CM-58331-support-claude-code

Author: Ilanlido

cycode/cli/apps/ai_guardrails/consts.py

@@ -2,12 +2,7 @@
 
 Currently supports:
 - Cursor
-
-To add a new IDE (e.g., Claude Code):
-1. Add new value to AIIDEType enum
-2. Create _get_<ide>_hooks_dir() function with platform-specific paths
-3. Add entry to IDE_CONFIGS dict with IDE-specific hook event names
-4. Unhide --ide option in commands (install, uninstall, status)
+- Claude Code
 """
 
 import platform
@@ -20,6 +15,7 @@ class AIIDEType(str, Enum):
     """Supported AI IDE types."""
 
     CURSOR = 'cursor'
+    CLAUDE_CODE = 'claude-code'
 
 
 class IDEConfig(NamedTuple):
@@ -42,6 +38,14 @@ def _get_cursor_hooks_dir() -> Path:
     return Path.home() / '.config' / 'Cursor'
 
 
+def _get_claude_code_hooks_dir() -> Path:
+    """Get Claude Code hooks directory.
+
+    Claude Code uses ~/.claude on all platforms.
+    """
+    return Path.home() / '.claude'
+
+
 # IDE-specific configurations
 IDE_CONFIGS: dict[AIIDEType, IDEConfig] = {
     AIIDEType.CURSOR: IDEConfig(
@@ -51,6 +55,13 @@ def _get_cursor_hooks_dir() -> Path:
         hooks_file_name='hooks.json',
         hook_events=['beforeSubmitPrompt', 'beforeReadFile', 'beforeMCPExecution'],
     ),
+    AIIDEType.CLAUDE_CODE: IDEConfig(
+        name='Claude Code',
+        hooks_dir=_get_claude_code_hooks_dir(),
+        repo_hooks_subdir='.claude',
+        hooks_file_name='settings.json',
+        hook_events=['UserPromptSubmit', 'PreToolUse'],
+    ),
 }
 
 # Default IDE
@@ -60,6 +71,47 @@ def _get_cursor_hooks_dir() -> Path:
 CYCODE_SCAN_PROMPT_COMMAND = 'cycode ai-guardrails scan'
 
 
+def _get_cursor_hooks_config() -> dict:
+    """Get Cursor-specific hooks configuration."""
+    config = IDE_CONFIGS[AIIDEType.CURSOR]
+    hooks = {event: [{'command': CYCODE_SCAN_PROMPT_COMMAND}] for event in config.hook_events}
+
+    return {
+        'version': 1,
+        'hooks': hooks,
+    }
+
+
+def _get_claude_code_hooks_config() -> dict:
+    """Get Claude Code-specific hooks configuration.
+
+    Claude Code uses a different hook format with nested structure:
+    - hooks are arrays of objects with 'hooks' containing command arrays
+    - PreToolUse uses 'matcher' field to specify which tools to intercept
+    """
+    command = f'{CYCODE_SCAN_PROMPT_COMMAND} --ide claude-code'
+
+    return {
+        'hooks': {
+            'UserPromptSubmit': [
+                {
+                    'hooks': [{'type': 'command', 'command': command}],
+                }
+            ],
+            'PreToolUse': [
+                {
+                    'matcher': 'Read',
+                    'hooks': [{'type': 'command', 'command': command}],
+                },
+                {
+                    'matcher': 'mcp__.*',
+                    'hooks': [{'type': 'command', 'command': command}],
+                },
+            ],
+        },
+    }
+
+
 def get_hooks_config(ide: AIIDEType) -> dict:
     """Get the hooks configuration for a specific IDE.
 
@@ -69,10 +121,6 @@ def get_hooks_config(ide: AIIDEType) -> dict:
     Returns:
         Dict with hooks configuration for the specified IDE
     """
-    config = IDE_CONFIGS[ide]
-    hooks = {event: [{'command': CYCODE_SCAN_PROMPT_COMMAND}] for event in config.hook_events}
-
-    return {
-        'version': 1,
-        'hooks': hooks,
-    }
+    if ide == AIIDEType.CLAUDE_CODE:
+        return _get_claude_code_hooks_config()
+    return _get_cursor_hooks_config()

cycode/cli/apps/ai_guardrails/hooks_manager.py

@@ -59,9 +59,27 @@ def save_hooks_file(hooks_path: Path, hooks_config: dict) -> bool:
 
 
 def is_cycode_hook_entry(entry: dict) -> bool:
-    """Check if a hook entry is from cycode-cli."""
+    """Check if a hook entry is from cycode-cli.
+
+    Handles both Cursor format (flat) and Claude Code format (nested).
+
+    Cursor format: {"command": "cycode ai-guardrails scan"}
+    Claude Code format: {"hooks": [{"type": "command", "command": "cycode ai-guardrails scan --ide claude-code"}]}
+    """
+    # Check Cursor format (flat command)
     command = entry.get('command', '')
-    return CYCODE_SCAN_PROMPT_COMMAND in command
+    if CYCODE_SCAN_PROMPT_COMMAND in command:
+        return True
+
+    # Check Claude Code format (nested hooks array)
+    hooks = entry.get('hooks', [])
+    for hook in hooks:
+        if isinstance(hook, dict):
+            hook_command = hook.get('command', '')
+            if CYCODE_SCAN_PROMPT_COMMAND in hook_command:
+                return True
+
+    return False
 
 
 def install_hooks(

cycode/cli/apps/ai_guardrails/scan/handlers.py

@@ -59,25 +59,19 @@ def handle_before_submit_prompt(ctx: typer.Context, payload: AIHookPayload, poli
     try:
         violation_summary, scan_id = _scan_text_for_secrets(ctx, clipped, timeout_ms)
 
