Files
claude-howto/07-hooks/security-scan.sh
Luong NGUYEN 6238744478 Add comprehensive Claude Code advanced features
Added three new major feature categories with complete documentation and examples:

## New Features

### 07-hooks/
- Event-driven automation with 6 example hook scripts
- Pre/post tool hooks, session hooks, and git hooks
- Auto-formatting, security scanning, test automation
- Complete documentation with best practices

### 08-checkpoints/
- Conversation state snapshots and rewind capability
- Safe experimentation and approach comparison
- Real-world examples: DB migration, performance optimization, UI iteration
- Checkpoint management commands and workflows

### 09-advanced-features/
- Planning Mode: detailed implementation plans before coding
- Extended Thinking: deep reasoning for complex problems
- Background Tasks: long-running operations without blocking
- Permission Modes: unrestricted, confirm, read-only, custom
- Headless Mode: CI/CD integration and automation
- Session Management: multiple work sessions
- Interactive Features: keyboard shortcuts, command history
- 10+ configuration examples for different scenarios

## Documentation Updates

- README.md: Added sections for all new features with examples
- INDEX.md: Updated with new categories, file listings, and search keywords
- QUICK_REFERENCE.md: Added quick reference for new features
- claude_concepts_guide.md: Comprehensive guide sections for new concepts

## Statistics

- Total files: 90+ (up from 71)
- Categories: 9 (up from 6)
- New hook scripts: 6
- New documentation files: 10+
- Configuration examples: 10+ scenarios

All examples are production-ready and follow Claude Code best practices.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-08 00:27:53 +01:00

62 lines
1.5 KiB
Bash

#!/bin/bash
# Security scan on file write
# Hook: PostToolUse:Write
FILE=$1
if [ -z "$FILE" ]; then
echo "Usage: $0 <file_path>"
exit 0
fi
echo "🔒 Running security scan on: $FILE"
ISSUES_FOUND=0
# Check for hardcoded passwords
if grep -qE "(password|passwd|pwd)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
echo "⚠️ WARNING: Potential hardcoded password detected in $FILE"
ISSUES_FOUND=1
fi
# Check for hardcoded API keys
if grep -qE "(api[_-]?key|apikey|access[_-]?token)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
echo "⚠️ WARNING: Potential hardcoded API key detected in $FILE"
ISSUES_FOUND=1
fi
# Check for hardcoded secrets
if grep -qE "(secret|token)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
echo "⚠️ WARNING: Potential hardcoded secret detected in $FILE"
ISSUES_FOUND=1
fi
# Check for private keys
if grep -q "BEGIN.*PRIVATE KEY" "$FILE"; then
echo "⚠️ WARNING: Private key detected in $FILE"
ISSUES_FOUND=1
fi
# Check for AWS keys
if grep -qE "AKIA[0-9A-Z]{16}" "$FILE"; then
echo "⚠️ WARNING: AWS access key detected in $FILE"
ISSUES_FOUND=1
fi
# Scan with semgrep if available
if command -v semgrep &> /dev/null; then
semgrep --config=auto "$FILE" --quiet 2>/dev/null
fi
# Scan with trufflehog if available
if command -v trufflehog &> /dev/null; then
trufflehog filesystem "$FILE" --only-verified --quiet 2>/dev/null
fi
if [ $ISSUES_FOUND -eq 0 ]; then
echo "✅ No security issues found"
fi
# Don't block the operation, just warn
exit 0