@aictrl/hush 0.1.6 → 0.1.8

package/dist/vault/token-vault.js

@@ -78,7 +78,9 @@ export class TokenVault {
     createStreamingRehydrator() {
         let buffer = '';
         const maxTokenLen = Math.max(...[...this.vault.keys()].map(t => t.length), 0);
-        // Accumulate content fields across SSE events to reassemble split tokens
+        // Accumulate content fields across SSE events to reassemble split tokens.
+        // Cap buffer size to prevent unbounded memory growth on very long streams.
+        const MAX_BUFFER_SIZE = 1024 * 1024; // 1 MB per field
         const contentBuffers = {};
         const CONTENT_FIELDS = ['content', 'reasoning_content', 'partial_json'];
         const rehydrateText = (text) => {
@@ -167,11 +169,22 @@ export class TokenVault {
                         continue;
                     const bufKey = actualField;
                     contentBuffers[bufKey] = (contentBuffers[bufKey] || '') + target[actualField];
+                    // Cap buffer size: flush everything if it grows too large
+                    if (contentBuffers[bufKey].length > MAX_BUFFER_SIZE) {
+                        target[actualField] = flushField(bufKey);
+                        modified = true;
+                        continue;
+                    }
                     const buf = contentBuffers[bufKey];
                     const lastBracket = buf.lastIndexOf('[');
+                    // Only treat as partial token if the text after '[' looks like a
+                    // token prefix (uppercase letter or underscore), not JSON array content.
+                    // Also hold back a bare '[' at the end — not enough chars yet to decide.
+                    const tail = lastBracket >= 0 ? buf.substring(lastBracket) : '';
                     const hasPartialToken = maxTokenLen > 0 && lastBracket >= 0 &&
-                        !buf.substring(lastBracket).includes(']') &&
-                        buf.length - lastBracket < maxTokenLen;
+                        !tail.includes(']') &&
+                        buf.length - lastBracket < maxTokenLen &&
+                        (tail === '[' || /^\[[A-Z_]/.test(tail));
                     if (hasPartialToken) {
                         const safe = buf.substring(0, lastBracket);
                         contentBuffers[bufKey] = buf.substring(lastBracket);

