@aictrl/hush 0.1.7 → 0.1.8

package/dist/plugins/opencode-hush.d.ts

@@ -1,12 +1,14 @@
 /**
  * OpenCode Plugin: Hush PII Guard
  *
- * Blocks reads of sensitive files (`.env`, `*.pem`, `credentials.*`, etc.)
- * before the tool executes — the AI model never sees the content.
+ * 1. Blocks reads of sensitive files (`.env`, `*.pem`, `credentials.*`, etc.)
+ *    before the tool executes — the AI model never sees the content.
+ * 2. Redacts PII (emails, IPs, secrets) from tool arguments before execution.
+ * 3. Redacts PII from tool outputs (built-in and MCP) after execution.
  *
  * Defense-in-depth: works alongside the Hush proxy which redacts PII from
- * API requests. The plugin prevents file reads; the proxy catches anything
- * that slips through in normal files.
+ * API requests. The plugin prevents file reads and scrubs tool I/O;
+ * the proxy catches anything that slips through.
  *
  * Install: copy to `.opencode/plugins/hush.ts` and add to `opencode.json`:
  *   { "plugin": [".opencode/plugins/hush.ts"] }
@@ -17,5 +19,14 @@ export declare const HushPlugin: () => Promise<{
     }, output: {
         args: Record<string, string>;
     }) => Promise<void>;
+    'tool.execute.after': (input: {
+        tool: string;
+    }, output: {
+        output?: string;
+        content?: Array<{
+            type: string;
+            text?: string;
+        }>;
+    }) => Promise<void>;
 }>;
 //# sourceMappingURL=opencode-hush.d.ts.map

package/dist/plugins/opencode-hush.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"opencode-hush.d.ts","sourceRoot":"","sources":["../../src/plugins/opencode-hush.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,eAAO,MAAM,UAAU;mCAEZ;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,UACf;QAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE;EAU1C,CAAC"}
+{"version":3,"file":"opencode-hush.d.ts","sourceRoot":"","sources":["../../src/plugins/opencode-hush.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAOH,eAAO,MAAM,UAAU;mCAEZ;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,UACf;QAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE;kCAsBjC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,UACf;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE;EAsB/E,CAAC"}

package/dist/plugins/opencode-hush.js

@@ -1,25 +1,58 @@
 /**
  * OpenCode Plugin: Hush PII Guard
  *
- * Blocks reads of sensitive files (`.env`, `*.pem`, `credentials.*`, etc.)
- * before the tool executes — the AI model never sees the content.
+ * 1. Blocks reads of sensitive files (`.env`, `*.pem`, `credentials.*`, etc.)
+ *    before the tool executes — the AI model never sees the content.
+ * 2. Redacts PII (emails, IPs, secrets) from tool arguments before execution.
+ * 3. Redacts PII from tool outputs (built-in and MCP) after execution.
  *
  * Defense-in-depth: works alongside the Hush proxy which redacts PII from
- * API requests. The plugin prevents file reads; the proxy catches anything
- * that slips through in normal files.
+ * API requests. The plugin prevents file reads and scrubs tool I/O;
+ * the proxy catches anything that slips through.
  *
  * Install: copy to `.opencode/plugins/hush.ts` and add to `opencode.json`:
  *   { "plugin": [".opencode/plugins/hush.ts"] }
  */
 import { isSensitivePath, commandReadsSensitiveFile } from './sensitive-patterns.js';
+import { Redactor } from '../middleware/redactor.js';
+const redactor = new Redactor();
 export const HushPlugin = async () => ({
     'tool.execute.before': async (input, output) => {
+        // Block sensitive file reads first (hard block — throws)
         if (input.tool === 'read' && isSensitivePath(output.args['filePath'] ?? '')) {
             throw new Error('[hush] Blocked: sensitive file');
         }
         if (input.tool === 'bash' && commandReadsSensitiveFile(output.args['command'] ?? '')) {
             throw new Error('[hush] Blocked: command reads sensitive file');
         }
+        // Redact PII from outbound tool arguments (in-place mutation)
+        const { content, hasRedacted } = redactor.redact(output.args);
+        if (hasRedacted) {
+            const redacted = content;
+            for (const key of Object.keys(redacted)) {
+                output.args[key] = redacted[key];
+            }
+        }
+    },
+    'tool.execute.after': async (input, output) => {
+        // Built-in tools: output is a string at output.output
+        if (typeof output.output === 'string') {
+            const { content, hasRedacted } = redactor.redact(output.output);
+            if (hasRedacted) {
+                output.output = content;
+            }
+        }
+        // MCP tools: output is content blocks at output.content
+        if (Array.isArray(output.content)) {
+            for (const block of output.content) {
+                if (block.type === 'text' && typeof block.text === 'string') {
+                    const { content, hasRedacted } = redactor.redact(block.text);
+                    if (hasRedacted) {
+                        block.text = content;
+                    }
+                }
+            }
+        }
     },
 });
 //# sourceMappingURL=opencode-hush.js.map

