@interven/claude-code-hook 0.1.0

package/README.md

@@ -0,0 +1,104 @@
+# @interven/claude-code-hook
+
+PreToolUse hook for [Claude Code](https://docs.anthropic.com/claude/docs/claude-code).
+Scans every tool call — Read, Write, Edit, Bash, Glob, Grep, WebFetch, MCP — through
+Interven before Claude Code executes it. Blocks `.env` reads, denies destructive
+shell commands, redacts secrets, and routes risky actions through human approval.
+
+**No Claude Code source changes.** One config file edit, one env var, done.
+
+## Install
+
+```bash
+npm install -g @interven/claude-code-hook
+# or use npx -y (no install needed, slower cold start)
+```
+
+## Wire it up
+
+Add to `~/.claude/settings.json` (user-wide) or `<repo>/.claude/settings.json`
+(per-repo):
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx -y @interven/claude-code-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+Set your Interven API key:
+
+```bash
+export INTERVEN_API_KEY=iv_live_xxxxxxxxxxxxxx
+```
+
+Next time Claude Code fires a tool, the hook runs against your Interven
+policies. Try reading `.env` — should be denied with the policy-defined
+reason.
+
+## What gets enforced
+
+Depends on your Interven policies. A typical vibe-coder setup (from
+`@interven/policy-packs` → `vibe-coder-starter.yaml`):
+
+- **`.env`, `**/secrets/**`, `*.pem`, `id_rsa`, `credentials.json`** — denied on read
+- **Destructive shell** (`rm -rf /`, `dd if=`, `mkfs`, `> /dev/sda`) — denied
+- **`git push` to `main`** — paused for approval
+- **Stripe/OpenAI/AWS/GitHub keys in tool args** — sanitized in audit log
+
+Customize the policies to your stack via the Interven console or the
+`@interven/policy-cli` YAML workflow.
+
+## Environment variables
+
+| Variable | Default | Purpose |
+|---|---|---|
+| `INTERVEN_API_KEY` | _(required)_ | Your `iv_live_*` key |
+| `INTERVEN_GATEWAY` | `https://api.intervensecurity.com` | Override for self-host |
+| `INTERVEN_TIMEOUT_MS` | `5000` | Per-scan timeout |
+| `INTERVEN_FAIL_CLOSED` | `0` (open) | Set to `1` to deny on hook error |
+
+## Decision mapping
+
+| Interven decision | Claude Code response | Effect |
+|---|---|---|
+| `ALLOW` | `decision: "approve"` | Tool runs normally |
+| `DENY` | `decision: "block"` | Tool blocked, reason shown to Claude |
+| `SANITIZE` | `decision: "approve"` | Approved + scan logged for audit; sensitive fields are sanitized at the network layer if the tool then makes an HTTP call out |
+| `REQUIRE_APPROVAL` | `decision: "block"` | Blocked; approve at `app.intervensecurity.com/approvals/<id>`. Retry within 10 min hits the approval-grant window and auto-allows |
+
+## Behavior on failure
+
+Default: **fail-open** — if Interven is unreachable, the hook approves the
+tool call and logs a warning to stderr. This keeps the developer loop
+unblocked during partial outages.
+
+For environments where blocking on hook failure is preferred (regulated
+contexts):
+
+```bash
+export INTERVEN_FAIL_CLOSED=1
+```
+
+## How it differs from `@interven/copilot-hook`
+
+Same wire model (JSON in, JSON out), different agent. Use this package for
+**Claude Code**; use `@interven/copilot-hook` for **GitHub Copilot Coding
+Agent**. They share the underlying scan API and can be used together if
+your team uses both agents.
+
+## Source + issues
+
+[github.com/intervensecurity/claude-code-hook](https://github.com/intervensecurity/claude-code-hook)

