Skip to content

Home

Jump to bottom
yurukusa edited this page May 25, 2026 · 6 revisions

cc-safe-setup

Operator-side defenses for Claude Code. MIT-licensed hooks, free interactive diagnostics, and curated guides. Independent operator, not affiliated with Anthropic.

Free interactive tools

Three axes of defense hooks

Sub-agent observability (May 2026 cluster)

Four hooks for the four sub-patterns surfaced in the 2026-05-20–22 cluster on anthropics/claude-code (issues #60987, #61102, #61107, #61167, #61315, #61405, #61547):

Hook Catches PR
dispatch-receipt Dispatch fabrication (claim of completion with zero tool calls) #283
dispatch-allowlist-preflight Silent stall (sub-agent blocks on hidden condition) #286
dispatch-liveness-watchdog Absence of observation and control (12-hour silent hang) #298
scope-expansion-receipt Scope expansion (sub-agent output treated as authorization) #282 (merged)

Full reference: Sub-Agent Observability — sub-pattern walk-through, case studies, free preview chapters, self-audit tool.

Token waste prevention

Hook Purpose
token-budget-guard Block when cost exceeds threshold
large-read-guard Warn before reading 100KB+ files
session-agent-cost-limiter Cap agents per session
compact-alert-notification Alert on compaction

Full reference: Token Optimization Guide — free fixes for token waste, known issues, install commands.

Destructive operation guards

Hook Purpose
destructive-guard Blocks rm -rf /, git reset --hard, git clean -fd, PowerShell Remove-Item -Recurse -Force
branch-guard Blocks force-push to main/master
secret-guard Blocks committing .env and credential files
scope-guard Limits filesystem reach to project root

Install all: npx cc-safe-setup --shield

Install

npx cc-safe-setup            # interactive
npx cc-safe-setup --shield   # maximum safety preset
npx cc-safe-setup --status   # show installed hooks + June 15 cliff countdown
npx cc-safe-setup --verify   # run sample inputs against installed hooks

749 unique installs in the last 14 days. Docs site.

June 15, 2026 — Anthropic billing split

On 2026-06-15 Anthropic splits programmatic billing: claude -p invocations route to a separate credit bucket from interactive use. Operators running automated agent fleets need to inventory their claude -p cost exposure before the cliff.

The CLI's --status output shows the remaining days dynamically.

Guides on this wiki

Paid handbooks (independent operator)

The hooks above are MIT-licensed and free regardless of any purchase below. The paid handbooks document the architectural reasoning behind the hooks, the case-study catalog, and the operator-vs-harness boundary mapping.

Handbook Subject Pages Price
Migration Playbook (Edition 2) June 15 cliff decision framework ~50 $19
Claim-Verify Handbook Main-agent claim-verify gap (130 cases) ~80 $19
Sub-Agent Observability Handbook (ships 2026-05-27) Four sub-agent failure sub-patterns 73 $19
Incident Postmortems 10 production incidents forensic ~60 ¥4,350

Monthly digest (operator-side defense updates as new clusters emerge): CC Safety Lab Founder Membership (¥500/mo).

Free chapter from Token Book

Token Book Chapter 1 — free chapter on the token waste root causes. The full Token Book is 10 chapters, 44K words, on Zenn.

Feedback

  • Discussions — questions, patterns that worked
  • Issues — false positives, install issues, hook bug reports

Independent operator. Not affiliated with Anthropic. All hook code and tests in this repo are MIT-licensed.

cc-safe-setup is an independent operator-side defense toolkit for Claude Code. MIT-licensed hooks and tests. Not affiliated with Anthropic. Issues and PRs welcome on the main repo.

cc-safe-setup wiki

Start here

  • Home — repo overview, three defense axes

Defense guides

Quick reference

Free interactive tools

June 15 cliff

Project

Clone this wiki locally