@rafter-security/cli 0.6.5 → 0.6.6

package/dist/commands/agent/init.js

@@ -8,9 +8,45 @@ import os from "os";
 import { execSync } from "child_process";
 import { fileURLToPath } from "url";
 import { createRequire } from "module";
+import { createInterface } from "readline";
 import { fmt } from "../../utils/formatter.js";
+import { injectInstructionFile } from "./instruction-block.js";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
+/**
+ * Install global instruction files for platforms that support them.
+ *
+ * Only Claude Code (~/.claude/CLAUDE.md) and Cursor (~/.cursor/rules/*.mdc)
+ * have confirmed global instruction file paths. Other platforms (Codex, Gemini,
+ * Windsurf, Continue.dev, Aider) only support project-level instruction files
+ * (AGENTS.md, GEMINI.md, .windsurfrules, .continuerules, .aider/conventions.md)
+ * which are handled by `rafter agent init-project` (not yet implemented).
+ */
+function installGlobalInstructions(platforms) {
+    const homeDir = os.homedir();
+    // Claude Code — ~/.claude/CLAUDE.md (confirmed global instruction file)
+    if (platforms.claudeCode) {
+        try {
+            const filePath = path.join(homeDir, ".claude", "CLAUDE.md");
+            injectInstructionFile(filePath);
+            console.log(fmt.success(`Installed Rafter instructions to ${filePath}`));
+        }
+        catch (e) {
+            console.log(fmt.warning(`Failed to write Claude Code instructions: ${e}`));
+        }
+    }
+    // Cursor — ~/.cursor/rules/rafter-security.mdc (global rules directory, markdown format)
+    if (platforms.cursor) {
+        try {
+            const filePath = path.join(homeDir, ".cursor", "rules", "rafter-security.mdc");
+            injectInstructionFile(filePath);
+            console.log(fmt.success(`Installed Rafter instructions to ${filePath}`));
+        }
+        catch (e) {
+            console.log(fmt.warning(`Failed to write Cursor instructions: ${e}`));
+        }
+    }
+}
 function installClaudeCodeHooks() {
     const homeDir = os.homedir();
     const settingsPath = path.join(homeDir, ".claude", "settings.json");
@@ -54,6 +90,175 @@ function installClaudeCodeHooks() {
     console.log(fmt.success(`Installed PreToolUse hooks to ${settingsPath}`));
     console.log(fmt.success(`Installed PostToolUse hooks to ${settingsPath}`));
 }
+function installCodexHooks() {
+    const homeDir = os.homedir();
+    const codexDir = path.join(homeDir, ".codex");
+    if (!fs.existsSync(codexDir)) {
+        fs.mkdirSync(codexDir, { recursive: true });
+    }
+    const hooksPath = path.join(codexDir, "hooks.json");
+    let config = {};
+    if (fs.existsSync(hooksPath)) {
+        try {
+            config = JSON.parse(fs.readFileSync(hooksPath, "utf-8"));
+        }
+        catch {
+            console.log(fmt.warning("Existing Codex hooks.json was unreadable, creating new one"));
+        }
+    }
+    if (!config.hooks)
+        config.hooks = {};
+    if (!config.hooks.PreToolUse)
+        config.hooks.PreToolUse = [];
+    if (!config.hooks.PostToolUse)
+        config.hooks.PostToolUse = [];
+    // Codex uses the same hookSpecificOutput protocol as Claude Code (format=claude)
+    const preHook = { type: "command", command: "rafter hook pretool" };
+    const postHook = { type: "command", command: "rafter hook posttool" };
+    // Remove existing rafter hooks
+    config.hooks.PreToolUse = config.hooks.PreToolUse.filter((entry) => !(entry.hooks || []).some((h) => h.command?.startsWith("rafter hook pretool")));
+    config.hooks.PostToolUse = config.hooks.PostToolUse.filter((entry) => !(entry.hooks || []).some((h) => h.command?.startsWith("rafter hook posttool")));
+    config.hooks.PreToolUse.push({ matcher: "Bash", hooks: [preHook] });
+    config.hooks.PostToolUse.push({ matcher: ".*", hooks: [postHook] });
+    fs.writeFileSync(hooksPath, JSON.stringify(config, null, 2), "utf-8");
