agent-security-scanner-mcp 3.3.0 → 3.4.0

package/index.js

@@ -17,9 +17,12 @@ import { fixSecuritySchema, fixSecurity } from './src/tools/fix-security.js';
 import { loadPackageLists, checkPackageSchema, checkPackage, getPackageStats } from './src/tools/check-package.js';
 import { scanPackagesSchema, scanPackages } from './src/tools/scan-packages.js';
 import { scanAgentPromptSchema, scanAgentPrompt } from './src/tools/scan-prompt.js';
+import { scanDiffSchema, scanDiff } from './src/tools/scan-diff.js';
+import { scanProjectSchema, scanProject } from './src/tools/scan-project.js';
 import { runInit } from './src/cli/init.js';
 import { runDoctor } from './src/cli/doctor.js';
 import { runDemo } from './src/cli/demo.js';
+import { runInitHooks } from './src/cli/init-hooks.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -134,6 +137,22 @@ server.tool(
   scanAgentPrompt
 );
 
+// Register scan_git_diff tool
+server.tool(
+  "scan_git_diff",
+  "Scan git diff for new security vulnerabilities. Only reports issues on changed lines. Use for PR reviews.",
+  scanDiffSchema,
+  scanDiff
+);
+
+// Register scan_project tool
+server.tool(
+  "scan_project",
+  "Scan an entire directory for security vulnerabilities with .gitignore support and security grading. Use verbosity='minimal' for grade + counts, 'compact' (default) for top issues, 'full' for all details.",
+  scanProjectSchema,
+  scanProject
+);
+
 // ===========================================
 // CLI COMMANDS - Extracted to src/cli/
 // ===========================================
@@ -156,6 +175,11 @@ if (cliArgs[0] === 'init') {
     console.error(`  Error: ${err.message}\n`);
     process.exit(1);
   });
+} else if (cliArgs[0] === 'init-hooks') {
+  runInitHooks(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
+    console.error(`  Error: ${err.message}\n`);
+    process.exit(1);
+  });
 } else if (cliArgs[0] === 'scan-prompt') {
   // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
   const text = cliArgs[1];
@@ -236,26 +260,102 @@ if (cliArgs[0] === 'init') {
     console.error(JSON.stringify({ error: err.message }));
     process.exit(1);
   });
+} else if (cliArgs[0] === 'scan-project') {
+  // CLI mode: scan-project <dir> [--recursive] [--diff-only] [--cross-file] [--include '*.py'] [--exclude '*.test.js'] [--verbosity minimal|compact|full]
+  const dirPath = cliArgs[1];
+  if (!dirPath || dirPath.startsWith('--')) {
+    console.error('Usage: agent-security-scanner-mcp scan-project <directory> [--recursive] [--diff-only] [--cross-file] [--include <pattern>] [--exclude <pattern>] [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const recursive = !cliArgs.includes('--no-recursive');
+  const diffOnly = cliArgs.includes('--diff-only');
+  const crossFile = cliArgs.includes('--cross-file');
+  const includeIdx = cliArgs.indexOf('--include');
+  const includePatterns = includeIdx !== -1 ? [cliArgs[includeIdx + 1]] : undefined;
+  const excludeIdx = cliArgs.indexOf('--exclude');
+  const excludePatterns = excludeIdx !== -1 ? [cliArgs[excludeIdx + 1]] : undefined;
+
+  scanProject({ directory_path: dirPath, recursive, diff_only: diffOnly, cross_file: crossFile, include_patterns: includePatterns, exclude_patterns: excludePatterns, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    const total = output.issues_count || output.total || 0;
+    process.exit(total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-diff') {
+  // CLI mode: scan-diff [base] [target] [--verbosity minimal|compact|full]
+  // Parse positional args, skipping flag values
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const flagValueIndices = new Set(verbosityIdx !== -1 ? [verbosityIdx, verbosityIdx + 1] : []);
+  const positionalArgs = cliArgs.slice(1).filter((arg, idx) => !arg.startsWith('--') && !flagValueIndices.has(idx + 1));
+  const baseRef = positionalArgs[0];
+  const targetRef = positionalArgs[1];
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  scanDiff({ base_ref: baseRef, target_ref: targetRef, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'benchmark') {
+  // CLI mode: benchmark [--save] [--json-only] [--compare-latest] [--corpus <path>]
+  const benchmarkPath = join(__dirname, 'benchmarks', 'benchmark_runner.py');
