@aictrl/hush 0.1.6 → 0.1.8

package/.github/workflows/opencode-review.yml

@@ -69,33 +69,78 @@ jobs:
             echo "skip=false" >> $GITHUB_OUTPUT
           fi
 
+      - name: Setup Node.js
+        if: steps.check_changes.outputs.skip != 'true'
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Start Hush Gateway
+        if: steps.check_changes.outputs.skip != 'true'
+        run: |
+          npm ci && npm run build
+          PORT=4000 HUSH_HOST=127.0.0.1 node dist/cli.js > /tmp/hush-gateway.log 2>&1 &
+          for i in $(seq 1 20); do
+            curl -sf http://127.0.0.1:4000/health > /dev/null 2>&1 && break
+            sleep 0.5
+          done
+          curl -sf http://127.0.0.1:4000/health || { echo "::error::Hush gateway failed to start"; exit 1; }
+          echo "Hush gateway running on :4000"
+
       - name: Setup OpenCode
         if: steps.check_changes.outputs.skip != 'true'
         env:
           ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          # Use GITHUB_TOKEN to avoid rate limits when fetching version info
           curl -fsSL https://opencode.ai/install | bash -s -- --no-modify-path
           echo "$HOME/.opencode/bin" >> $GITHUB_PATH
 
+          # Route the built-in zai-coding-plan provider through the hush proxy
+          # by overriding baseURL. No custom provider needed — the provider
+          # auto-detects apiKey from ZHIPU_API_KEY env var.
+          mkdir -p .opencode/plugins
+          cp examples/team-config/.opencode/plugins/hush.ts .opencode/plugins/hush.ts
+          printf '%s\n' '{"provider":{"zai-coding-plan":{"options":{"baseURL":"http://127.0.0.1:4000/api/coding/paas/v4"}}},"plugin":[".opencode/plugins/hush.ts"]}' > opencode.json
+
       - name: Direct OpenCode Review
         if: steps.check_changes.outputs.skip != 'true'
+        timeout-minutes: 15
         env:
           ZHIPU_API_KEY: ${{ secrets.ZHIPUAI_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           SHA=${{ github.event.pull_request.head.sha || github.sha }}
-          echo "Starting review with GLM-5 for SHA $SHA..."
-          
-          $HOME/.opencode/bin/opencode run --model zai-coding-plan/glm-5 "Review the changes in this PR for the Hush Semantic Gateway.
+          PR_NUMBER=${{ github.event.pull_request.number }}
+          echo "Starting review with zai-coding-plan/glm-5 via hush proxy for PR #$PR_NUMBER SHA $SHA..."
+          echo "opencode.json:"; cat opencode.json
+          echo "Hush health:"; curl -sf http://127.0.0.1:4000/health || echo "gateway unreachable"
+
+          $HOME/.opencode/bin/opencode run --model zai-coding-plan/glm-5 "Review the changes in PR #$PR_NUMBER for the Hush Semantic Gateway.
+
+          **IMPORTANT**: This is a code review only. Do NOT run tests, npm commands, or build commands. Only read source files and git diffs.
 
           Focus areas:
           1. **Redaction Logic**: Ensure PII patterns are robust and handle edge cases in tool outputs (like JSON or CLI tables).
           2. **Streaming Integrity**: Check that the SSE/streaming proxy logic doesn't buffer unnecessarily or break the rehydration flow.
           3. **Security**: Look for potential PII leaks or insecure token handling in the vault.
           4. **Reliability**: Ensure the proxy handles upstream errors gracefully.
-          
-          Keep the summary concise but technical. Post findings as a markdown comment on the PR.
-          
+
+          Keep the review concise. Post findings as a single markdown comment using:
+            gh pr comment $PR_NUMBER --body \"<your review>\"
+
+          Do NOT try to auto-detect the PR number — use exactly $PR_NUMBER.
+
           **CRITICAL**: Include the string 'Reviewed SHA: $SHA' at the very end of your comment so I can track which commits have been reviewed."
+
+      - name: Verify Hush Proxy Was Used
+        if: always() && steps.check_changes.outputs.skip != 'true'
+        run: |
+          echo "=== Hush Gateway Logs ==="
+          cat /tmp/hush-gateway.log 2>/dev/null || echo "No gateway log found"
+          echo ""
+          if grep -q "Starting stream proxy" /tmp/hush-gateway.log 2>/dev/null; then
+            echo "Hush proxy intercepted traffic"
+          else
+            echo "::warning::No proxy traffic detected in hush logs — review may have bypassed the gateway"
+          fi