+    console.log(fmt.success(`Installed hooks to ${hooksPath}`));
+}
+function installCursorHooks() {
+    const homeDir = os.homedir();
+    const cursorDir = path.join(homeDir, ".cursor");
+    if (!fs.existsSync(cursorDir)) {
+        fs.mkdirSync(cursorDir, { recursive: true });
+    }
+    const hooksPath = path.join(cursorDir, "hooks.json");
+    let config = {};
+    if (fs.existsSync(hooksPath)) {
+        try {
+            config = JSON.parse(fs.readFileSync(hooksPath, "utf-8"));
+        }
+        catch {
+            console.log(fmt.warning("Existing Cursor hooks.json was unreadable, creating new one"));
+        }
+    }
+    if (!config.version)
+        config.version = 1;
+    if (!config.hooks)
+        config.hooks = {};
+    if (!config.hooks.beforeShellExecution)
+        config.hooks.beforeShellExecution = [];
+    // Remove existing rafter hooks
+    config.hooks.beforeShellExecution = config.hooks.beforeShellExecution.filter((entry) => !entry.command?.includes("rafter hook pretool"));
+    config.hooks.beforeShellExecution.push({
+        command: "rafter hook pretool --format cursor",
+        type: "command",
+        timeout: 5000,
+    });
+    fs.writeFileSync(hooksPath, JSON.stringify(config, null, 2), "utf-8");
+    console.log(fmt.success(`Installed hooks to ${hooksPath}`));
+}
+function installGeminiHooks() {
+    const homeDir = os.homedir();
+    const geminiDir = path.join(homeDir, ".gemini");
+    if (!fs.existsSync(geminiDir)) {
+        fs.mkdirSync(geminiDir, { recursive: true });
+    }
+    const settingsPath = path.join(geminiDir, "settings.json");
+    let settings = {};
+    if (fs.existsSync(settingsPath)) {
+        try {
+            settings = JSON.parse(fs.readFileSync(settingsPath, "utf-8"));
+        }
+        catch {
+            console.log(fmt.warning("Existing Gemini settings.json was unreadable, creating new one"));
+        }
+    }
+    if (!settings.hooks)
+        settings.hooks = {};
+    if (!settings.hooks.BeforeTool)
+        settings.hooks.BeforeTool = [];
+    if (!settings.hooks.AfterTool)
+        settings.hooks.AfterTool = [];
+    // Remove existing rafter hooks
+    settings.hooks.BeforeTool = settings.hooks.BeforeTool.filter((entry) => !(entry.hooks || []).some((h) => h.command?.includes("rafter hook pretool")));
+    settings.hooks.AfterTool = settings.hooks.AfterTool.filter((entry) => !(entry.hooks || []).some((h) => h.command?.includes("rafter hook posttool")));
+    settings.hooks.BeforeTool.push({
+        matcher: "shell|write_file",
+        hooks: [{ type: "command", command: "rafter hook pretool --format gemini", timeout: 5000 }],
+    });
+    settings.hooks.AfterTool.push({
+        matcher: ".*",
+        hooks: [{ type: "command", command: "rafter hook posttool --format gemini", timeout: 5000 }],
+    });
+    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2), "utf-8");
+    console.log(fmt.success(`Installed hooks to ${settingsPath}`));
+}
+function installWindsurfHooks() {
+    const homeDir = os.homedir();
+    const windsurfDir = path.join(homeDir, ".windsurf");
+    if (!fs.existsSync(windsurfDir)) {
+        fs.mkdirSync(windsurfDir, { recursive: true });
+    }
+    const hooksPath = path.join(windsurfDir, "hooks.json");
+    let config = {};
+    if (fs.existsSync(hooksPath)) {
+        try {
+            config = JSON.parse(fs.readFileSync(hooksPath, "utf-8"));
+        }
+        catch {
+            console.log(fmt.warning("Existing Windsurf hooks.json was unreadable, creating new one"));
+        }
+    }
+    if (!config.hooks)
+        config.hooks = {};
+    if (!config.hooks.pre_run_command)
+        config.hooks.pre_run_command = [];
+    if (!config.hooks.pre_write_code)
+        config.hooks.pre_write_code = [];
+    // Remove existing rafter hooks
+    config.hooks.pre_run_command = config.hooks.pre_run_command.filter((entry) => !entry.command?.includes("rafter hook pretool"));