package/dist/hook.d.ts

@@ -0,0 +1,61 @@
+#!/usr/bin/env node
+/**
+ * Claude Code PreToolUse hook for Interven.
+ *
+ * Claude Code invokes the hook script with a JSON document on stdin before
+ * every tool call (Read, Write, Edit, Bash, Glob, Grep, WebFetch, MCP tools).
+ * The script writes a JSON decision to stdout, or signals via exit code.
+ *
+ * Wire-up: add to `~/.claude/settings.json` or `<repo>/.claude/settings.json`:
+ *
+ *   {
+ *     "hooks": {
+ *       "PreToolUse": [
+ *         {
+ *           "matcher": "*",
+ *           "hooks": [
+ *             {
+ *               "type": "command",
+ *               "command": "npx -y @interven/claude-code-hook"
+ *             }
+ *           ]
+ *         }
+ *       ]
+ *     }
+ *   }
+ *
+ * Env vars:
+ *   INTERVEN_API_KEY     (required) — your iv_live_* key
+ *   INTERVEN_GATEWAY     (optional) — default https://api.intervensecurity.com
+ *   INTERVEN_TIMEOUT_MS  (optional) — default 5000
+ *   INTERVEN_FAIL_CLOSED (optional) — set to 1 to deny on hook error; default fail-open
+ *
+ * Decision mapping (Interven → Claude Code):
+ *   ALLOW            → { "decision": "approve" }
+ *   DENY             → { "decision": "block", "reason": "<details>" }
+ *   SANITIZE         → { "decision": "approve" } with audit-logged sanitize event
+ *                     (Claude Code hooks can't rewrite args; sanitization is
+ *                      enforced when the agent's tool actually fires HTTP)
+ *   REQUIRE_APPROVAL → { "decision": "block", "reason": "approve at <url>" }
+ *                     (next retry within 10min hits the approval-grant window
+ *                      and auto-allows)
+ *
+ * Failure modes (network down, gateway 5xx, malformed response):
+ *   Default to "approve" with a warning logged to stderr so a partial outage
+ *   doesn't break the developer loop. Set INTERVEN_FAIL_CLOSED=1 to flip.
+ */
+/**
+ * Map a Claude Code tool call to the {method, url, body} shape Interven scans.
+ *
+ * Claude Code tools are local (Read, Write, Bash, Edit, ...) — they don't
+ * have a real HTTP URL. We synthesize a custom_proxy URL that encodes the
+ * tool name + arg fingerprint so policies/baseline can match on it. The
+ * body holds the full input.
+ */
+export declare function buildScanRequest(toolName: string, toolInput: Record<string, unknown>): {
+    method: string;
+    url: string;
+    body: unknown;
+    agent_name: string;
+};
+//# sourceMappingURL=hook.d.ts.map

package/dist/hook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hook.d.ts","sourceRoot":"","sources":["../src/hook.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAwEH;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAqBpE"}