package/.gitlab-ci.yml

@@ -0,0 +1,59 @@
+stages:
+  - build
+  - e2e
+
+build:
+  stage: build
+  image: node:22-slim
+  script:
+    - npm ci
+    - npm run build
+    - npm test
+  artifacts:
+    paths:
+      - dist/
+    expire_in: 1 hour
+  cache:
+    key:
+      files:
+        - package-lock.json
+    paths:
+      - node_modules/
+
+e2e-plugin-blocks-env:
+  stage: e2e
+  image: node:22-slim
+  needs: [build]
+  cache:
+    key:
+      files:
+        - package-lock.json
+    paths:
+      - node_modules/
+    policy: pull
+  before_script:
+    - npm install -g opencode
+  script:
+    - chmod +x scripts/e2e-plugin-block.sh
+    - ./scripts/e2e-plugin-block.sh
+  variables:
+    ZHIPUAI_API_KEY: $ZHIPUAI_API_KEY
+
+e2e-proxy-redacts-pii:
+  stage: e2e
+  image: node:22-slim
+  needs: [build]
+  cache:
+    key:
+      files:
+        - package-lock.json
+    paths:
+      - node_modules/
+    policy: pull
+  before_script:
+    - npm install -g opencode
+  script:
+    - chmod +x scripts/e2e-proxy-live.sh
+    - ./scripts/e2e-proxy-live.sh
+  variables:
+    ZHIPUAI_API_KEY: $ZHIPUAI_API_KEY

package/README.md

@@ -57,12 +57,15 @@ Create `opencode.json` in your project root:
 
 ### Gemini CLI
 
-Gemini CLI only supports env vars for endpoint override (no settings file option):
+Add `.gemini/.env` to your project root (or set the env var directly):
 
 ```bash
-CODE_ASSIST_ENDPOINT=http://127.0.0.1:4000 gemini
+# .gemini/.env
+CODE_ASSIST_ENDPOINT=http://127.0.0.1:4000
 ```
 
+Or: `CODE_ASSIST_ENDPOINT=http://127.0.0.1:4000 gemini`
+
 ### Verify it works
 
 When your AI tool sends a request containing PII, the hush terminal shows:
@@ -73,6 +76,150 @@ INFO: Redacted sensitive data from request  path="/v1/messages"  tokenCount=2  d
 
 Your tool still sees the real data (rehydrated locally). The LLM provider only ever sees tokens like `[USER_EMAIL_f22c5a]`.
 