package/dist/vault/token-vault.js.map

@@ -1 +1 @@
-{"version":3,"file":"token-vault.js","sourceRoot":"","sources":["../../src/vault/token-vault.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAO,UAAU;IACb,KAAK,GAAsD,IAAI,GAAG,EAAE,CAAC;IAC5D,GAAG,CAAS;IAE7B;;OAEG;IACH,YAAY,QAAgB,EAAE,GAAG,EAAE,GAAG,IAAI;QACxC,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC;IACnB,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,MAA2B;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED;;;;;OAKG;IACI,SAAS,CAAC,KAAU;QACzB,qCAAqC;QACrC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAExC,wEAAwE;QACxE,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;gBAClD,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC;gBACxB,CAAC,CAAC,KAAK,CAAC;QACZ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,KAAK,CAAC;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,IAAS,EAAO,EAAE;YACjC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,IAAI,IAAI,GAAG,IAAI,CAAC;gBAChB,iCAAiC;gBACjC,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;oBAClD,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC7C,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC9C,MAAM,GAAG,GAAQ,EAAE,CAAC;gBACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChD,GAAG,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC5B,CAAC;gBACD,OAAO,GAAG,CAAC;YACb,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;IACzB,CAAC;IAED;;;OAGG;IACI,yBAAyB;QAC9B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAE9E,yEAAyE;QACzE,MAAM,cAAc,GAA2B,EAAE,CAAC;QAClD,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,mBAAmB,EAAE,cAAc,CAAC,CAAC;QAExE,MAAM,aAAa,GAAG,CAAC,IAAY,EAAU,EAAE;YAC7C,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;gBAClD,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF,MAAM,UAAU,GAAG,CAAC,KAAa,EAAU,EAAE;YAC3C,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;gBAAE,OAAO,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;YACpD,cAAc,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;YAC3B,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;QAEF,OAAO,CAAC,KAAa,EAAU,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC;YAEhB,4DAA4D;YAC5D,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,oDAAoD;gBACpD,IAAI,QAAQ,GAAG,CAAC,CAAC;gBACjB,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;oBACpB,KAAK,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC3C,KAAK,IAAI,SAAS,GAAG,CAAC,EAAE,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;4BAC9D,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC;gCACnD,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;4BAC3C,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;gBAC5C,IAAI,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;gBAC3C,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;gBACtC,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;YAED,uEAAuE;YACvE,8EAA8E;YAC9E,IAAI,WAAmB,CAAC;YACxB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,WAAW,GAAG,MAAM,CAAC;gBACrB,MAAM,GAAG,EAAE,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC7C,IAAI,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;oBACvB,OAAO,EAAE,CAAC,CAAC,wBAAwB;gBACrC,CAAC;gBACD,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC;gBACnD,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;YAC7C,CAAC;YACD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACtC,mEAAmE;YACnE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,EAAE;gBAAE,KAAK,CAAC,GAAG,EAAE,CAAC;YAEpE,MAAM,WAAW,GAAa,EAAE,CAAC;YAEjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,cAAc,EAAE,CAAC;oBACjE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACvB,SAAS;gBACX,CAAC;gBAED,IAAI,MAAW,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACrC,CAAC;gBAAC,MAAM,CAAC;oBACP,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;oBACtC,SAAS;gBACX,CAAC;gBAED,kDAAkD;gBAClD,MAAM,KAAK,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;gBAC1C,6CAA6C;gBAC7C,MAAM,SAAS,GAAG,MAAM,EAAE,KAAK,CAAC;gBAEhC,MAAM,MAAM,GAAG,KAAK,IAAI,SAAS,CAAC;gBAClC,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,WAAW,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBACpE,SAAS;gBACX,CAAC;gBAED,IAAI,QAAQ,GAAG,KAAK,CAAC;gBACrB,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;oBACnC,MAAM,SAAS,GAAG,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;oBACtD,MAAM,WAAW,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK;wBAC3D,CAAC,CAAC,CAAC,SAAS,IAAI,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;4BAClE,CAAC,CAAC,IAAI,CAAC;oBACT,IAAI,CAAC,WAAW;wBAAE,SAAS;oBAE3B,MAAM,MAAM,GAAG,WAAW,CAAC;oBAC3B,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;oBAE9E,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;oBACnC,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;oBACzC,MAAM,eAAe,GAAG,WAAW,GAAG,CAAC,IAAI,WAAW,IAAI,CAAC;wBACzD,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;wBACzC,GAAG,CAAC,MAAM,GAAG,WAAW,GAAG,WAAW,CAAC;oBAEzC,IAAI,eAAe,EAAE,CAAC;wBACpB,MAAM,IAAI,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;wBAC3C,cAAc,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;wBACpD,MAAM,CAAC,WAAW,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;oBAC5C,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;oBAC3C,CAAC;oBACD,QAAQ,GAAG,IAAI,CAAC;gBAClB,CAAC;gBAED,yCAAyC;gBACzC,WAAW,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;QACvC,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAClD,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACrC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,GAAG,CAAC,KAAa;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,OAAO,KAAK,EAAE,KAAK,CAAC;IACtB,CAAC;IAED;;OAEG;IACI,KAAK;QACV,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF"}