package/dist/hook.js

@@ -0,0 +1,232 @@
+#!/usr/bin/env node
+/**
+ * Claude Code PreToolUse hook for Interven.
+ *
+ * Claude Code invokes the hook script with a JSON document on stdin before
+ * every tool call (Read, Write, Edit, Bash, Glob, Grep, WebFetch, MCP tools).
+ * The script writes a JSON decision to stdout, or signals via exit code.
+ *
+ * Wire-up: add to `~/.claude/settings.json` or `<repo>/.claude/settings.json`:
+ *
+ *   {
+ *     "hooks": {
+ *       "PreToolUse": [
+ *         {
+ *           "matcher": "*",
+ *           "hooks": [
+ *             {
+ *               "type": "command",
+ *               "command": "npx -y @interven/claude-code-hook"
+ *             }
+ *           ]
+ *         }
+ *       ]
+ *     }
+ *   }
+ *
+ * Env vars:
+ *   INTERVEN_API_KEY     (required) — your iv_live_* key
+ *   INTERVEN_GATEWAY     (optional) — default https://api.intervensecurity.com
+ *   INTERVEN_TIMEOUT_MS  (optional) — default 5000
+ *   INTERVEN_FAIL_CLOSED (optional) — set to 1 to deny on hook error; default fail-open
+ *
+ * Decision mapping (Interven → Claude Code):
+ *   ALLOW            → { "decision": "approve" }
+ *   DENY             → { "decision": "block", "reason": "<details>" }
+ *   SANITIZE         → { "decision": "approve" } with audit-logged sanitize event
+ *                     (Claude Code hooks can't rewrite args; sanitization is
+ *                      enforced when the agent's tool actually fires HTTP)
+ *   REQUIRE_APPROVAL → { "decision": "block", "reason": "approve at <url>" }
+ *                     (next retry within 10min hits the approval-grant window
+ *                      and auto-allows)
+ *
+ * Failure modes (network down, gateway 5xx, malformed response):
+ *   Default to "approve" with a warning logged to stderr so a partial outage
+ *   doesn't break the developer loop. Set INTERVEN_FAIL_CLOSED=1 to flip.
+ */
+import { createHash } from 'node:crypto';
+const HOOK_VERSION = '0.1.0';
+function readStdin() {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        process.stdin.on('data', (c) => chunks.push(Buffer.from(c)));
+        process.stdin.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+        process.stdin.on('error', reject);
+        // 5s timeout — Claude Code pipes immediately; if nothing came in by 5s
+        // the hook probably wasn't invoked correctly. Fail open.
+        setTimeout(() => resolve(''), 5_000);
+    });
+}
+function emitDecision(out) {
+    process.stdout.write(JSON.stringify(out) + '\n');
+}
+function fail(message, exitCode = 0) {
+    const closed = process.env.INTERVEN_FAIL_CLOSED === '1';
+    emitDecision(closed
+        ? {
+            decision: 'block',
+            reason: `Interven hook failed-closed: ${message}`,
+            permissionDecision: 'deny',
+            permissionDecisionReason: `Interven hook failed-closed: ${message}`,
+        }
+        : {
+            decision: 'approve',
+            reason: `Interven hook failed-open: ${message}`,
+            permissionDecision: 'allow',
+            permissionDecisionReason: `Interven hook failed-open: ${message}`,
+        });
+    // eslint-disable-next-line no-console
+    console.error(`[interven-claude-code-hook] ${message}`);
+    process.exit(exitCode);
+}
+/**
+ * Map a Claude Code tool call to the {method, url, body} shape Interven scans.
+ *
+ * Claude Code tools are local (Read, Write, Bash, Edit, ...) — they don't
+ * have a real HTTP URL. We synthesize a custom_proxy URL that encodes the
+ * tool name + arg fingerprint so policies/baseline can match on it. The
+ * body holds the full input.
+ */
+export function buildScanRequest(toolName, toolInput) {
+    const argKeys = Object.keys(toolInput).sort();
+    const fingerprint = createHash('sha256')
+        .update(JSON.stringify(toolInput))
+        .digest('hex')
+        .slice(0, 12);
+    // Map common Claude Code tools to HTTP verb hints — POST for writes, GET for reads.
+    // This lets policy rules match on `verbs: [READ]` or `verbs: [WRITE]` cleanly.
+    const writeTools = new Set(['Write', 'Edit', 'NotebookEdit', 'MultiEdit', 'Bash']);
+    const verbHint = writeTools.has(toolName) ? 'POST' : 'GET';
+    const urlPath = `/claude-code/${toolName}/${fingerprint}`;
+    const url = `https://claude-code.interven.local${urlPath}`;
+    return {
+        method: verbHint,
+        url,
+        body: { tool: toolName, args: toolInput, args_keys: argKeys },
+        agent_name: 'claude-code',
+    };
+}
+async function scan(req) {
+    const apiKey = process.env.INTERVEN_API_KEY;
+    if (!apiKey) {
+        throw new Error('INTERVEN_API_KEY environment variable is not set');
+    }
+    const gateway = (process.env.INTERVEN_GATEWAY || 'https://api.intervensecurity.com').replace(/\/+$/, '');
+    const ac = new AbortController();
+    const timeoutMs = parseInt(process.env.INTERVEN_TIMEOUT_MS || '5000', 10);
+    const timeout = setTimeout(() => ac.abort(), timeoutMs);
+    try {
+        const resp = await fetch(`${gateway}/v1/scan`, {
+            method: 'POST',
+            headers: {
+                'content-type': 'application/json',
+                authorization: `Bearer ${apiKey}`,
+                'user-agent': `interven-claude-code-hook/${HOOK_VERSION}`,
+            },
+            body: JSON.stringify({
+                method: req.method,
+                url: req.url,
+                body: req.body,
+                agent_name: req.agent_name,
+                runtime_type: 'claude_code',
+            }),
+            signal: ac.signal,
+        });
+        if (!resp.ok) {
+            throw new Error(`HTTP ${resp.status}: ${(await resp.text()).slice(0, 200)}`);
+        }
+        return (await resp.json());
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+async function main() {
+    const raw = await readStdin();
+    if (!raw.trim()) {
+        fail('empty stdin — hook invoked without payload');
+    }
+    let input;
+    try {
+        input = JSON.parse(raw);
+    }
+    catch (e) {
+        fail(`invalid JSON on stdin: ${e instanceof Error ? e.message : String(e)}`);
+    }
+    if (!input.tool_name) {
+        // Nothing to scan; allow.
+        emitDecision({ decision: 'approve', permissionDecision: 'allow' });
+        return;
+    }
+    const req = buildScanRequest(input.tool_name, input.tool_input ?? {});
+    let result;
+    try {
+        result = await scan(req);
+    }
+    catch (e) {
+        fail(`scan failed: ${e instanceof Error ? e.message : String(e)}`);
+    }
+    switch (result.decision) {
+        case 'ALLOW':
+            emitDecision({
+                decision: 'approve',
+                reason: `Interven ALLOW (risk=${result.risk_band})`,
+                permissionDecision: 'allow',
+                permissionDecisionReason: `Interven ALLOW (risk=${result.risk_band})`,
+            });
+            return;
+        case 'DENY': {
+            const reasons = result.reason_codes.length ? ` (${result.reason_codes.join(', ')})` : '';
+            const msg = `Interven DENY${reasons}. Trace: ${result.trace_id}. ` +
+                'See https://app.intervensecurity.com/activity for details.';
+            emitDecision({
+                decision: 'block',
+                reason: msg,
+                permissionDecision: 'deny',
+                permissionDecisionReason: msg,
+            });
+            return;
+        }
+        case 'SANITIZE': {
+            // Hook can't rewrite tool args mid-flight. Allow with a notice; the
+            // scan event is recorded with SANITIZE for audit. If the agent's tool
+            // then makes a real HTTP call out (e.g. WebFetch), the gateway proxy
+            // will enforce sanitization at that layer.
+            const reasons = result.reason_codes.length ? ` (${result.reason_codes.join(', ')})` : '';
+            const msg = `Interven SANITIZE${reasons} — sensitive data detected; logged for audit.`;
+            emitDecision({
+                decision: 'approve',
+                reason: msg,
+                permissionDecision: 'allow',
+                permissionDecisionReason: msg,
+            });
+            return;
+        }
+        case 'REQUIRE_APPROVAL': {
+            const approvalUrl = result.approval_id
+                ? `https://app.intervensecurity.com/approvals/${result.approval_id}`
+                : 'https://app.intervensecurity.com/approvals';
+            const msg = `Interven REQUIRE_APPROVAL — analyst review needed. Approve at ${approvalUrl}, ` +
+                'then retry within 10 minutes for auto-allow.';
+            emitDecision({
+                decision: 'block',
+                reason: msg,
+                permissionDecision: 'deny',
+                permissionDecisionReason: msg,
+            });
+            return;
+        }
+        default:
+            // Unknown decision — fail open with a notice.
+            emitDecision({
+                decision: 'approve',
+                reason: `Interven returned unknown decision: ${result.decision}`,
+                permissionDecision: 'allow',
+                permissionDecisionReason: `Interven returned unknown decision: ${result.decision}`,
+            });
+    }
+}
+main().catch((e) => {
+    fail(`unexpected error: ${e instanceof Error ? e.message : String(e)}`);
+});
+//# sourceMappingURL=hook.js.map