+  const benchArgs = [benchmarkPath];
+
+  // Pass through supported flags
+  for (let i = 1; i < cliArgs.length; i++) {
+    if (['--save', '--json-only', '--compare-latest'].includes(cliArgs[i])) {
+      benchArgs.push(cliArgs[i]);
+    } else if (cliArgs[i] === '--corpus' && cliArgs[i + 1]) {
+      benchArgs.push('--corpus', cliArgs[i + 1]);
+      i++;
+    }
+  }
+
+  try {
+    execFileSync('python3', benchArgs, { stdio: 'inherit', timeout: 300000 });
+  } catch (err) {
+    if (err.status) process.exit(err.status);
+    console.error(`Benchmark error: ${err.message}`);
+    process.exit(1);
+  }
+  process.exit(0);
 } else if (cliArgs[0] === '--help' || cliArgs[0] === '-h' || cliArgs[0] === 'help') {
   console.log('\n  agent-security-scanner-mcp\n');
   console.log('  Commands:');
   console.log('    init [client]        Set up MCP config for a client');
+  console.log('    init-hooks           Install Claude Code hooks for auto-scanning');
   console.log('    doctor [--fix]       Check environment & client configs');
-  console.log('    demo [--lang js]     Generate vulnerable file + scan it\n');
+  console.log('    demo [--lang js]     Generate vulnerable file + scan it');
+  console.log('    benchmark [flags]      Run accuracy benchmarks\n');
   console.log('  CLI Tools (for scripts & OpenClaw):');
   console.log('    scan-prompt <text>   Scan prompt for injection attacks');
   console.log('    scan-security <file> Scan file for vulnerabilities');
   console.log('    check-package <n> <e> Check if package exists in ecosystem');
-  console.log('    scan-packages <f> <e> Scan file imports for hallucinated packages\n');
+  console.log('    scan-packages <f> <e> Scan file imports for hallucinated packages');
+  console.log('    scan-project <dir>   Scan directory for vulnerabilities with grading');
+  console.log('    scan-diff [base] [target] Scan git diff for new vulnerabilities\n');
   console.log('    (no args)            Start MCP server on stdio\n');
   console.log('  Options:');
   console.log('    --verbosity <level>  minimal|compact|full (default: compact)');
-  console.log('    --format <type>      json|sarif (scan-security only)\n');
+  console.log('    --format <type>      json|sarif (scan-security only)');
+  console.log('    --include <pattern>  Include only matching files (scan-project)');
+  console.log('    --exclude <pattern>  Exclude matching files (scan-project)\n');
   console.log('  Examples:');
   console.log('    npx agent-security-scanner-mcp init');
   console.log('    npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"');
   console.log('    npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal');
-  console.log('    npx agent-security-scanner-mcp check-package flask pypi\n');
+  console.log('    npx agent-security-scanner-mcp check-package flask pypi');
+  console.log('    npx agent-security-scanner-mcp scan-project ./src --verbosity minimal');
+  console.log('    npx agent-security-scanner-mcp scan-diff HEAD~1');
+  console.log('    npx agent-security-scanner-mcp benchmark --save --compare-latest\n');
   process.exit(0);
 } else {
   // Normal MCP server mode

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.3.0",
+  "version": "3.4.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
   "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",
@@ -10,9 +10,11 @@
   },
   "scripts": {
     "start": "node index.js",
+    "postinstall": "node scripts/postinstall.js",
     "test": "vitest run",
     "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage"
+    "test:coverage": "vitest run --coverage",
+    "benchmark": "python3 benchmarks/benchmark_runner.py --save --compare-latest"
   },
   "keywords": [
     "mcp",
@@ -82,6 +84,9 @@
     "src/cli/*.js",
     "src/fix-patterns.js",
     "src/utils.js",
+    "src/dedup.js",
+    "src/context.js",
+    "src/config.js",
     "analyzer.py",
     "ast_parser.py",
     "generic_ast.py",
@@ -92,7 +97,9 @@
     "requirements.txt",
     "rules/**",
     "packages/**",
-    "skills/**"
+    "skills/**",
+    "scripts/postinstall.js",
+    "cross_file_analyzer.py"
   ],
   "devDependencies": {
     "all-the-package-names": "^2.0.2349",