+## Enforce for Your Team
+
+Commit config files to your repo so every developer automatically routes through hush — no manual setup per person.
+
+Copy the files from [`examples/team-config/`](examples/team-config/) into your project root:
+
+```
+your-project/
+├── .claude/settings.json     # Claude Code → hush
+├── .codex/config.toml        # Codex → hush
+├── .gemini/.env              # Gemini CLI → hush
+└── opencode.json             # OpenCode → hush
+```
+
+**Claude Code** — `.claude/settings.json`:
+```json
+{
+  "env": {
+    "ANTHROPIC_BASE_URL": "http://127.0.0.1:4000"
+  }
+}
+```
+
+**Codex** — `.codex/config.toml`:
+```toml
+model_provider = "hush"
+
+[model_providers.hush]
+base_url = "http://127.0.0.1:4000/v1"
+```
+
+**OpenCode** — `opencode.json`:
+```json
+{
+  "provider": {
+    "zai-coding-plan": {
+      "options": {
+        "baseURL": "http://127.0.0.1:4000/api/coding/paas/v4"
+      }
+    }
+  }
+}
+```
+
+**Gemini CLI** — `.gemini/.env`:
+```
+CODE_ASSIST_ENDPOINT=http://127.0.0.1:4000
+```
+
+Each developer just needs `hush` running locally. All AI tools in the project will route through it automatically.
+
+## Hooks Mode (Claude Code)
+
+Hush can also run as a **Claude Code hook** — redacting PII from tool outputs *before Claude ever sees them*. No proxy required.
+
+### Setup
+
+```bash
+hush init --hooks
+```
+
+This adds a `PostToolUse` hook to `.claude/settings.json` that runs `hush redact-hook` after every `Bash`, `Read`, `Grep`, and `WebFetch` tool call.
+
+Use `--local` to write to `settings.local.json` instead (for personal overrides not committed to the repo).
+
+### How it works
+
+```
+Local files/commands → [Hook: redact before Claude sees] → Claude's context
+                                                               ↓
+                                                          API request
+                                                               ↓
+                                                    [Proxy: redact before cloud]
+                                                               ↓
+                                                          LLM Provider
+```
+
+When a tool runs (e.g., `cat .env`), the hook inspects the response for PII. If PII is found, the hook **blocks** the raw output and provides Claude with the redacted version instead. Claude only ever sees `[USER_EMAIL_f22c5a]`, not `alice@company.com`.
+
+### Hooks vs Proxy
+
+| | Hooks Mode | Proxy Mode |
+|---|---|---|
+| **What's protected** | Tool outputs (before Claude sees them) | API requests (before they leave your machine) |
+| **Setup** | `hush init --hooks` | `hush` + point `ANTHROPIC_BASE_URL` |
+| **Works with** | Claude Code only | Any AI tool |
+| **Defense-in-depth** | Use both for maximum coverage | Use both for maximum coverage |
+
+### Defense-in-depth
+
+For maximum protection, use both modes together. The team config example in [`examples/team-config/`](examples/team-config/) shows this setup — hooks redact tool outputs and the proxy redacts API requests.
+
+## OpenCode Plugin
+
+Hush provides an **OpenCode plugin** that blocks reads of sensitive files (`.env`, `*.pem`, `credentials.*`, `id_rsa`, etc.) before the tool executes — the AI model never sees the contents.
+
+### Drop-in setup
+
+Copy the plugin file and update your `opencode.json`:
+
+```
+your-project/
+├── .opencode/plugins/hush.ts    # plugin file
+└── opencode.json                # add "plugin" array
+```
+
+```json
+{
+  "provider": {
+    "zai-coding-plan": {
+      "options": {
+        "baseURL": "http://127.0.0.1:4000/api/coding/paas/v4"
+      }
+    }
+  },
+  "plugin": [".opencode/plugins/hush.ts"]
+}
+```
+
+Find the drop-in plugin at [`examples/team-config/.opencode/plugins/hush.ts`](examples/team-config/.opencode/plugins/hush.ts).
+
+### npm import
+
+```typescript
+import { HushPlugin } from '@aictrl/hush/opencode-plugin'
+```
+
+### What it blocks
+
+| Tool | Blocked when |
+|------|-------------|
+| `read` | File path matches `.env*`, `*credentials*`, `*secret*`, `*.pem`, `*.key`, `*.p12`, `*.pfx`, `*.jks`, `*.keystore`, `*.asc`, `id_rsa*`, `.netrc`, `.pgpass` |
+| `bash` | Commands like `cat`, `head`, `tail`, `less`, `more`, `bat` target a sensitive file |
+
+### Plugin + Proxy = Defense-in-depth
+
+The plugin blocks reads of known-sensitive filenames. The proxy catches PII in files with normal names (e.g., `config.txt` containing an email). Together they provide two layers of protection:
+
+```
+Tool reads .env       → [Plugin: BLOCKED]           → model never sees it
+Tool reads config.txt → [Plugin: allowed]            → proxy redacts PII → model sees tokens
+                         (not a sensitive filename)
+```
+
 ## How it Works
 
 1. **Intercept** — Hush sits on your machine between your AI tool and the LLM provider.
@@ -88,7 +235,7 @@ Your tool still sees the real data (rehydrated locally). The LLM provider only e
 | Claude Code | `~/.claude/settings.json` | `/v1/messages` → Anthropic |
 | Codex | `~/.codex/config.toml` | `/v1/chat/completions` → OpenAI |
 | OpenCode | `opencode.json` | `/api/paas/v4/**` → ZhipuAI |
-| Gemini CLI | `CODE_ASSIST_ENDPOINT` env var | `/v1beta/models/**` → Google |
+| Gemini CLI | `.gemini/.env` | `/v1beta/models/**` → Google |
 | Any tool | Point base URL at hush | `/*` catch-all with auto-detect |
 
 Hush forwards your existing auth headers transparently — no API keys need to be reconfigured.

