve npm/yarn/cargo/go/python build, test, and lint commands
- auto-approve-docker.sh — Auto-approve docker build, compose, ps, logs, and other safe commands
- block-database-wipe.sh — Block destructive database commands: Laravel
migrate:fresh, Djangoflush, Railsdb:drop, rawDROP DATABASE(#37405 #37439) - auto-approve-python.sh — Auto-approve pytest, mypy, ruff, black, isort, flake8, pylint commands
- auto-snapshot.sh — Auto-save file snapshots before edits for rollback protection (#37386 #37457)
- allowlist.sh — Block everything not explicitly approved — inverse permission model (#37471)
- protect-dotfiles.sh — Block modifications to
~/.bashrc,~/.aws/,~/.ssh/and chezmoi without diff (#37478) - scope-guard.sh — Block file operations outside project directory — absolute paths, home, parent escapes (#36233)
- auto-checkpoint.sh — Auto-commit after every edit for rollback protection (#34674)
- git-config-guard.sh — Block
git config --globalmodifications without consent (#37201) - deploy-guard.sh — Block deploy commands when uncommitted changes exist (#37314)
- network-guard.sh — Warn on suspicious network commands sending file contents (#37420)
Learn More
- Official Hooks Reference — Claude Code hooks documentation
- Hooks Cookbook — 16 ready-to-use recipes from real GitHub Issues
- Japanese guide (Qiita) — この記事の日本語解説
- The incident that inspired this tool — NTFS junction rm -rf
FAQ
Q: I installed hooks but Claude says "Unknown skill: claude-code-hooks:setup"
cc-safe-setup installs hooks, not skills or plugins. Hooks run automatically in the background — you don't invoke them manually. After install + restart, try running a dangerous command; the hook will block it silently.
Q: cc-health-check says to run cc-safe-setup but I already did
cc-safe-setup covers Safety Guards (75-100%) and Monitoring (context-monitor). The other health check dimensions (Code Quality, Recovery, Coordination) require additional CLAUDE.md configuration or manual hook installation from claude-code-hooks.
Q: Will hooks slow down Claude Code?
No. Each hook runs in ~10ms. They only fire on specific events (before tool use, after edits, on stop). No polling, no background processes.
Contributing
Found a false positive? Open an issue. Want a new hook? Open a feature request.
If cc-safe-setup saved your project from a destructive command, consider giving it a star — it helps others find this tool.
License
MIT