package/pattern_matcher.py

@@ -430,6 +430,7 @@ class Finding:
     end_column: int = 0
     metavariables: Dict[str, str] = field(default_factory=dict)
     metadata: Dict[str, Any] = field(default_factory=dict)
+    confidence: str = "MEDIUM"
 
 
 class RuleEngine:

package/regex_fallback.py

@@ -9,10 +9,207 @@ from typing import List, Dict, Optional
 import re
 
 
+# Severity classification by vulnerability class
+SEVERITY_MAP = {
+    # ERROR - exploitable vulnerabilities (injection, RCE, deserialization)
+    'sql-injection': 'error',
+    'sql-injection-query': 'error',
+    'sql-injection-sprintf': 'error',
+    'sql-injection-where': 'error',
+    'sql-injection-order': 'error',
+    'sql-injection-raw': 'error',
+    'sql-injection-db-cursor': 'error',
+    'sql-injection-using-sqlalchemy': 'error',
+    'sql-injection-sqlcommand': 'error',
+    'sql-injection-sqlquery': 'error',
+    'sql-injection-concat': 'error',
+    'command-injection': 'error',
+    'command-injection-exec': 'error',
+    'command-injection-system': 'error',
+    'command-injection-open': 'error',
+    'command-injection-process-start': 'error',
+    'child-process-exec': 'error',
+    'spawn-shell': 'error',
+    'dangerous-subprocess-use': 'error',
+    'dangerous-system-call': 'error',
+    'eval-detected': 'error',
+    'eval-usage': 'error',
+    'exec-detected': 'error',
+    'pickle-load': 'error',
+    'unsafe-unserialize': 'error',
+    'unsafe-yaml-load': 'error',
+    'unsafe-marshal': 'error',
+    'yaml-load': 'error',
+    'file-inclusion': 'error',
+    'path-traversal': 'error',
+    'xss-echo': 'error',
+    'xss-raw': 'error',
+    'ssrf': 'error',
+    'open-redirect': 'error',
+    'backticks-exec': 'error',
+    'preg-code-exec': 'error',
+    'assert-usage': 'error',
+    'insecure-deserialization-binaryformatter': 'error',
+    'insecure-deserialization-xmlserializer': 'error',
+    'libc-system-call': 'error',
+    'format-string-printf': 'error',
+    'format-string-syslog': 'error',
+    'xss-innerhtml': 'error',
+    'xss-response-write': 'error',
+    'path-traversal-directory-delete': 'error',
+    'path-traversal-file-delete': 'error',
+    'path-traversal-file-read': 'error',
+
+    # WARNING - risky patterns requiring attention
+    'innerHTML': 'warning',
+    'outerHTML': 'warning',
+    'document-write': 'warning',
+    'insertAdjacentHTML': 'warning',
+    'dangerouslySetInnerHTML': 'warning',
+    'function-constructor': 'warning',
+    'setTimeout-string': 'warning',
+    'strcpy-usage': 'warning',
+    'strcat-usage': 'warning',
+    'sprintf-usage': 'warning',
+    'vsprintf-usage': 'warning',
+    'gets-usage': 'warning',
+    'system-usage': 'warning',
+    'popen-usage': 'warning',
+    'hardcoded-password': 'warning',
+    'hardcoded-secret': 'warning',
+    'hardcoded-api-key': 'warning',
+    'hardcoded-connection-string': 'warning',
+    'session-secret-hardcoded': 'warning',
+    'ssl-verify-disabled': 'warning',
+    'curl-ssl-disabled': 'warning',
+    'csrf-disabled': 'warning',
+    'mass-assignment-permit-all': 'warning',
+    'constantize': 'warning',
+    'render-inline': 'warning',
+    'privileged-container': 'warning',
+    'run-as-root': 'warning',
+    'allow-privilege-escalation': 'warning',
+    'host-network': 'warning',
+    'host-pid': 'warning',
+    'host-path': 'warning',
+    'secrets-in-env': 'warning',
+    'cluster-admin-binding': 'warning',
+    'capabilities-add': 'warning',
+    'no-readonly-root': 'warning',
+    'wildcard-rbac': 'warning',
+    's3-public-read': 'warning',
+    'security-group-open-ingress': 'warning',
+    'rds-public-access': 'warning',
+    'rds-encryption-disabled': 'warning',
+    'rds-deletion-protection': 'warning',
+    'cloudtrail-disabled': 'warning',
+    'kms-key-rotation': 'warning',
+    'ebs-encryption-disabled': 'warning',
+    'ec2-imdsv1': 'warning',
+    'phpinfo-exposure': 'warning',
+    'error-display': 'warning',
+    'permissive-cors': 'warning',