package/dist/cli.js

@@ -1,19 +1,32 @@
 #!/usr/bin/env node
-import { app } from './index.js';
-import { createLogger } from './lib/logger.js';
-const log = createLogger('hush-cli');
-const PORT = process.env.PORT || 4000;
-const server = app.listen(PORT, () => {
-    log.info(`Hush Semantic Gateway is listening on http://localhost:${PORT}`);
-    log.info(`Routes: /v1/messages → Anthropic, /v1/chat/completions → OpenAI, /api/paas/v4/** → ZhipuAI, * → Google`);
-});
-server.on('error', (err) => {
-    if (err.code === 'EADDRINUSE') {
-        log.error(`Port ${PORT} is already in use. Stop the other process or use PORT=<number> hush`);
-    }
-    else {
-        log.error({ err }, 'Failed to start server');
-    }
-    process.exit(1);
-});
+const subcommand = process.argv[2];
+if (subcommand === 'redact-hook') {
+    const { run } = await import('./commands/redact-hook.js');
+    await run();
+}
+else if (subcommand === 'init') {
+    const { run } = await import('./commands/init.js');
+    run(process.argv.slice(3));
+}
+else {
+    // Default: start the proxy server
+    const { app } = await import('./index.js');
+    const { createLogger } = await import('./lib/logger.js');
+    const log = createLogger('hush-cli');
+    const PORT = process.env.PORT || 4000;
+    const server = app.listen(PORT, () => {
+        log.info(`Hush Semantic Gateway is listening on http://localhost:${PORT}`);
+        log.info(`Routes: /v1/messages → Anthropic, /v1/chat/completions → OpenAI, /api/paas/v4/** → ZhipuAI, * → Google`);
+    });
+    server.on('error', (err) => {
+        if (err.code === 'EADDRINUSE') {
+            log.error(`Port ${PORT} is already in use. Stop the other process or use PORT=<number> hush`);
+        }
+        else {
+            log.error({ err }, 'Failed to start server');
+        }
+        process.exit(1);
+    });
+}
+export {};
 //# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,GAAG,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;AACrC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;AAEtC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;IACnC,GAAG,CAAC,IAAI,CAAC,0DAA0D,IAAI,EAAE,CAAC,CAAC;IAC3E,GAAG,CAAC,IAAI,CAAC,wGAAwG,CAAC,CAAC;AACrH,CAAC,CAAC,CAAC;AAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;IAChD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC9B,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,sEAAsE,CAAC,CAAC;IAChG,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,wBAAwB,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAEnC,IAAI,UAAU,KAAK,aAAa,EAAE,CAAC;IACjC,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;IAC1D,MAAM,GAAG,EAAE,CAAC;AACd,CAAC;KAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;IACjC,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACnD,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7B,CAAC;KAAM,CAAC;IACN,kCAAkC;IAClC,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAEzD,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;IAEtC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;QACnC,GAAG,CAAC,IAAI,CAAC,0DAA0D,IAAI,EAAE,CAAC,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,wGAAwG,CAAC,CAAC;IACrH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QAChD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC9B,GAAG,CAAC,KAAK,CAAC,QAAQ,IAAI,sEAAsE,CAAC,CAAC;QAChG,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,wBAAwB,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/init.d.ts

@@ -0,0 +1,11 @@
+/**
+ * hush init — Generate hook configuration for Claude Code or Gemini CLI
+ *
+ * Usage:
+ *   hush init --hooks           Write to .claude/settings.json
+ *   hush init --hooks --local   Write to .claude/settings.local.json
+ *   hush init --hooks --gemini  Write to .gemini/settings.json
+ *   hush init --hooks --gemini --local  Write to .gemini/settings.local.json
+ */
+export declare function run(args: string[]): void;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAiIH,wBAAgB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAgDxC"}