package/dist/hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hook.js","sourceRoot":"","sources":["../src/hook.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4CG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,YAAY,GAAG,OAAO,CAAC;AA8B7B,SAAS,SAAS;IAChB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7D,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC/E,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAClC,uEAAuE;QACvE,yDAAyD;QACzD,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,GAAyB;IAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,IAAI,CAAC,OAAe,EAAE,QAAQ,GAAG,CAAC;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,GAAG,CAAC;IACxD,YAAY,CACV,MAAM;QACJ,CAAC,CAAC;YACE,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,gCAAgC,OAAO,EAAE;YACjD,kBAAkB,EAAE,MAAM;YAC1B,wBAAwB,EAAE,gCAAgC,OAAO,EAAE;SACpE;QACH,CAAC,CAAC;YACE,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,8BAA8B,OAAO,EAAE;YAC/C,kBAAkB,EAAE,OAAO;YAC3B,wBAAwB,EAAE,8BAA8B,OAAO,EAAE;SAClE,CACN,CAAC;IACF,sCAAsC;IACtC,OAAO,CAAC,KAAK,CAAC,+BAA+B,OAAO,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,SAAkC;IAElC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9C,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;SACrC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;SACjC,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEhB,oFAAoF;IACpF,+EAA+E;IAC/E,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;IACnF,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAE3D,MAAM,OAAO,GAAG,gBAAgB,QAAQ,IAAI,WAAW,EAAE,CAAC;IAC1D,MAAM,GAAG,GAAG,qCAAqC,OAAO,EAAE,CAAC;IAE3D,OAAO;QACL,MAAM,EAAE,QAAQ;QAChB,GAAG;QACH,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE;QAC7D,UAAU,EAAE,aAAa;KAC1B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,IAAI,CAAC,GAAwC;IAC1D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,OAAO,GACX,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,kCAAkC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAE3F,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAExD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,UAAU,EAAE;YAC7C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,MAAM,EAAE;gBACjC,YAAY,EAAE,6BAA6B,YAAY,EAAE;aAC1D;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,YAAY,EAAE,aAAa;aAC5B,CAAC;YACF,MAAM,EAAE,EAAE,CAAC,MAAM;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,MAAM,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAiB,CAAC;IAC7C,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,GAAG,GAAG,MAAM,SAAS,EAAE,CAAC;IAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;QAChB,IAAI,CAAC,4CAA4C,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,KAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,CAAC;IACjD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,0BAA0B,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACrB,0BAA0B;QAC1B,YAAY,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC,CAAC;QACnE,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,gBAAgB,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;IAEtE,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,gBAAgB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,QAAQ,MAAM,CAAC,QAAQ,EAAE,CAAC;QACxB,KAAK,OAAO;YACV,YAAY,CAAC;gBACX,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,wBAAwB,MAAM,CAAC,SAAS,GAAG;gBACnD,kBAAkB,EAAE,OAAO;gBAC3B,wBAAwB,EAAE,wBAAwB,MAAM,CAAC,SAAS,GAAG;aACtE,CAAC,CAAC;YACH,OAAO;QACT,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACzF,MAAM,GAAG,GACP,gBAAgB,OAAO,YAAY,MAAM,CAAC,QAAQ,IAAI;gBACtD,4DAA4D,CAAC;YAC/D,YAAY,CAAC;gBACX,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,GAAG;gBACX,kBAAkB,EAAE,MAAM;gBAC1B,wBAAwB,EAAE,GAAG;aAC9B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,oEAAoE;YACpE,sEAAsE;YACtE,qEAAqE;YACrE,2CAA2C;YAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACzF,MAAM,GAAG,GAAG,oBAAoB,OAAO,+CAA+C,CAAC;YACvF,YAAY,CAAC;gBACX,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,GAAG;gBACX,kBAAkB,EAAE,OAAO;gBAC3B,wBAAwB,EAAE,GAAG;aAC9B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,KAAK,kBAAkB,CAAC,CAAC,CAAC;YACxB,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW;gBACpC,CAAC,CAAC,8CAA8C,MAAM,CAAC,WAAW,EAAE;gBACpE,CAAC,CAAC,4CAA4C,CAAC;YACjD,MAAM,GAAG,GACP,iEAAiE,WAAW,IAAI;gBAChF,8CAA8C,CAAC;YACjD,YAAY,CAAC;gBACX,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,GAAG;gBACX,kBAAkB,EAAE,MAAM;gBAC1B,wBAAwB,EAAE,GAAG;aAC9B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD;YACE,8CAA8C;YAC9C,YAAY,CAAC;gBACX,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,uCAAuC,MAAM,CAAC,QAAQ,EAAE;gBAChE,kBAAkB,EAAE,OAAO;gBAC3B,wBAAwB,EAAE,uCAAuC,MAAM,CAAC,QAAQ,EAAE;aACnF,CAAC,CAAC;IACP,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACjB,IAAI,CAAC,qBAAqB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AAC1E,CAAC,CAAC,CAAC"}