package/dist/plugins/opencode-hush.js.map

@@ -1 +1 @@
-{"version":3,"file":"opencode-hush.js","sourceRoot":"","sources":["../../src/plugins/opencode-hush.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,eAAe,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AAErF,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC;IACrC,qBAAqB,EAAE,KAAK,EAC1B,KAAuB,EACvB,MAAwC,EACxC,EAAE;QACF,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC5E,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,yBAAyB,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YACrF,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;CACF,CAAC,CAAC"}
+{"version":3,"file":"opencode-hush.js","sourceRoot":"","sources":["../../src/plugins/opencode-hush.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,eAAe,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACrF,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AAErD,MAAM,QAAQ,GAAG,IAAI,QAAQ,EAAE,CAAC;AAEhC,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC;IACrC,qBAAqB,EAAE,KAAK,EAC1B,KAAuB,EACvB,MAAwC,EACxC,EAAE;QACF,yDAAyD;QACzD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC5E,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,yBAAyB,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YACrF,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QAED,8DAA8D;QAC9D,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,QAAQ,GAAG,OAAiC,CAAC;YACnD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAE,CAAC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,oBAAoB,EAAE,KAAK,EACzB,KAAuB,EACvB,MAA6E,EAC7E,EAAE;QACF,sDAAsD;QACtD,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAChE,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,CAAC,MAAM,GAAG,OAAiB,CAAC;YACpC,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnC,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC5D,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC7D,IAAI,WAAW,EAAE,CAAC;wBAChB,KAAK,CAAC,IAAI,GAAG,OAAiB,CAAC;oBACjC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAC,CAAC"}

package/examples/team-config/.claude/settings.json

@@ -3,6 +3,18 @@
     "ANTHROPIC_BASE_URL": "http://127.0.0.1:4000"
   },
   "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "mcp__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
     "PostToolUse": [
       {
         "matcher": "Bash|Read|Grep|WebFetch",
@@ -13,6 +25,16 @@
             "timeout": 10
           }
         ]
+      },
+      {
+        "matcher": "mcp__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
       }
     ]
   }

package/examples/team-config/.gemini/settings.json

@@ -0,0 +1,38 @@
+{
+  "hooks": {
+    "BeforeTool": [
+      {
+        "matcher": "mcp__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ],
+    "AfterTool": [
+      {
+        "matcher": "run_shell_command|read_file|read_many_files|search_file_content|web_fetch",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      },
+      {
+        "matcher": "mcp__.*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "hush redact-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ]
+  }
+}

package/examples/team-config/.opencode/plugins/hush.ts

@@ -1,15 +1,18 @@
 /**
  * Hush PII Guard — OpenCode Plugin (drop-in copy)
  *
- * Blocks reads of sensitive files (.env, *.pem, credentials.*, etc.)
- * before the tool executes — the AI model never sees the content.
+ * This drop-in copy provides file-blocking only (sensitive file reads).
+ * For full bidirectional PII redaction (tool args + tool results),
+ * install from npm instead:
  *
- * Usage: copy this file to `.opencode/plugins/hush.ts` in your project
- * and add to `opencode.json`:
- *   { "plugin": [".opencode/plugins/hush.ts"] }
+ *   npm install @aictrl/hush
  *
- * Or install from npm:
+ * Then in your plugin entry point:
  *   import { HushPlugin } from '@aictrl/hush/opencode-plugin'
+ *
+ * Usage (drop-in): copy this file to `.opencode/plugins/hush.ts` in your
+ * project and add to `opencode.json`:
+ *   { "plugin": [".opencode/plugins/hush.ts"] }
  */
 