package/dist/commands/init.js

@@ -0,0 +1,135 @@
+/**
+ * hush init — Generate hook configuration for Claude Code or Gemini CLI
+ *
+ * Usage:
+ *   hush init --hooks           Write to .claude/settings.json
+ *   hush init --hooks --local   Write to .claude/settings.local.json
+ *   hush init --hooks --gemini  Write to .gemini/settings.json
+ *   hush init --hooks --gemini --local  Write to .gemini/settings.local.json
+ */
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'fs';
+import { join } from 'path';
+const HUSH_HOOK = {
+    type: 'command',
+    command: 'hush redact-hook',
+    timeout: 10,
+};
+const CLAUDE_HOOK_CONFIG = {
+    hooks: {
+        PreToolUse: [
+            {
+                matcher: 'mcp__.*',
+                hooks: [HUSH_HOOK],
+            },
+        ],
+        PostToolUse: [
+            {
+                matcher: 'Bash|Read|Grep|WebFetch',
+                hooks: [HUSH_HOOK],
+            },
+            {
+                matcher: 'mcp__.*',
+                hooks: [HUSH_HOOK],
+            },
+        ],
+    },
+};
+const GEMINI_HOOK_CONFIG = {
+    hooks: {
+        BeforeTool: [
+            {
+                matcher: 'mcp__.*',
+                hooks: [HUSH_HOOK],
+            },
+        ],
+        AfterTool: [
+            {
+                matcher: 'run_shell_command|read_file|read_many_files|search_file_content|web_fetch',
+                hooks: [HUSH_HOOK],
+            },
+            {
+                matcher: 'mcp__.*',
+                hooks: [HUSH_HOOK],
+            },
+        ],
+    },
+};
+function hasHushHookInEntries(entries) {
+    if (!Array.isArray(entries))
+        return false;
+    return entries.some((entry) => entry.hooks?.some((h) => h.command?.includes('hush redact-hook')));
+}
+function hasHushHookClaude(settings) {
+    return (hasHushHookInEntries(settings.hooks?.PreToolUse) &&
+        hasHushHookInEntries(settings.hooks?.PostToolUse));
+}
+function hasHushHookGemini(settings) {
+    return (hasHushHookInEntries(settings.hooks?.BeforeTool) &&
+        hasHushHookInEntries(settings.hooks?.AfterTool));
+}
+function mergeHookEntries(existing, newEntries) {
+    const merged = Array.isArray(existing) ? [...existing] : [];
+    for (const entry of newEntries) {
+        const alreadyHas = merged.some((e) => e.matcher === entry.matcher &&
+            e.hooks?.some((h) => h.command?.includes('hush redact-hook')));
+        if (!alreadyHas) {
+            merged.push(entry);
+        }
+    }
+    return merged;
+}
+function mergeHooks(existing, hookConfig) {
+    const merged = { ...existing };
+    if (!merged.hooks) {
+        merged.hooks = {};
+    }
+    for (const [eventName, entries] of Object.entries(hookConfig.hooks)) {
+        const existingEntries = merged.hooks[eventName];
+        merged.hooks[eventName] = mergeHookEntries(existingEntries, entries);
+    }
+    return merged;
+}
+export function run(args) {
+    const hasHooksFlag = args.includes('--hooks');
+    const isLocal = args.includes('--local');
+    const isGemini = args.includes('--gemini');
+    if (!hasHooksFlag) {
+        process.stderr.write('Usage: hush init --hooks [--local] [--gemini]\n');
+        process.stderr.write('\n');
+        process.stderr.write('Options:\n');
+        process.stderr.write('  --hooks   Generate hook config (PreToolUse + PostToolUse or BeforeTool + AfterTool)\n');
+        process.stderr.write('  --local   Write to settings.local.json instead of settings.json\n');
+        process.stderr.write('  --gemini  Write Gemini CLI hooks instead of Claude Code hooks\n');
+        process.exit(1);
+    }
+    const dirName = isGemini ? '.gemini' : '.claude';
+    const configDir = join(process.cwd(), dirName);
+    const filename = isLocal ? 'settings.local.json' : 'settings.json';
+    const filePath = join(configDir, filename);
+    // Ensure config dir exists
+    if (!existsSync(configDir)) {
+        mkdirSync(configDir, { recursive: true });
+    }
+    // Read existing settings or start fresh
+    let settings = {};
+    if (existsSync(filePath)) {
+        try {
+            const raw = readFileSync(filePath, 'utf-8');
+            settings = JSON.parse(raw);
+        }
+        catch {
+            process.stderr.write(`Warning: could not parse ${filePath}, starting fresh\n`);
+        }
+    }
+    // Idempotency check
+    const hookConfig = isGemini ? GEMINI_HOOK_CONFIG : CLAUDE_HOOK_CONFIG;
+    const hasHook = isGemini ? hasHushHookGemini : hasHushHookClaude;
+    if (hasHook(settings)) {
+        process.stdout.write(`hush hooks already configured in ${filePath}\n`);
+        return;
+    }
+    const merged = mergeHooks(settings, hookConfig);
+    writeFileSync(filePath, JSON.stringify(merged, null, 2) + '\n');
+    process.stdout.write(`Wrote hush hooks config to ${filePath}\n`);
+}
+//# sourceMappingURL=init.js.map