package/examples/settings.json

@@ -0,0 +1,17 @@
+{
+  "_comment": "Drop this in ~/.claude/settings.json or <repo>/.claude/settings.json to wire Interven into Claude Code.",
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx -y @interven/claude-code-hook",
+            "timeout": 10
+          }
+        ]
+      }
+    ]
+  }
+}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@interven/claude-code-hook",
+  "version": "0.1.0",
+  "description": "Claude Code PreToolUse hook for Interven. Scans every Claude Code tool call (Read/Write/Edit/Bash/Glob/Grep/MCP) through Interven before execution. Blocks .env reads, denies destructive shell, redacts secrets — no agent code change.",
+  "license": "MIT",
+  "type": "module",
+  "bin": {
+    "interven-claude-code-hook": "dist/hook.js"
+  },
+  "main": "dist/hook.js",
+  "files": [
+    "dist",
+    "examples",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/hook.ts",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "interven",
+    "claude-code",
+    "anthropic",
+    "claude",
+    "ai-security",
+    "preToolUse",
+    "hook",
+    "agent-firewall"
+  ],
+  "author": "Interven Security <support@intervensecurity.com>",
+  "homepage": "https://docs.intervensecurity.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/intervensecurity/claude-code-hook"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "devDependencies": {
+    "@types/node": "^20.16.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.6.0"
+  }
+}