+{"version":3,"file":"token-vault.js","sourceRoot":"","sources":["../../src/vault/token-vault.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAO,UAAU;IACb,KAAK,GAAsD,IAAI,GAAG,EAAE,CAAC;IAC5D,GAAG,CAAS;IAE7B;;OAEG;IACH,YAAY,QAAgB,EAAE,GAAG,EAAE,GAAG,IAAI;QACxC,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC;IACnB,CAAC;IAED;;;;OAIG;IACI,UAAU,CAAC,MAA2B;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED;;;;;OAKG;IACI,SAAS,CAAC,KAAU;QACzB,qCAAqC;QACrC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAExC,wEAAwE;QACxE,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;gBAClD,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC;gBACxB,CAAC,CAAC,KAAK,CAAC;QACZ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,KAAK,CAAC;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,IAAS,EAAO,EAAE;YACjC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,IAAI,IAAI,GAAG,IAAI,CAAC;gBAChB,iCAAiC;gBACjC,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;oBAClD,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC7C,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACzC,CAAC;YAED,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC9C,MAAM,GAAG,GAAQ,EAAE,CAAC;gBACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChD,GAAG,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC5B,CAAC;gBACD,OAAO,GAAG,CAAC;YACb,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;IACzB,CAAC;IAED;;;OAGG;IACI,yBAAyB;QAC9B,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAE9E,0EAA0E;QAC1E,2EAA2E;QAC3E,MAAM,eAAe,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,iBAAiB;QACtD,MAAM,cAAc,GAA2B,EAAE,CAAC;QAClD,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,mBAAmB,EAAE,cAAc,CAAC,CAAC;QAExE,MAAM,aAAa,GAAG,CAAC,IAAY,EAAU,EAAE;YAC7C,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;gBAClD,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC7C,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF,MAAM,UAAU,GAAG,CAAC,KAAa,EAAU,EAAE;YAC3C,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;gBAAE,OAAO,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;YACpD,cAAc,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;YAC3B,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;QAEF,OAAO,CAAC,KAAa,EAAU,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC;YAEhB,4DAA4D;YAC5D,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,oDAAoD;gBACpD,IAAI,QAAQ,GAAG,CAAC,CAAC;gBACjB,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;oBACpB,KAAK,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC3C,KAAK,IAAI,SAAS,GAAG,CAAC,EAAE,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;4BAC9D,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC;gCACnD,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;4BAC3C,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;gBAC5C,IAAI,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;gBAC3C,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;gBACtC,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;YAED,uEAAuE;YACvE,8EAA8E;YAC9E,IAAI,WAAmB,CAAC;YACxB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,WAAW,GAAG,MAAM,CAAC;gBACrB,MAAM,GAAG,EAAE,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC7C,IAAI,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;oBACvB,OAAO,EAAE,CAAC,CAAC,wBAAwB;gBACrC,CAAC;gBACD,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC;gBACnD,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;YAC7C,CAAC;YACD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACtC,mEAAmE;YACnE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,EAAE;gBAAE,KAAK,CAAC,GAAG,EAAE,CAAC;YAEpE,MAAM,WAAW,GAAa,EAAE,CAAC;YAEjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,cAAc,EAAE,CAAC;oBACjE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACvB,SAAS;gBACX,CAAC;gBAED,IAAI,MAAW,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACrC,CAAC;gBAAC,MAAM,CAAC;oBACP,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;oBACtC,SAAS;gBACX,CAAC;gBAED,kDAAkD;gBAClD,MAAM,KAAK,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;gBAC1C,6CAA6C;gBAC7C,MAAM,SAAS,GAAG,MAAM,EAAE,KAAK,CAAC;gBAEhC,MAAM,MAAM,GAAG,KAAK,IAAI,SAAS,CAAC;gBAClC,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,WAAW,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBACpE,SAAS;gBACX,CAAC;gBAED,IAAI,QAAQ,GAAG,KAAK,CAAC;gBACrB,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;oBACnC,MAAM,SAAS,GAAG,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;oBACtD,MAAM,WAAW,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK;wBAC3D,CAAC,CAAC,CAAC,SAAS,IAAI,OAAO,MAAM,CAAC,SAAS,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;4BAClE,CAAC,CAAC,IAAI,CAAC;oBACT,IAAI,CAAC,WAAW;wBAAE,SAAS;oBAE3B,MAAM,MAAM,GAAG,WAAW,CAAC;oBAC3B,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;oBAE9E,0DAA0D;oBAC1D,IAAI,cAAc,CAAC,MAAM,CAAE,CAAC,MAAM,GAAG,eAAe,EAAE,CAAC;wBACrD,MAAM,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;wBACzC,QAAQ,GAAG,IAAI,CAAC;wBAChB,SAAS;oBACX,CAAC;oBAED,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAE,CAAC;oBACpC,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;oBACzC,iEAAiE;oBACjE,yEAAyE;oBACzE,yEAAyE;oBACzE,MAAM,IAAI,GAAG,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAChE,MAAM,eAAe,GAAG,WAAW,GAAG,CAAC,IAAI,WAAW,IAAI,CAAC;wBACzD,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;wBACnB,GAAG,CAAC,MAAM,GAAG,WAAW,GAAG,WAAW;wBACtC,CAAC,IAAI,KAAK,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;oBAE3C,IAAI,eAAe,EAAE,CAAC;wBACpB,MAAM,IAAI,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;wBAC3C,cAAc,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;wBACpD,MAAM,CAAC,WAAW,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;oBAC5C,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;oBAC3C,CAAC;oBACD,QAAQ,GAAG,IAAI,CAAC;gBAClB,CAAC;gBAED,yCAAyC;gBACzC,WAAW,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;QACvC,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAClD,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACrC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,GAAG,CAAC,KAAa;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,OAAO,KAAK,EAAE,KAAK,CAAC;IACtB,CAAC;IAED;;OAEG;IACI,KAAK;QACV,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF"}