+    config.hooks.pre_write_code = config.hooks.pre_write_code.filter((entry) => !entry.command?.includes("rafter hook pretool"));
+    config.hooks.pre_run_command.push({
+        command: "rafter hook pretool --format windsurf",
+        show_output: true,
+    });
+    config.hooks.pre_write_code.push({
+        command: "rafter hook pretool --format windsurf",
+        show_output: true,
+    });
+    fs.writeFileSync(hooksPath, JSON.stringify(config, null, 2), "utf-8");
+    console.log(fmt.success(`Installed hooks to ${hooksPath}`));
+}
+function installContinueDevHooks() {
+    const homeDir = os.homedir();
+    const continueDir = path.join(homeDir, ".continue");
+    if (!fs.existsSync(continueDir)) {
+        fs.mkdirSync(continueDir, { recursive: true });
+    }
+    const settingsPath = path.join(continueDir, "settings.json");
+    let settings = {};
+    if (fs.existsSync(settingsPath)) {
+        try {
+            settings = JSON.parse(fs.readFileSync(settingsPath, "utf-8"));
+        }
+        catch {
+            console.log(fmt.warning("Existing Continue.dev settings.json was unreadable, creating new one"));
+        }
+    }
+    if (!settings.hooks)
+        settings.hooks = {};
+    if (!settings.hooks.PreToolUse)
+        settings.hooks.PreToolUse = [];
+    if (!settings.hooks.PostToolUse)
+        settings.hooks.PostToolUse = [];
+    // Continue.dev uses the same protocol as Claude Code
+    const preHook = { type: "command", command: "rafter hook pretool" };
+    const postHook = { type: "command", command: "rafter hook posttool" };
+    settings.hooks.PreToolUse = settings.hooks.PreToolUse.filter((entry) => !(entry.hooks || []).some((h) => h.command?.startsWith("rafter hook pretool")));
+    settings.hooks.PostToolUse = settings.hooks.PostToolUse.filter((entry) => !(entry.hooks || []).some((h) => h.command?.startsWith("rafter hook posttool")));
+    settings.hooks.PreToolUse.push({ matcher: "Bash", hooks: [preHook] }, { matcher: "Write|Edit", hooks: [preHook] });
+    settings.hooks.PostToolUse.push({ matcher: ".*", hooks: [postHook] });
+    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2), "utf-8");
+    console.log(fmt.success(`Installed hooks to ${settingsPath}`));
+}
 /** MCP server entry for rafter — shared across MCP-native clients */
 const RAFTER_MCP_ENTRY = {
     command: "rafter",
@@ -266,6 +471,20 @@ function installCodexSkills() {
         console.log(fmt.warning(`Agent Security skill template not found at ${agentTemplatePath}`));
     }
 }
+async function askYesNo(question, defaultYes = true) {
+    const rl = createInterface({ input: process.stdin, output: process.stderr });
+    const suffix = defaultYes ? "[Y/n]" : "[y/N]";
+    return new Promise((resolve) => {
+        rl.question(`  ${question} ${suffix} `, (answer) => {
+            rl.close();
+            const trimmed = answer.trim().toLowerCase();
+            if (trimmed === "")
+                resolve(defaultYes);
+            else
+                resolve(trimmed === "y" || trimmed === "yes");
+        });
+    });
+}
 export function createInitCommand() {
     return new Command("init")
         .description("Initialize agent security system")
@@ -280,6 +499,7 @@ export function createInitCommand() {
         .option("--with-continue", "Install Continue.dev integration")
         .option("--with-gitleaks", "Download and install Gitleaks binary")
         .option("--all", "Install all detected integrations and download Gitleaks")
+        .option("-i, --interactive", "Guided setup — prompts for each detected integration")
         .option("--update", "Re-download gitleaks and reinstall integrations without resetting config")
         .action(async (opts) => {
         console.log(fmt.header("Rafter Agent Security Setup"));
@@ -295,16 +515,41 @@ export function createInitCommand() {