 const SENSITIVE_GLOBS = [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aictrl/hush",
-  "version": "0.1.7",
+  "version": "0.1.8",
   "description": "Hush: A Semantic Security Gateway for AI Agents. Redacts PII from prompts and tool outputs locally before they hit the cloud.",
   "type": "module",
   "main": "dist/index.js",

package/src/commands/init.ts

@@ -1,87 +1,163 @@
 /**
- * hush init — Generate Claude Code hook configuration
+ * hush init — Generate hook configuration for Claude Code or Gemini CLI
  *
  * Usage:
  *   hush init --hooks           Write to .claude/settings.json
  *   hush init --hooks --local   Write to .claude/settings.local.json
+ *   hush init --hooks --gemini  Write to .gemini/settings.json
+ *   hush init --hooks --gemini --local  Write to .gemini/settings.local.json
  */
 
 import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'fs';
 import { join } from 'path';
 
-const HOOK_CONFIG = {
+const HUSH_HOOK = {
+  type: 'command' as const,
+  command: 'hush redact-hook',
+  timeout: 10,
+};
+
+const CLAUDE_HOOK_CONFIG = {
   hooks: {
+    PreToolUse: [
+      {
+        matcher: 'mcp__.*',
+        hooks: [HUSH_HOOK],
+      },
+    ],
     PostToolUse: [
       {
         matcher: 'Bash|Read|Grep|WebFetch',
-        hooks: [
-          {
-            type: 'command' as const,
-            command: 'hush redact-hook',
-            timeout: 10,
-          },
-        ],
+        hooks: [HUSH_HOOK],
+      },
+      {
+        matcher: 'mcp__.*',
+        hooks: [HUSH_HOOK],
+      },
+    ],
+  },
+};
+
+const GEMINI_HOOK_CONFIG = {
+  hooks: {
+    BeforeTool: [
+      {
+        matcher: 'mcp__.*',
+        hooks: [HUSH_HOOK],
+      },
+    ],
+    AfterTool: [
+      {
+        matcher: 'run_shell_command|read_file|read_many_files|search_file_content|web_fetch',
+        hooks: [HUSH_HOOK],
+      },
+      {
+        matcher: 'mcp__.*',
+        hooks: [HUSH_HOOK],
       },
     ],
   },
 };
 
+interface HookEntry {
+  matcher: string;
+  hooks: Array<{ type: string; command: string; timeout?: number }>;
+}
+
 interface SettingsJson {
   hooks?: {
-    PostToolUse?: Array<{
-      matcher: string;
-      hooks: Array<{ type: string; command: string; timeout?: number }>;
-    }>;
+    PreToolUse?: HookEntry[];
+    PostToolUse?: HookEntry[];
+    BeforeTool?: HookEntry[];
+    AfterTool?: HookEntry[];
     [key: string]: unknown;
   };
   [key: string]: unknown;
 }
 
-function hasHushHook(settings: SettingsJson): boolean {
-  const postToolUse = settings.hooks?.PostToolUse;
-  if (!Array.isArray(postToolUse)) return false;
+interface HookConfig {
+  hooks: Record<string, HookEntry[]>;
+}
 
-  return postToolUse.some((entry) =>
+function hasHushHookInEntries(entries: HookEntry[] | undefined): boolean {
+  if (!Array.isArray(entries)) return false;
+  return entries.some((entry) =>
     entry.hooks?.some((h) => h.command?.includes('hush redact-hook')),
   );
 }
 