package/examples/team-config/.claude/settings.json

@@ -0,0 +1,41 @@
+{
+  "env": {
+    "ANTHROPIC_BASE_URL": "http://127.0.0.1:4000"
+  },
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "mcp__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Bash|Read|Grep|WebFetch",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      },
+      {
+        "matcher": "mcp__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ]
+  }
+}

package/examples/team-config/.codex/config.toml

@@ -0,0 +1,4 @@
+model_provider = "hush"
+
+[model_providers.hush]
+base_url = "http://127.0.0.1:4000/v1"

package/examples/team-config/.gemini/settings.json

@@ -0,0 +1,38 @@
+{
+  "hooks": {
+    "BeforeTool": [
+      {
+        "matcher": "mcp__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "AfterTool": [
+      {
+        "matcher": "run_shell_command|read_file|read_many_files|search_file_content|web_fetch",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      },
+      {
+        "matcher": "mcp__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ]
+  }
+}

package/examples/team-config/.opencode/plugins/hush.ts

@@ -0,0 +1,79 @@
+/**
+ * Hush PII Guard — OpenCode Plugin (drop-in copy)
+ *
+ * This drop-in copy provides file-blocking only (sensitive file reads).
+ * For full bidirectional PII redaction (tool args + tool results),
+ * install from npm instead:
+ *
+ *   npm install @aictrl/hush
+ *
+ * Then in your plugin entry point:
+ *   import { HushPlugin } from '@aictrl/hush/opencode-plugin'
+ *
+ * Usage (drop-in): copy this file to `.opencode/plugins/hush.ts` in your
+ * project and add to `opencode.json`:
+ *   { "plugin": [".opencode/plugins/hush.ts"] }
+ */
+
+const SENSITIVE_GLOBS = [
+  /^\.env($|\..*)/, // .env, .env.local, .env.production, etc.
+  /credentials/i,
+  /secret/i,
+  /\.pem$/,
+  /\.key$/,
+  /\.p12$/,
+  /\.pfx$/,
+  /\.jks$/,
+  /\.keystore$/,
+  /\.asc$/,
+  /^id_rsa/,
+  /^\.netrc$/,
+  /^\.pgpass$/,
+];
+
+function isSensitivePath(filePath: string): boolean {
+  const basename = (filePath.split('/').pop() ?? '').trim();
+  return SENSITIVE_GLOBS.some((re) => re.test(basename));
+}
+
+const READ_COMMANDS = /\b(cat|head|tail|less|more|bat|batcat)\b/;
+
+function stripShellMeta(token: string): string {
+  return token.replace(/[`"'$(){}]/g, '');
+}
+
+function commandReadsSensitiveFile(cmd: string): boolean {
+  if (!READ_COMMANDS.test(cmd)) return false;
+  const redirectPattern = /<\s*([^\s|;&<>]+)/g;
+  let rMatch;
+  while ((rMatch = redirectPattern.exec(cmd)) !== null) {
+    if (isSensitivePath(stripShellMeta(rMatch[1]!))) return true;
+  }
+  const parts = cmd.split(/[|;&<>]+/);
+  for (const part of parts) {
+    const tokens = part.trim().split(/\s+/);
+    const cmdIndex = tokens.findIndex((t) => READ_COMMANDS.test(t));
+    if (cmdIndex === -1) continue;
+    for (let i = cmdIndex + 1; i < tokens.length; i++) {
+      const token = tokens[i]!;
+      if (token.startsWith('-')) continue;
+      const cleaned = stripShellMeta(token);
+      if (isSensitivePath(cleaned)) return true;
+    }
+  }
+  return false;
+}
+
+export const HushPlugin = async () => ({
+  'tool.execute.before': async (
+    input: { tool: string },
+    output: { args: Record<string, string> },
+  ) => {
+    if (input.tool === 'read' && isSensitivePath(output.args['filePath'] ?? '')) {
+      throw new Error('[hush] Blocked: sensitive file');
+    }
+    if (input.tool === 'bash' && commandReadsSensitiveFile(output.args['command'] ?? '')) {
+      throw new Error('[hush] Blocked: command reads sensitive file');
+    }
+  },
+});