         const hasWindsurf = fs.existsSync(path.join(os.homedir(), ".codeium", "windsurf"));
         const hasContinueDev = fs.existsSync(path.join(os.homedir(), ".continue"));
         const hasAider = fs.existsSync(path.join(os.homedir(), ".aider.conf.yml"));
-        // Resolve opt-in flags (--all enables all detected)
-        const wantOpenClaw = opts.withOpenclaw || opts.all;
-        const wantClaudeCode = opts.withClaudeCode || opts.all;
-        const wantCodex = opts.withCodex || opts.all;
-        const wantGemini = opts.withGemini || opts.all;
-        const wantCursor = opts.withCursor || opts.all;
-        const wantWindsurf = opts.withWindsurf || opts.all;
-        const wantContinue = opts.withContinue || opts.all;
-        const wantAider = opts.withAider || opts.all;
-        const wantGitleaks = opts.withGitleaks || opts.all;
+        // Resolve opt-in flags (--all enables all detected, --interactive prompts)
+        let wantOpenClaw = opts.withOpenclaw || opts.all;
+        let wantClaudeCode = opts.withClaudeCode || opts.all;
+        let wantCodex = opts.withCodex || opts.all;
+        let wantGemini = opts.withGemini || opts.all;
+        let wantCursor = opts.withCursor || opts.all;
+        let wantWindsurf = opts.withWindsurf || opts.all;
+        let wantContinue = opts.withContinue || opts.all;
+        let wantAider = opts.withAider || opts.all;
+        let wantGitleaks = opts.withGitleaks || opts.all;
+        // Interactive mode: prompt for each detected integration
+        if (opts.interactive && !opts.all) {
+            console.log();
+            console.log(fmt.info("Select integrations to install:"));
+            console.log();
+            if (hasClaudeCode && !wantClaudeCode)
+                wantClaudeCode = await askYesNo("Install Claude Code hooks + skills?");
+            if (hasCodex && !wantCodex)
+                wantCodex = await askYesNo("Install Codex CLI skills + hooks?");
+            if (hasOpenClaw && !wantOpenClaw)
+                wantOpenClaw = await askYesNo("Install OpenClaw skill?");
+            if (hasGemini && !wantGemini)
+                wantGemini = await askYesNo("Install Gemini CLI MCP + hooks?");
+            if (hasCursor && !wantCursor)
+                wantCursor = await askYesNo("Install Cursor MCP + hooks?");
+            if (hasWindsurf && !wantWindsurf)
+                wantWindsurf = await askYesNo("Install Windsurf MCP + hooks?");
+            if (hasContinueDev && !wantContinue)
+                wantContinue = await askYesNo("Install Continue.dev MCP + hooks?");
+            if (hasAider && !wantAider)
+                wantAider = await askYesNo("Install Aider MCP server?");
+            if (!wantGitleaks)
+                wantGitleaks = await askYesNo("Download Gitleaks binary (enhanced scanning)?");
+            console.log();
+        }
         // Show detected environments with opt-in hints
         const detected = [];
         if (hasOpenClaw)
@@ -465,11 +710,12 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Claude Code integration: ${e}`));
             }
         }
-        // Install Codex CLI skills if opted in
+        // Install Codex CLI skills + hooks if opted in
         let codexOk = false;
         if (hasCodex && wantCodex) {
             try {
                 installCodexSkills();
+                installCodexHooks();
                 manager.set("agent.environments.codex.enabled", true);
                 codexOk = true;
             }
@@ -477,11 +723,12 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Codex CLI integration: ${e}`));
             }
         }
-        // Install Gemini CLI MCP if opted in
+        // Install Gemini CLI MCP + hooks if opted in
         let geminiOk = false;
         if (hasGemini && wantGemini) {
             try {
                 geminiOk = installGeminiMcp();