+    'mcrypt-deprecated': 'warning',
+    'aws-access-key-id': 'warning',
+    'aws-secret-access-key': 'warning',
+    'github-pat': 'warning',
+    'stripe-api-key': 'warning',
+    'private-key-rsa': 'warning',
+    'database-url': 'warning',
+    'jwt-token': 'warning',
+    'openai-api-key': 'warning',
+    'python.lang.security.audit.hardcoded-password': 'warning',
+    'python.lang.security.audit.hardcoded-api-key': 'warning',
+    'generic.secrets.security.hardcoded-password': 'warning',
+    'generic.secrets.security.hardcoded-api-key': 'warning',
+
+    # INFO - informational / hygiene / low-risk patterns
+    'weak-hash-md5': 'info',
+    'weak-hash-sha1': 'info',
+    'weak-hash': 'info',
+    'weak-cipher': 'info',
+    'weak-cipher-des': 'info',
+    'ecb-mode': 'info',
+    'weak-random': 'info',
+    'insecure-random': 'info',
+    'insecure-hash-md5': 'info',
+    'insecure-hash-sha1': 'info',
+    'insecure-memset': 'info',
+    'strtok-usage': 'info',
+    'insecure-tempfile': 'info',
+    'unchecked-return': 'info',
+    'unsafe-block': 'info',
+    'unwrap-usage': 'info',
+    'raw-pointer-deref': 'info',
+    'panic-usage': 'info',
+    'compile-detected': 'info',
+    'scanf-usage': 'info',
+}
+
+# Confidence classification by rule ID
+CONFIDENCE_MAP = {
+    # HIGH - very specific patterns, low false-positive rate
+    'sql-injection-db-cursor': 'HIGH',
+    'sql-injection-using-sqlalchemy': 'HIGH',
+    'sql-injection-sqlcommand': 'HIGH',
+    'sql-injection-sqlquery': 'HIGH',
+    'sql-injection-concat': 'HIGH',
+    'format-string-printf': 'HIGH',
+    'format-string-syslog': 'HIGH',
+    'pickle-load': 'HIGH',
+    'eval-detected': 'HIGH',
+    'eval-usage': 'HIGH',
+    'exec-detected': 'HIGH',
+    'child-process-exec': 'HIGH',
+    'dangerous-subprocess-use': 'HIGH',
+    'dangerous-system-call': 'HIGH',
+    'hardcoded-password': 'HIGH',
+    'hardcoded-connection-string': 'HIGH',
+    'aws-access-key-id': 'HIGH',
+    'github-pat': 'HIGH',
+    'stripe-api-key': 'HIGH',
+    'private-key-rsa': 'HIGH',
+    'openai-api-key': 'HIGH',
+    'unsafe-unserialize': 'HIGH',
+    'backticks-exec': 'HIGH',
+    'preg-code-exec': 'HIGH',
+    'file-inclusion': 'HIGH',
+    'gets-usage': 'HIGH',
+    'insecure-deserialization-binaryformatter': 'HIGH',
+    'insecure-deserialization-xmlserializer': 'HIGH',
+
+    # LOW - broad patterns with high false-positive rate
+    'compile-detected': 'LOW',
+    'unsafe-block': 'LOW',
+    'unwrap-usage': 'LOW',
+    'insecure-memset': 'LOW',
+    'strtok-usage': 'LOW',
+    'unchecked-return': 'LOW',
+    'scanf-usage': 'LOW',
+    'panic-usage': 'LOW',
+    'raw-pointer-deref': 'LOW',
+    'insecure-random': 'LOW',
+    'weak-random': 'LOW',
+    'insecure-hash-md5': 'LOW',
+    'insecure-hash-sha1': 'LOW',
+    'weak-hash-md5': 'LOW',
+    'weak-hash-sha1': 'LOW',
+    'weak-hash': 'LOW',
+    'database-url': 'LOW',
+
+    # Everything else defaults to MEDIUM
+}
+
+
 def _make_finding(rule_id: str, line_idx: int, line: str, col_start: int = 0, col_end: Optional[int] = None,
-                  message: Optional[str] = None, severity: str = "warning") -> Dict:
+                  message: Optional[str] = None, severity: Optional[str] = None,
+                  confidence: Optional[str] = None) -> Dict:
     if col_end is None:
         col_end = max(col_start + 1, len(line.rstrip("\n")))
+    if severity is None:
+        severity = SEVERITY_MAP.get(rule_id, "warning")
+    if confidence is None:
+        confidence = CONFIDENCE_MAP.get(rule_id, "MEDIUM")
     return {
         "ruleId": rule_id,
         "message": message or f"[Regex] {rule_id}",
@@ -22,6 +219,7 @@ def _make_finding(rule_id: str, line_idx: int, line: str, col_start: int = 0, co
         "endColumn": col_end,
         "length": max(0, col_end - col_start),
         "severity": severity,
+        "confidence": confidence,
         "metadata": {"source": "regex-fallback"},
         "metavariables": {},
     }