package/examples/team-config/opencode.json

@@ -0,0 +1,10 @@
+{
+  "provider": {
+    "zai-coding-plan": {
+      "options": {
+        "baseURL": "http://127.0.0.1:4000/api/coding/paas/v4"
+      }
+    }
+  },
+  "plugin": [".opencode/plugins/hush.ts"]
+}

package/package.json

@@ -1,10 +1,20 @@
 {
   "name": "@aictrl/hush",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "Hush: A Semantic Security Gateway for AI Agents. Redacts PII from prompts and tool outputs locally before they hit the cloud.",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./opencode-plugin": {
+      "import": "./dist/plugins/opencode-hush.js",
+      "types": "./dist/plugins/opencode-hush.d.ts"
+    }
+  },
   "bin": {
     "hush": "dist/cli.js"
   },

package/scripts/e2e-plugin-block.sh

@@ -0,0 +1,142 @@
+#!/usr/bin/env bash
+#
+# E2E Scenario A: OpenCode hush plugin blocks .env read
+#
+# Verifies that the hush plugin's tool.execute.before hook prevents
+# the AI model from ever reading sensitive files. The model should
+# receive a "blocked" error instead of the file contents.
+#
+# Usage: ./scripts/e2e-plugin-block.sh
+# Requirements: opencode CLI, node
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+PASS_COUNT=0
+FAIL_COUNT=0
+WORK_DIR=""
+
+cleanup() {
+  echo ""
+  echo -e "${CYAN}Cleaning up...${NC}"
+  [ -n "$WORK_DIR" ] && rm -rf "$WORK_DIR"
+}
+trap cleanup EXIT
+
+pass() {
+  PASS_COUNT=$((PASS_COUNT + 1))
+  echo -e "  ${GREEN}PASS${NC} $1"
+}
+
+fail() {
+  FAIL_COUNT=$((FAIL_COUNT + 1))
+  echo -e "  ${RED}FAIL${NC} $1"
+}
+
+assert_contains() {
+  local haystack="$1" needle="$2" msg="$3"
+  if echo "$haystack" | grep -qiF "$needle"; then
+    pass "$msg"
+  else
+    fail "$msg (expected to find '$needle')"
+  fi
+}
+
+assert_not_contains() {
+  local haystack="$1" needle="$2" msg="$3"
+  if echo "$haystack" | grep -qiF "$needle"; then
+    fail "$msg (found '$needle' which should have been blocked)"
+  else
+    pass "$msg"
+  fi
+}
+
+echo -e "${CYAN}================================================${NC}"
+echo -e "${CYAN}  E2E Scenario A: Plugin Blocks .env Read       ${NC}"
+echo -e "${CYAN}================================================${NC}"
+echo ""
+
+# --- Step 1: Create temp project with .env and hush plugin ---
+echo -e "${YELLOW}[1/4] Creating temp project with .env and hush plugin...${NC}"
+
+WORK_DIR=$(mktemp -d)
+mkdir -p "$WORK_DIR/.opencode/plugins"
+
+# Sensitive .env file with PII
+cat > "$WORK_DIR/.env" <<'ENVEOF'
+DATABASE_URL=postgres://admin:supersecret@10.42.99.7:5432/prod
+API_KEY=sk-live-a1b2c3d4e5f6g7h8i9j0k1l2m3n4
+ADMIN_EMAIL=alice@confidential-corp.com
+AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+ENVEOF
+
+# Copy the drop-in plugin
+cp "$PROJECT_DIR/examples/team-config/.opencode/plugins/hush.ts" \
+   "$WORK_DIR/.opencode/plugins/hush.ts"
+
+# opencode.json — point at real provider + enable plugin
+cat > "$WORK_DIR/opencode.json" <<OCEOF
+{
+  "provider": {
+    "zai-coding-plan": {
+      "options": {
+        "baseURL": "https://open.bigmodel.cn/api/coding/paas/v4"
+      }
+    }
+  },
+  "plugin": [".opencode/plugins/hush.ts"]
+}
+OCEOF
+
+echo -e "  Temp project: ${WORK_DIR}"
+echo -e "  .env contains: email, API key, DB URL, AWS secret"
+
+# --- Step 2: Run OpenCode with prompt to read .env ---
+echo ""
+echo -e "${YELLOW}[2/4] Running OpenCode: 'read the file .env and tell me what's in it'...${NC}"
+
+cd "$WORK_DIR"
+OUTPUT=$(timeout 120 opencode -p "read the file .env and tell me what's in it" -q -f json 2>&1) || true
+echo -e "  Output length: $(echo "$OUTPUT" | wc -c) bytes"
+
+# --- Step 3: Verify plugin blocked the read ---
+echo ""
+echo -e "${YELLOW}[3/4] Verifying plugin blocked .env read...${NC}"
+echo ""
+
+# The output should mention blocking/error, not contain the actual PII
+assert_contains "$OUTPUT" "block" "Output mentions blocking"
+
+# --- Step 4: Verify PII never appears in output ---
+echo ""
+echo -e "${YELLOW}[4/4] Verifying PII never appears in output...${NC}"
+echo ""
+
+assert_not_contains "$OUTPUT" "alice@confidential-corp.com" "Email not in output"
+assert_not_contains "$OUTPUT" "sk-live-a1b2c3d4e5f6g7h8i9j0k1l2m3n4" "API key not in output"
+assert_not_contains "$OUTPUT" "supersecret" "DB password not in output"
+assert_not_contains "$OUTPUT" "wJalrXUtnFEMI" "AWS secret not in output"
+
+# --- Summary ---
+echo ""
+echo -e "${CYAN}================================================${NC}"
+TOTAL=$((PASS_COUNT + FAIL_COUNT))
+if [ "$FAIL_COUNT" -eq 0 ]; then
+  echo -e "${GREEN}  ALL ${TOTAL} CHECKS PASSED${NC}"
+  echo ""
+  echo -e "  ${GREEN}Plugin blocked .env read — PII never reached the model.${NC}"
+else
+  echo -e "${RED}  ${FAIL_COUNT}/${TOTAL} CHECKS FAILED${NC}"
+fi
+echo -e "${CYAN}================================================${NC}"
+
+exit "$FAIL_COUNT"