+                installGeminiHooks();
                 if (geminiOk)
                     manager.set("agent.environments.gemini.enabled", true);
             }
@@ -489,11 +736,12 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Gemini CLI integration: ${e}`));
             }
         }
-        // Install Cursor MCP if opted in
+        // Install Cursor MCP + hooks if opted in
         let cursorOk = false;
         if (hasCursor && wantCursor) {
             try {
                 cursorOk = installCursorMcp();
+                installCursorHooks();
                 if (cursorOk)
                     manager.set("agent.environments.cursor.enabled", true);
             }
@@ -501,11 +749,12 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Cursor integration: ${e}`));
             }
         }
-        // Install Windsurf MCP if opted in
+        // Install Windsurf MCP + hooks if opted in
         let windsurfOk = false;
         if (hasWindsurf && wantWindsurf) {
             try {
                 windsurfOk = installWindsurfMcp();
+                installWindsurfHooks();
                 if (windsurfOk)
                     manager.set("agent.environments.windsurf.enabled", true);
             }
@@ -513,11 +762,12 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Windsurf integration: ${e}`));
             }
         }
-        // Install Continue.dev MCP if opted in
+        // Install Continue.dev MCP + hooks if opted in
         let continueOk = false;
         if (hasContinueDev && wantContinue) {
             try {
                 continueOk = installContinueDevMcp();
+                installContinueDevHooks();
                 if (continueOk)
                     manager.set("agent.environments.continueDev.enabled", true);
             }
@@ -537,6 +787,11 @@ export function createInitCommand() {
                 console.error(fmt.error(`Failed to install Aider integration: ${e}`));
             }
         }
+        // Install global instruction files for platforms that support them
+        installGlobalInstructions({
+            claudeCode: claudeCodeOk,
+            cursor: cursorOk,
+        });
         console.log();
         console.log(fmt.success("Agent security initialized!"));
         console.log();

package/dist/commands/agent/instruction-block.js

@@ -0,0 +1,63 @@
+import fs from "fs";
+import path from "path";
+export const RAFTER_MARKER_START = "<!-- rafter:start -->";
+export const RAFTER_MARKER_END = "<!-- rafter:end -->";
+/** Rafter security context block for agent instruction files (CLAUDE.md, AGENTS.md, etc.) */
+export const RAFTER_INSTRUCTION_BLOCK = `${RAFTER_MARKER_START}
+## Security: Rafter
+
+This environment has Rafter available — the security toolkit built for AI workflows.
+
+**Local scanning** (always available, no API key needed):
+- \`rafter scan local .\` — scan for leaked credentials
+- \`rafter scan local --staged\` — scan staged changes only
+
+**Remote analysis** (requires RAFTER_API_KEY):
+- \`rafter run\` — deterministic SAST, secret detection, dependency checks
+- \`rafter run --mode plus\` — agentic deep-dive with additional analysis passes
+
+Consider scanning before pushing, shipping features, or merging PRs.
+If RAFTER_API_KEY is not set, local scanning still works — use what's available.
+
+**Project integration:**
+- \`rafter agent install-hook\` — pre-commit secret scanning
+- \`rafter ci init\` — add scanning to CI/CD pipeline
+- \`.rafter.yml\` — project-specific security policy
+
+**More:**
+- \`rafter agent audit-skill <path>\` — audit a skill before installing
+- \`rafter agent audit --last 5\` — recent security events
+- \`rafter brief commands\` — full CLI reference
+${RAFTER_MARKER_END}`;
+/**
+ * Write a Rafter instruction block into an instruction file.
+ * Uses marker comments for idempotent updates — existing rafter blocks are replaced,
+ * non-rafter content is preserved.
