Skip to content

AST-146911 - Hooks Update#1479

Open
cx-kedar-bhujade wants to merge 6 commits intomainfrom
AST-146911-hooks-update
Open

AST-146911 - Hooks Update#1479
cx-kedar-bhujade wants to merge 6 commits intomainfrom
AST-146911-hooks-update

Conversation

@cx-kedar-bhujade
Copy link
Copy Markdown

@cx-kedar-bhujade cx-kedar-bhujade commented Apr 22, 2026

Summary

Refactors the agent hooks feature to delegate guardrail logic (shell guard, secret scanning, MCP server) to the shared ast-cx-hooks library, and expands agent support from Cursor-only to five AI coding agents.

Changes

Agent Support Expansion

  • Before: Hook routes and install logic supported Cursor only
  • After: Supports Claude Code, Cursor, Windsurf, Factory Droid, and Gemini CLI — each with their own hook routes and installer

Guardrail Delegation

  • Before: Shell guard (CheckShellCommand) and secret scanning (ScanForSecrets) were implemented directly in agenthooks.go; registerGuardrails() / registerPassThrough() lived here too
  • After: All logic moved to github.com/CheckmarxDev/ast-cx-hooks/cx; agenthooks.go calls cxhooks.RegisterGuardrails() / cxhooks.RegisterPassThrough()

MCP Server

  • Before: MCP server implemented in internal/commands/mcp/ using github.com/mark3labs/mcp-go
  • After: internal/commands/mcp/ package deleted; MCP server from github.com/CheckmarxDev/ast-cx-hooks/mcp used instead (backed by the official modelcontextprotocol/go-sdk)

Install Command

  • Before: cx hooks agenthooks install patched only ~/.cursor/hooks.json
  • After: Installs for all five agents by default; per-agent subcommands (install claude, install cursor, etc.) delegate to cxhooks.Installers[agent]

Dependencies (go.mod)

  • Removed: github.com/mark3labs/mcp-go
  • Added: github.com/modelcontextprotocol/go-sdk (indirect), github.com/segmentio/asm, github.com/segmentio/encoding
  • Updated: golang-jwt/jwt/v5 v5.2.2 → v5.3.1, various golang.org/x/* packages

Flow Diagram

Before

sequenceDiagram
  participant Agent as Cursor
  participant CLI as cx hooks <route>
  participant AH as agenthooks.go
  Agent->>CLI: hook event (stdin JSON)
  CLI->>AH: registerGuardrails() [local impl]
  AH->>AH: CheckShellCommand / ScanForSecrets
  AH-->>Agent: verdict JSON (stdout)
Loading

After

sequenceDiagram
  participant Agent as Any Agent (Claude/Cursor/Windsurf/Droid/Gemini)
  participant CLI as cx hooks <route>
  participant AH as agenthooks.go
  participant Lib as ast-cx-hooks/cx
  Agent->>CLI: hook event (stdin JSON)
  CLI->>AH: isLicensed() check
  AH->>Lib: cxhooks.RegisterGuardrails()
  Lib->>Lib: shell guard + secret scan (library impl)
  Lib-->>Agent: verdict JSON (stdout)
Loading

Testing

  • Existing unit tests in internal/commands/ cover hook dispatch routing
  • Shell guard and secret scanning logic is tested in the ast-cx-hooks library
  • Run ./internal/commands/.scripts/up.sh for local unit tests

cx-amol-mane and others added 6 commits March 23, 2026 17:40
@cx-amol-mane
Implement unified agent hooks for AI coding agents and enhance hooks …
affb391 
…command functionality

- Added new `agenthooks.go` file to manage hooks for AI agents (Claude, Cursor, Windsurf, Factory Droid, Gemini).
- Introduced unified event handlers for agent idle states, tool calls, file writes, and user prompts.
- Updated `hooks.go` to include management commands for agent hooks and integrated hidden dispatch commands for routing.
- Updated `go.mod` and `go.sum` to include new dependencies and version upgrades for existing packages.
@cx-hitesh-madgulkar
promptGuardRail
d591b05
@cx-hitesh-madgulkar
shellGuardRail
1e003cc
@cx-amol-mane
Integrate MCP server functionality with security guardrails
72b30fa 
- Added new MCP command to start a Model Context Protocol server for AI assistant integration.
- Implemented shell and prompt guard tools to check commands and scan for secrets, respectively.
- Updated `agenthooks.go` to utilize the new guardrail functions.
- Modified `go.mod` and `go.sum` to include new dependencies for MCP functionality.
@cx-amol-mane
Refactor agenthooks.go to focus on Cursor agent hooks
cef4083 
- Updated comments and command descriptions to reflect that the hook functionality is specific to the Cursor agent.
- Removed unused agent installation functions for Claude, Windsurf, and Factory Droid, streamlining the installation process to only configure Cursor hooks.
- Adjusted the hook dispatch commands to exclusively handle Cursor events, enhancing clarity and maintainability.
@cx-kedar-bhujade @claude
Refactor agent hooks to delegate to ast-cx-hooks library and expand m…
19443e4 
…ulti-agent support

Moves guardrail logic (shell guard, secret scanning, MCP server) out of ast-cli into
the shared ast-cx-hooks library, and expands hook support from Cursor-only to Claude Code,
Cursor, Windsurf, Factory Droid, and Gemini CLI.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cx-anurag-dalke cx-anurag-dalke Awaiting requested review from cx-anurag-dalke cx-anurag-dalke is a code owner

@cx-anjali-deore cx-anjali-deore Awaiting requested review from cx-anjali-deore cx-anjali-deore is a code owner

@cx-umesh-waghode cx-umesh-waghode Awaiting requested review from cx-umesh-waghode cx-umesh-waghode is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cx-kedar-bhujade @cx-amol-mane @cx-hitesh-madgulkar