package/scripts/e2e-proxy-live.sh

@@ -0,0 +1,185 @@
+#!/usr/bin/env bash
+#
+# E2E Scenario B: Proxy redacts PII from normal file reads
+#
+# A non-sensitive filename (config.txt) containing PII gets through the
+# plugin's filename check. The hush proxy intercepts the API request and
+# redacts PII before it reaches the LLM provider.
+#
+# Usage: ./scripts/e2e-proxy-live.sh
+# Requirements: opencode CLI, node, npm (dependencies installed + built)
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+GATEWAY_PORT=4000
+GATEWAY_PID=""
+PASS_COUNT=0
+FAIL_COUNT=0
+WORK_DIR=""
+
+cleanup() {
+  echo ""
+  echo -e "${CYAN}Cleaning up...${NC}"
+  [ -n "$GATEWAY_PID" ] && kill "$GATEWAY_PID" 2>/dev/null || true
+  [ -n "$WORK_DIR" ] && rm -rf "$WORK_DIR"
+  wait 2>/dev/null || true
+}
+trap cleanup EXIT
+
+pass() {
+  PASS_COUNT=$((PASS_COUNT + 1))
+  echo -e "  ${GREEN}PASS${NC} $1"
+}
+
+fail() {
+  FAIL_COUNT=$((FAIL_COUNT + 1))
+  echo -e "  ${RED}FAIL${NC} $1"
+}
+
+assert_contains() {
+  local haystack="$1" needle="$2" msg="$3"
+  if echo "$haystack" | grep -qiF "$needle"; then
+    pass "$msg"
+  else
+    fail "$msg (expected to find '$needle')"
+  fi
+}
+
+assert_not_contains() {
+  local haystack="$1" needle="$2" msg="$3"
+  if echo "$haystack" | grep -qiF "$needle"; then
+    fail "$msg (found '$needle' which should have been redacted)"
+  else
+    pass "$msg"
+  fi
+}
+
+wait_for_port() {
+  local port=$1 label=$2 max_attempts=${3:-20}
+  for i in $(seq 1 "$max_attempts"); do
+    if curl -sf "http://127.0.0.1:${port}/health" > /dev/null 2>&1; then
+      return 0
+    fi
+    sleep 0.5
+  done
+  echo -e "${RED}${label} failed to start on :${port}${NC}"
+  return 1
+}
+
+echo -e "${CYAN}================================================${NC}"
+echo -e "${CYAN}  E2E Scenario B: Proxy Redacts PII in Normal   ${NC}"
+echo -e "${CYAN}  File (Plugin Allows, Proxy Catches)           ${NC}"
+echo -e "${CYAN}================================================${NC}"
+echo ""
+
+cd "$PROJECT_DIR"
+
+# --- Step 1: Start Hush gateway ---
+echo -e "${YELLOW}[1/5] Starting Hush gateway on :${GATEWAY_PORT}...${NC}"
+
+PORT=$GATEWAY_PORT DEBUG=true node dist/cli.js > /tmp/hush-e2e-proxy.log 2>&1 &
+GATEWAY_PID=$!
+
+wait_for_port "$GATEWAY_PORT" "Gateway" || exit 1
+echo -e "  Gateway PID: ${GATEWAY_PID}"
+
+# --- Step 2: Create temp project with config.txt containing PII ---
+echo -e "${YELLOW}[2/5] Creating temp project with config.txt (PII in normal file)...${NC}"
+
+WORK_DIR=$(mktemp -d)
+mkdir -p "$WORK_DIR/.opencode/plugins"
+
+# Normal filename — plugin won't block this
+cat > "$WORK_DIR/config.txt" <<'CFGEOF'
+# Application Configuration
+app_name: MyApp
+admin_contact: alice@confidential-corp.com
+server_ip: 10.42.99.7
+api_key=sk-live-a1b2c3d4e5f6g7h8i9j0k1l2m3n4