+ */
+export function injectInstructionFile(filePath) {
+    const dir = path.dirname(filePath);
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+    const block = RAFTER_INSTRUCTION_BLOCK;
+    const startMarker = RAFTER_MARKER_START;
+    const endMarker = RAFTER_MARKER_END;
+    let content = "";
+    if (fs.existsSync(filePath)) {
+        content = fs.readFileSync(filePath, "utf-8");
+    }
+    // Replace existing block or append
+    const startIdx = content.indexOf(startMarker);
+    const endIdx = content.indexOf(endMarker);
+    if (startIdx !== -1 && endIdx !== -1) {
+        content = content.slice(0, startIdx) + block + content.slice(endIdx + endMarker.length);
+    }
+    else {
+        if (content.length > 0 && !content.endsWith("\n\n")) {
+            content += content.endsWith("\n") ? "\n" : "\n\n";
+        }
+        content += block + "\n";
+    }
+    fs.writeFileSync(filePath, content, "utf-8");
+    return true;
+}

package/dist/commands/brief.js

@@ -128,6 +128,43 @@ function buildTopics() {
             description: "Setup instructions for unsupported / generic agents",
             render: () => renderPlatformSetup("generic"),
         },
+        pricing: {
+            description: "What's free, what's paid, and the philosophy behind it",
+            render: () => [
+                "# Rafter Pricing",
+                "",
+                "**Free forever for individuals and open source. No account required. No telemetry.**",
+                "",
+                "## What's Free",
+                "",
+                "All local agent security features are free with no limits:",
+                "",
+                "- Secret scanning (21+ patterns, Gitleaks integration)",
+                "- Pre-commit hooks (local and global)",
+                "- Command interception with risk-tiered approval",
+                "- Skill/extension auditing",
+                "- Audit logging",
+                "- MCP server for tool integration",
+                "- CI/CD pipeline generation",
+                "- All supported agent integrations (Claude Code, Codex, Gemini, Cursor, Windsurf, Aider, OpenClaw, Continue.dev)",
+                "",
+                "No API key. No sign-up. No telemetry. No data collection. No network access required.",
+                "Everything runs locally on your machine. MIT licensed.",
+                "",
+                "## Remote Code Analysis (API)",
+                "",
+                "Remote SAST/SCA scanning via the Rafter API has a free tier.",
+                "Sign up at rafter.so for an API key. Enterprise plans offer higher",
+                "limits, dashboards, policy management, and compliance reporting.",
+                "",
+                "## Philosophy",
+                "",
+                "Security tooling should be free for the people writing code.",
+                "Generous free tiers drive bottom-up adoption. Enterprise value",
+                "comes from dashboards, policy, and compliance — not from gating",
+                "the tools developers use every day.",
+            ].join("\n"),
+        },
         all: {
             description: "Everything — full security + scanning + setup briefing",
             render: () => {

package/dist/commands/ci/init.js

@@ -47,7 +47,7 @@ export function createCiInitCommand() {
         if (platform === "github") {
             console.log();
             console.log("Alternatives:");
-            console.log("  - GitHub Action: uses: Raftersecurity/rafter-cli@v0");
+            console.log("  - GitHub Action: uses: Raftersecurity/rafter-cli@v1");
             console.log("  - Pre-commit:  https://github.com/Raftersecurity/rafter-cli#pre-commit-framework");
         }
         console.log();
@@ -74,7 +74,7 @@ function generateTemplate(platform, withBackend) {
 }
 function githubTemplate(withBackend) {
     let yaml = `# Generated by: rafter ci init
-# Alternative: uses: Raftersecurity/rafter-cli@v0
+# Alternative: uses: Raftersecurity/rafter-cli@v1
 name: Rafter Security
 
 on:

package/dist/commands/hook/posttool.js

@@ -4,31 +4,71 @@ import { AuditLogger } from "../../core/audit-logger.js";
 export function createHookPosttoolCommand() {
     return new Command("posttool")
         .description("PostToolUse hook handler (reads stdin, redacts secrets in output, writes JSON to stdout)")
-        .action(async () => {
+        .option("--format <format>", "Output format: claude (default, also Codex/Continue), cursor, gemini, windsurf", "claude")
+        .action(async (opts) => {
+        const format = (opts.format || "claude");
         try {
             const input = await readStdin();
-            let payload;
+            let raw;
             try {
-                payload = JSON.parse(input);
+                raw = JSON.parse(input);
             }
             catch {
-                writeOutput({ action: "continue" });
+                writeOutput({ action: "continue" }, format);
                 return;
             }
             // Validate payload is an object with expected shape
-            if (!payload || typeof payload !== "object" || Array.isArray(payload)) {
-                writeOutput({ action: "continue" });
+            if (!raw || typeof raw !== "object" || Array.isArray(raw)) {
+                writeOutput({ action: "continue" }, format);
                 return;
             }
+            const payload = normalizePostInput(raw, format);
             const output = evaluateToolResponse(payload);
-            writeOutput(output);
+            writeOutput(output, format);
         }
         catch {
             // Any unexpected error → fail open
-            writeOutput({ action: "continue" });
+            writeOutput({ action: "continue" }, format);
         }
     });
 }
+/**
+ * Normalize platform-specific PostToolUse stdin into common shape.
