Added three new major feature categories with complete documentation and examples: ## New Features ### 07-hooks/ - Event-driven automation with 6 example hook scripts - Pre/post tool hooks, session hooks, and git hooks - Auto-formatting, security scanning, test automation - Complete documentation with best practices ### 08-checkpoints/ - Conversation state snapshots and rewind capability - Safe experimentation and approach comparison - Real-world examples: DB migration, performance optimization, UI iteration - Checkpoint management commands and workflows ### 09-advanced-features/ - Planning Mode: detailed implementation plans before coding - Extended Thinking: deep reasoning for complex problems - Background Tasks: long-running operations without blocking - Permission Modes: unrestricted, confirm, read-only, custom - Headless Mode: CI/CD integration and automation - Session Management: multiple work sessions - Interactive Features: keyboard shortcuts, command history - 10+ configuration examples for different scenarios ## Documentation Updates - README.md: Added sections for all new features with examples - INDEX.md: Updated with new categories, file listings, and search keywords - QUICK_REFERENCE.md: Added quick reference for new features - claude_concepts_guide.md: Comprehensive guide sections for new concepts ## Statistics - Total files: 90+ (up from 71) - Categories: 9 (up from 6) - New hook scripts: 6 - New documentation files: 10+ - Configuration examples: 10+ scenarios All examples are production-ready and follow Claude Code best practices. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
62 lines
1.5 KiB
Bash
62 lines
1.5 KiB
Bash
#!/bin/bash
|
|
# Security scan on file write
|
|
# Hook: PostToolUse:Write
|
|
|
|
FILE=$1
|
|
|
|
if [ -z "$FILE" ]; then
|
|
echo "Usage: $0 <file_path>"
|
|
exit 0
|
|
fi
|
|
|
|
echo "🔒 Running security scan on: $FILE"
|
|
|
|
ISSUES_FOUND=0
|
|
|
|
# Check for hardcoded passwords
|
|
if grep -qE "(password|passwd|pwd)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
|
|
echo "⚠️ WARNING: Potential hardcoded password detected in $FILE"
|
|
ISSUES_FOUND=1
|
|
fi
|
|
|
|
# Check for hardcoded API keys
|
|
if grep -qE "(api[_-]?key|apikey|access[_-]?token)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
|
|
echo "⚠️ WARNING: Potential hardcoded API key detected in $FILE"
|
|
ISSUES_FOUND=1
|
|
fi
|
|
|
|
# Check for hardcoded secrets
|
|
if grep -qE "(secret|token)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
|
|
echo "⚠️ WARNING: Potential hardcoded secret detected in $FILE"
|
|
ISSUES_FOUND=1
|
|
fi
|
|
|
|
# Check for private keys
|
|
if grep -q "BEGIN.*PRIVATE KEY" "$FILE"; then
|
|
echo "⚠️ WARNING: Private key detected in $FILE"
|
|
ISSUES_FOUND=1
|
|
fi
|
|
|
|
# Check for AWS keys
|
|
if grep -qE "AKIA[0-9A-Z]{16}" "$FILE"; then
|
|
echo "⚠️ WARNING: AWS access key detected in $FILE"
|
|
ISSUES_FOUND=1
|
|
fi
|
|
|
|
# Scan with semgrep if available
|
|
if command -v semgrep &> /dev/null; then
|
|
semgrep --config=auto "$FILE" --quiet 2>/dev/null
|
|
fi
|
|
|
|
# Scan with trufflehog if available
|
|
if command -v trufflehog &> /dev/null; then
|
|
trufflehog filesystem "$FILE" --only-verified --quiet 2>/dev/null
|
|
fi
|
|
|
|
if [ $ISSUES_FOUND -eq 0 ]; then
|
|
echo "✅ No security issues found"
|
|
fi
|
|
|
|
# Don't block the operation, just warn
|
|
exit 0
|