package/scripts/postinstall.js

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+/**
+ * postinstall.js - Attempt to install Python dependencies for tree-sitter AST engine.
+ * If installation fails, the scanner gracefully falls back to regex-only mode.
+ */
+import { execFileSync } from "child_process";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const requirementsPath = join(__dirname, "..", "requirements.txt");
+
+try {
+  execFileSync("python3", ["-m", "pip", "install", "-r", requirementsPath, "--user", "--quiet"], {
+    timeout: 120000,
+    stdio: "inherit",
+  });
+  console.log("[postinstall] Python dependencies installed - AST engine enabled.");
+} catch {
+  console.log(
+    "[postinstall] Could not install Python dependencies (tree-sitter).\n" +
+    "             The scanner will run in regex-only mode, which still catches common vulnerabilities.\n" +
+    "             To enable AST analysis later, run: python3 -m pip install -r requirements.txt"
+  );
+}

package/src/cli/init-hooks.js

@@ -0,0 +1,164 @@
+// src/cli/init-hooks.js
+// CLI command: init-hooks
+// Installs Claude Code hooks for automatic security scanning on file write/edit.
+
+import { existsSync, readFileSync, writeFileSync, copyFileSync, mkdirSync } from 'fs';
+import { join } from 'path';
+
+const SCANNER_HOOK_MARKER = 'agent-security-scanner-mcp';
+
+function buildHooksConfig(withPromptGuard) {
+  const hooks = {
+    'post-tool-use': [
+      {
+        matcher: 'Write|Edit|MultiEdit',
+        command: `npx agent-security-scanner-mcp scan-security "$TOOL_INPUT_FILE_PATH" --verbosity minimal`,
+      },
+    ],
+  };
+
+  if (withPromptGuard) {
+    hooks['pre-tool-use'] = [
+      {
+        matcher: 'Bash',
+        command: `npx agent-security-scanner-mcp scan-prompt "$TOOL_INPUT_COMMAND" --verbosity minimal`,
+      },
+    ];
+  }
+
+  return hooks;
+}
+
+function backupTimestamp() {
+  const d = new Date();
+  const pad = (n) => String(n).padStart(2, '0');
+  return `${d.getFullYear()}${pad(d.getMonth() + 1)}${pad(d.getDate())}-${pad(d.getHours())}${pad(d.getMinutes())}${pad(d.getSeconds())}`;
+}
+
+function parseFlags(args) {
+  const flags = { dryRun: false, path: null, withPromptGuard: false };
+  let i = 0;
+  while (i < args.length) {
+    const arg = args[i];
+    if (arg === '--dry-run') flags.dryRun = true;
+    else if (arg === '--path' && i + 1 < args.length) flags.path = args[++i];
+    else if (arg === '--with-prompt-guard') flags.withPromptGuard = true;
+    i++;
+  }
+  return flags;
+}
+
+function containsScannerHook(hooksObj) {
+  if (!hooksObj || typeof hooksObj !== 'object') return false;
+  for (const eventHooks of Object.values(hooksObj)) {
+    if (!Array.isArray(eventHooks)) continue;
+    if (eventHooks.some(h => h.command && h.command.includes(SCANNER_HOOK_MARKER))) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function mergeHooks(existingHooks, newHooks) {
+  const merged = { ...existingHooks };
+
+  for (const [event, hooks] of Object.entries(newHooks)) {
+    if (!merged[event]) {
+      merged[event] = hooks;
+      continue;