+ * Windsurf sends { tool_info: { stdout, stderr } }, Cursor sends { output, ... }.
+ */
+function normalizePostInput(raw, format) {
+    if (format === "windsurf") {
+        const toolInfo = raw.tool_info || {};
+        return {
+            session_id: raw.trajectory_id,
+            tool_name: raw.agent_action_name?.includes("run_command") ? "Bash" : (toolInfo.mcp_tool_name || "unknown"),
+            tool_input: {},
+            tool_response: {
+                output: toolInfo.stdout || toolInfo.output || "",
+                error: toolInfo.stderr || "",
+            },
+        };
+    }
+    if (format === "cursor") {
+        return {
+            session_id: raw.conversation_id,
+            tool_name: raw.hook_event_name === "afterShellExecution" ? "Bash" : (raw.tool_name || "unknown"),
+            tool_input: raw.tool_input || {},
+            tool_response: {
+                output: raw.output || raw.tool_response?.output || "",
+                content: raw.content || raw.tool_response?.content || "",
+                error: raw.error || raw.tool_response?.error || "",
+            },
+        };
+    }
+    // Claude, Codex, Continue, Gemini — same shape
+    return {
+        session_id: raw.session_id,
+        tool_name: raw.tool_name || "",
+        tool_input: raw.tool_input || {},
+        tool_response: raw.tool_response,
+    };
+}
 function evaluateToolResponse(payload) {
     const { tool_response } = payload;
     // No response body — pass through
@@ -82,6 +122,51 @@ function readStdin() {
         process.stdin.resume();
     });
 }
-function writeOutput(output) {
-    process.stdout.write(JSON.stringify(output) + "\n");
+function writeOutput(output, format) {
+    const isModify = output.action === "modify" && output.tool_response;
+    switch (format) {
+        case "cursor": {
+            // Cursor: { agentMessage?: string } for post-tool notifications
+            if (isModify) {
+                process.stdout.write(JSON.stringify({
+                    agentMessage: "Rafter redacted secrets from tool output",
+                }) + "\n");
+            }
+            // No output for continue (noop)
+            break;
+        }
+        case "gemini": {
+            // Gemini AfterTool: { systemMessage?: string } or {}
+            if (isModify) {
+                process.stdout.write(JSON.stringify({
+                    systemMessage: "Rafter redacted secrets from tool output",
+                }) + "\n");
+            }
+            else {
+                process.stdout.write("{}\n");
+            }
+            break;
+        }
+        case "windsurf": {
+            // Windsurf: exit 0 for continue, stderr for notification
+            if (isModify) {
+                process.stderr.write("Rafter: secrets redacted from tool output\n");
+            }
+            // Always exit 0 for post-tool (never block after execution)
+            break;
+        }
+        default: {
+            // Claude Code / Codex / Continue.dev: hookSpecificOutput envelope
+            const hookOutput = {
+                hookSpecificOutput: {
+                    hookEventName: "PostToolUse",
+                },
+            };
+            if (isModify) {
+                hookOutput.hookSpecificOutput.modifiedToolResult = output.tool_response;
+            }
+            process.stdout.write(JSON.stringify(hookOutput) + "\n");
+            break;
+        }
+    }
 }