package/dist/commands/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,MAAM,SAAS,GAAG;IAChB,IAAI,EAAE,SAAkB;IACxB,OAAO,EAAE,kBAAkB;IAC3B,OAAO,EAAE,EAAE;CACZ,CAAC;AAEF,MAAM,kBAAkB,GAAG;IACzB,KAAK,EAAE;QACL,UAAU,EAAE;YACV;gBACE,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,CAAC,SAAS,CAAC;aACnB;SACF;QACD,WAAW,EAAE;YACX;gBACE,OAAO,EAAE,yBAAyB;gBAClC,KAAK,EAAE,CAAC,SAAS,CAAC;aACnB;YACD;gBACE,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,CAAC,SAAS,CAAC;aACnB;SACF;KACF;CACF,CAAC;AAEF,MAAM,kBAAkB,GAAG;IACzB,KAAK,EAAE;QACL,UAAU,EAAE;YACV;gBACE,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,CAAC,SAAS,CAAC;aACnB;SACF;QACD,SAAS,EAAE;YACT;gBACE,OAAO,EAAE,2EAA2E;gBACpF,KAAK,EAAE,CAAC,SAAS,CAAC;aACnB;YACD;gBACE,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE,CAAC,SAAS,CAAC;aACnB;SACF;KACF;CACF,CAAC;AAsBF,SAAS,oBAAoB,CAAC,OAAgC;IAC5D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAC5B,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAClE,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAsB;IAC/C,OAAO,CACL,oBAAoB,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;QAChD,oBAAoB,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,CAClD,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAsB;IAC/C,OAAO,CACL,oBAAoB,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;QAChD,oBAAoB,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC,CAChD,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,QAAiC,EACjC,UAAuB;IAEvB,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE5D,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO;YAC3B,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAChE,CAAC;QACF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,UAAU,CAAC,QAAsB,EAAE,UAAsB;IAChE,MAAM,MAAM,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;IAE/B,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,CAAC,KAAK,GAAG,EAAE,CAAC;IACpB,CAAC;IAED,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAA4B,CAAC;QAC3E,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,gBAAgB,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,GAAG,CAAC,IAAc;IAChC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAE3C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACnC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yFAAyF,CAAC,CAAC;QAChH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAC;QAC5F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mEAAmE,CAAC,CAAC;QAC1F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,eAAe,CAAC;IACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAE3C,2BAA2B;IAC3B,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,wCAAwC;IACxC,IAAI,QAAQ,GAAiB,EAAE,CAAC;IAChC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC5C,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,QAAQ,oBAAoB,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,kBAAkB,CAAC;IACtE,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,iBAAiB,CAAC;IAEjE,IAAI,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,QAAQ,IAAI,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAChD,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,QAAQ,IAAI,CAAC,CAAC;AACnE,CAAC"}

package/dist/commands/redact-hook.d.ts

@@ -0,0 +1,21 @@
+/**
+ * hush redact-hook — Hook handler for Claude Code and Gemini CLI
+ *
+ * Reads the hook payload from stdin, redacts PII, and returns the
+ * appropriate response format depending on the hook event type:
+ *
+ *   Claude Code:
+ *     PreToolUse  — redacts outbound MCP tool arguments (updatedInput)
+ *     PostToolUse — redacts inbound MCP tool results  (updatedMCPToolOutput)
+ *                   or blocks built-in tool output     (decision: "block")
+ *
+ *   Gemini CLI:
+ *     BeforeTool  — redacts outbound MCP tool arguments (hookSpecificOutput.tool_input)
+ *     AfterTool   — redacts inbound tool results        (decision: "deny")
+ *
+ * Exit codes:
+ *   0 — success (may or may not redact)
+ *   2 — malformed input (blocks the tool call per hooks spec)
+ */
+export declare function run(): Promise<void>;
+//# sourceMappingURL=redact-hook.d.ts.map

package/dist/commands/redact-hook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact-hook.d.ts","sourceRoot":"","sources":["../../src/commands/redact-hook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AA8NH,wBAAsB,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,CAwDzC"}