-function mergeHooks(existing: SettingsJson): SettingsJson {
+function hasHushHookClaude(settings: SettingsJson): boolean {
+  return (
+    hasHushHookInEntries(settings.hooks?.PreToolUse) &&
+    hasHushHookInEntries(settings.hooks?.PostToolUse)
+  );
+}
+
+function hasHushHookGemini(settings: SettingsJson): boolean {
+  return (
+    hasHushHookInEntries(settings.hooks?.BeforeTool) &&
+    hasHushHookInEntries(settings.hooks?.AfterTool)
+  );
+}
+
+function mergeHookEntries(
+  existing: HookEntry[] | undefined,
+  newEntries: HookEntry[],
+): HookEntry[] {
+  const merged = Array.isArray(existing) ? [...existing] : [];
+
+  for (const entry of newEntries) {
+    const alreadyHas = merged.some(
+      (e) =>
+        e.matcher === entry.matcher &&
+        e.hooks?.some((h) => h.command?.includes('hush redact-hook')),
+    );
+    if (!alreadyHas) {
+      merged.push(entry);
+    }
+  }
+
+  return merged;
+}
+
+function mergeHooks(existing: SettingsJson, hookConfig: HookConfig): SettingsJson {
   const merged = { ...existing };
 
   if (!merged.hooks) {
     merged.hooks = {};
   }
 
-  if (!Array.isArray(merged.hooks.PostToolUse)) {
-    merged.hooks.PostToolUse = [];
+  for (const [eventName, entries] of Object.entries(hookConfig.hooks)) {
+    const existingEntries = merged.hooks[eventName] as HookEntry[] | undefined;
+    merged.hooks[eventName] = mergeHookEntries(existingEntries, entries);
   }
 
-  merged.hooks = { ...merged.hooks, PostToolUse: [...merged.hooks.PostToolUse, ...HOOK_CONFIG.hooks.PostToolUse] };
-
   return merged;
 }
 
 export function run(args: string[]): void {
   const hasHooksFlag = args.includes('--hooks');
   const isLocal = args.includes('--local');
+  const isGemini = args.includes('--gemini');
 
   if (!hasHooksFlag) {
-    process.stderr.write('Usage: hush init --hooks [--local]\n');
+    process.stderr.write('Usage: hush init --hooks [--local] [--gemini]\n');
     process.stderr.write('\n');
     process.stderr.write('Options:\n');
-    process.stderr.write('  --hooks   Generate Claude Code PostToolUse hook config\n');
+    process.stderr.write('  --hooks   Generate hook config (PreToolUse + PostToolUse or BeforeTool + AfterTool)\n');
     process.stderr.write('  --local   Write to settings.local.json instead of settings.json\n');
+    process.stderr.write('  --gemini  Write Gemini CLI hooks instead of Claude Code hooks\n');
     process.exit(1);
   }
 
-  const claudeDir = join(process.cwd(), '.claude');
+  const dirName = isGemini ? '.gemini' : '.claude';
+  const configDir = join(process.cwd(), dirName);
   const filename = isLocal ? 'settings.local.json' : 'settings.json';
-  const filePath = join(claudeDir, filename);
+  const filePath = join(configDir, filename);
 
-  // Ensure .claude/ exists
-  if (!existsSync(claudeDir)) {
-    mkdirSync(claudeDir, { recursive: true });
+  // Ensure config dir exists
+  if (!existsSync(configDir)) {
+    mkdirSync(configDir, { recursive: true });
   }
 
   // Read existing settings or start fresh
@@ -96,12 +172,15 @@ export function run(args: string[]): void {
   }
 
   // Idempotency check
-  if (hasHushHook(settings)) {
+  const hookConfig = isGemini ? GEMINI_HOOK_CONFIG : CLAUDE_HOOK_CONFIG;
+  const hasHook = isGemini ? hasHushHookGemini : hasHushHookClaude;
+
+  if (hasHook(settings)) {
     process.stdout.write(`hush hooks already configured in ${filePath}\n`);
     return;
   }
 
-  const merged = mergeHooks(settings);
+  const merged = mergeHooks(settings, hookConfig);
   writeFileSync(filePath, JSON.stringify(merged, null, 2) + '\n');
   process.stdout.write(`Wrote hush hooks config to ${filePath}\n`);
 }