+log_level: info
+CFGEOF
+
+# Copy the hush plugin (it won't block config.txt — not a sensitive filename)
+cp "$PROJECT_DIR/examples/team-config/.opencode/plugins/hush.ts" \
+   "$WORK_DIR/.opencode/plugins/hush.ts"
+
+# Point OpenCode at hush proxy
+cat > "$WORK_DIR/opencode.json" <<OCEOF
+{
+  "provider": {
+    "zai-coding-plan": {
+      "options": {
+        "baseURL": "http://127.0.0.1:${GATEWAY_PORT}/api/coding/paas/v4"
+      }
+    }
+  },
+  "plugin": [".opencode/plugins/hush.ts"]
+}
+OCEOF
+
+echo -e "  Temp project: ${WORK_DIR}"
+
+# --- Step 3: Check vault is empty before test ---
+echo -e "${YELLOW}[3/5] Checking gateway vault is empty before test...${NC}"
+
+HEALTH_BEFORE=$(curl -sf "http://127.0.0.1:${GATEWAY_PORT}/health")
+VAULT_BEFORE=$(echo "$HEALTH_BEFORE" | python3 -c "import sys, json; print(json.load(sys.stdin).get('vaultSize', 0))" 2>/dev/null || echo "0")
+echo -e "  Vault size before: ${VAULT_BEFORE}"
+
+# --- Step 4: Run OpenCode to read config.txt ---
+echo -e "${YELLOW}[4/5] Running OpenCode: 'read config.txt and summarize it'...${NC}"
+
+cd "$WORK_DIR"
+OUTPUT=$(timeout 120 opencode -p "read config.txt and summarize it" -q -f json 2>&1) || true
+echo -e "  Output length: $(echo "$OUTPUT" | wc -c) bytes"
+
+# --- Step 5: Verify proxy redacted PII ---
+echo ""
+echo -e "${YELLOW}[5/5] Verifying proxy intercepted PII...${NC}"
+echo ""
+
+# Check vault has tokens
+HEALTH_AFTER=$(curl -sf "http://127.0.0.1:${GATEWAY_PORT}/health")
+VAULT_AFTER=$(echo "$HEALTH_AFTER" | python3 -c "import sys, json; print(json.load(sys.stdin).get('vaultSize', 0))" 2>/dev/null || echo "0")
+echo -e "  Vault size after: ${VAULT_AFTER}"
+
+if [ "$VAULT_AFTER" -gt 0 ]; then
+  pass "Vault contains ${VAULT_AFTER} token(s) — PII was intercepted by proxy"
+else
+  fail "Vault is empty (expected > 0 tokens)"
+fi
+
+# Check gateway logs for redaction
+GATEWAY_LOG=$(cat /tmp/hush-e2e-proxy.log 2>/dev/null || echo "")
+if echo "$GATEWAY_LOG" | grep -qi "redact"; then
+  pass "Gateway logs show redaction activity"
+else
+  fail "Gateway logs don't show redaction (may not be an error if log format changed)"
+fi
+
+# --- Summary ---
+echo ""
+echo -e "${CYAN}================================================${NC}"
+TOTAL=$((PASS_COUNT + FAIL_COUNT))
+if [ "$FAIL_COUNT" -eq 0 ]; then
+  echo -e "${GREEN}  ALL ${TOTAL} CHECKS PASSED${NC}"
+  echo ""
+  echo -e "  ${GREEN}Plugin allowed config.txt (not a sensitive filename).${NC}"
+  echo -e "  ${GREEN}Proxy caught PII in the API request and redacted it.${NC}"
+  echo -e "  ${GREEN}Defense-in-depth: plugin + proxy working together.${NC}"
+else
+  echo -e "${RED}  ${FAIL_COUNT}/${TOTAL} CHECKS FAILED${NC}"
+fi
+echo -e "${CYAN}================================================${NC}"
+
+exit "$FAIL_COUNT"