+    }
+
+    // Filter out existing scanner hooks for this event
+    const nonScanner = merged[event].filter(h =>
+      !h.command || !h.command.includes(SCANNER_HOOK_MARKER)
+    );
+
+    merged[event] = [...nonScanner, ...hooks];
+  }
+
+  return merged;
+}
+
+export async function runInitHooks(args) {
+  const flags = parseFlags(args);
+
+  console.log('\n  Agentic Security - Claude Code Hooks Setup\n');
+
+  const settingsDir = flags.path || join(process.cwd(), '.claude');
+  const settingsPath = join(settingsDir, 'settings.json');
+
+  console.log(`  Settings: ${settingsPath}`);
+  console.log(`  Prompt guard: ${flags.withPromptGuard ? 'enabled' : 'disabled (use --with-prompt-guard to enable)'}`);
+  console.log('');
+
+  const newHooks = buildHooksConfig(flags.withPromptGuard);
+
+  // Read existing settings
+  let existing = {};
+  let fileExisted = false;
+  if (existsSync(settingsPath)) {
+    fileExisted = true;
+    try {
+      existing = JSON.parse(readFileSync(settingsPath, 'utf-8'));
+    } catch (e) {
+      console.error(`  ERROR: Invalid JSON in ${settingsPath}`);
+      console.error(`  ${e.message}\n`);
+      process.exit(1);
+    }
+  }
+
+  if (containsScannerHook(existing.hooks)) {
+    console.log('  Scanner hooks already configured. Updating...');
+  }
+
+  // Merge hooks non-destructively
+  const mergedHooks = mergeHooks(existing.hooks || {}, newHooks);
+  const merged = { ...existing, hooks: mergedHooks };
+  const output = JSON.stringify(merged, null, 2) + '\n';
+
+  if (flags.dryRun) {
+    console.log('  [dry-run] Would write:\n');
+    console.log('  ' + output.split('\n').join('\n  '));
+    console.log('  No changes made.\n');
+    return;
+  }
+
+  if (!existsSync(settingsDir)) {
+    mkdirSync(settingsDir, { recursive: true });
+    console.log(`  Created directory: ${settingsDir}`);
+  }
+
+  if (fileExisted) {
+    const backupPath = `${settingsPath}.bak-${backupTimestamp()}`;
+    copyFileSync(settingsPath, backupPath);
+    console.log(`  Backup: ${backupPath}`);
+  }
+
+  writeFileSync(settingsPath, output);
+  console.log(`  Wrote: ${settingsPath}\n`);
+
+  console.log('  Hooks installed:');
+  for (const [event, hooks] of Object.entries(newHooks)) {
+    for (const hook of hooks) {
+      console.log(`    - [${event}] Matcher: ${hook.matcher}`);
+    }
+  }
+
+  console.log('\n  Security scanning is now automatic for file writes and edits.');
+  console.log('  Restart Claude Code for hooks to take effect.\n');
+
+  if (!existsSync(join(process.cwd(), '.scannerrc.yaml')) &&
+      !existsSync(join(process.cwd(), '.scannerrc.yml')) &&
+      !existsSync(join(process.cwd(), '.scannerrc.json'))) {
+    console.log('  Tip: Create a .scannerrc.yaml to customize scanning:');
+    console.log('');
+    console.log('    version: 1');
+    console.log('    suppress:');
+    console.log('      - rule: "insecure-random"');
+    console.log('    exclude:');
+    console.log('      - "node_modules/**"');
+    console.log('      - "dist/**"');
+    console.log('    severity_threshold: "warning"');
+    console.log('');
+  }
+}