package/src/cli.ts

@@ -1,20 +1,32 @@
 #!/usr/bin/env node
-import { app } from './index.js';
-import { createLogger } from './lib/logger.js';
 
-const log = createLogger('hush-cli');
-const PORT = process.env.PORT || 4000;
+const subcommand = process.argv[2];
 
-const server = app.listen(PORT, () => {
-  log.info(`Hush Semantic Gateway is listening on http://localhost:${PORT}`);
-  log.info(`Routes: /v1/messages → Anthropic, /v1/chat/completions → OpenAI, /api/paas/v4/** → ZhipuAI, * → Google`);
-});
+if (subcommand === 'redact-hook') {
+  const { run } = await import('./commands/redact-hook.js');
+  await run();
+} else if (subcommand === 'init') {
+  const { run } = await import('./commands/init.js');
+  run(process.argv.slice(3));
+} else {
+  // Default: start the proxy server
+  const { app } = await import('./index.js');
+  const { createLogger } = await import('./lib/logger.js');
 
-server.on('error', (err: NodeJS.ErrnoException) => {
-  if (err.code === 'EADDRINUSE') {
-    log.error(`Port ${PORT} is already in use. Stop the other process or use PORT=<number> hush`);
-  } else {
-    log.error({ err }, 'Failed to start server');
-  }
-  process.exit(1);
-});
+  const log = createLogger('hush-cli');
+  const PORT = process.env.PORT || 4000;
+
+  const server = app.listen(PORT, () => {
+    log.info(`Hush Semantic Gateway is listening on http://localhost:${PORT}`);
+    log.info(`Routes: /v1/messages → Anthropic, /v1/chat/completions → OpenAI, /api/paas/v4/** → ZhipuAI, * → Google`);
+  });
+
+  server.on('error', (err: NodeJS.ErrnoException) => {
+    if (err.code === 'EADDRINUSE') {
+      log.error(`Port ${PORT} is already in use. Stop the other process or use PORT=<number> hush`);
+    } else {
+      log.error({ err }, 'Failed to start server');
+    }
+    process.exit(1);
+  });
+}