-        if (
-            violation_summary
-            and get_policy_value(prompt_config, 'action', default='block') == 'block'
-            and mode == 'block'
-        ):
-            outcome = AIHookOutcome.BLOCKED
+        if violation_summary:
             block_reason = BlockReason.SECRETS_IN_PROMPT
-            user_message = f'{violation_summary}. Remove secrets before sending.'
-            response = response_builder.deny_prompt(user_message)
-        else:
-            if violation_summary:
-                outcome = AIHookOutcome.WARNED
-            response = response_builder.allow_prompt()
-        return response
+            if get_policy_value(prompt_config, 'action', default='block') == 'block' and mode == 'block':
+                outcome = AIHookOutcome.BLOCKED
+                user_message = f'{violation_summary}. Remove secrets before sending.'
+                return response_builder.deny_prompt(user_message)
+            outcome = AIHookOutcome.WARNED
+        return response_builder.allow_prompt()
     except Exception as e:
         outcome = (
             AIHookOutcome.ALLOWED if get_policy_value(policy, 'fail_open', default=True) else AIHookOutcome.BLOCKED
         )
-        block_reason = BlockReason.SCAN_FAILURE if outcome == AIHookOutcome.BLOCKED else None
+        block_reason = BlockReason.SCAN_FAILURE
         raise e
     finally:
         ai_client.create_event(
@@ -116,36 +110,50 @@ def handle_before_read_file(ctx: typer.Context, payload: AIHookPayload, policy:
 
     try:
         # Check path-based denylist first
-        if is_denied_path(file_path, policy) and action == 'block':
-            outcome = AIHookOutcome.BLOCKED
+        if is_denied_path(file_path, policy):
             block_reason = BlockReason.SENSITIVE_PATH
-            user_message = f'Cycode blocked sending {file_path} to the AI (sensitive path policy).'
-            return response_builder.deny_permission(
+            if mode == 'block' and action == 'block':
+                outcome = AIHookOutcome.BLOCKED
+                user_message = f'Cycode blocked sending {file_path} to the AI (sensitive path policy).'
+                return response_builder.deny_permission(
+                    user_message,
+                    'This file path is classified as sensitive; do not read/send it to the model.',
+                )
+            # Warn mode - ask user for permission
+            outcome = AIHookOutcome.WARNED
+            user_message = f'Cycode flagged {file_path} as sensitive. Allow reading?'
+            return response_builder.ask_permission(
                 user_message,
-                'This file path is classified as sensitive; do not read/send it to the model.',
+                'This file path is classified as sensitive; proceed with caution.',
             )
 
         # Scan file content if enabled
         if get_policy_value(file_read_config, 'scan_content', default=True):
             violation_summary, scan_id = _scan_path_for_secrets(ctx, file_path, policy)
-            if violation_summary and action == 'block' and mode == 'block':
-                outcome = AIHookOutcome.BLOCKED
+            if violation_summary:
                 block_reason = BlockReason.SECRETS_IN_FILE
-                user_message = f'Cycode blocked reading {file_path}. {violation_summary}'
-                return response_builder.deny_permission(
+                if mode == 'block' and action == 'block':
+                    outcome = AIHookOutcome.BLOCKED
+                    user_message = f'Cycode blocked reading {file_path}. {violation_summary}'
+                    return response_builder.deny_permission(
+                        user_message,
+                        'Secrets detected; do not send this file to the model.',
+                    )
+                # Warn mode - ask user for permission
+                outcome = AIHookOutcome.WARNED
+                user_message = f'Cycode detected secrets in {file_path}. {violation_summary}'
+                return response_builder.ask_permission(
                     user_message,
-                    'Secrets detected; do not send this file to the model.',
+                    'Possible secrets detected; proceed with caution.',
                 )
-            if violation_summary:
-                outcome = AIHookOutcome.WARNED
             return response_builder.allow_permission()
 
         return response_builder.allow_permission()
     except Exception as e:
         outcome = (
             AIHookOutcome.ALLOWED if get_policy_value(policy, 'fail_open', default=True) else AIHookOutcome.BLOCKED
         )
-        block_reason = BlockReason.SCAN_FAILURE if outcome == AIHookOutcome.BLOCKED else None
+        block_reason = BlockReason.SCAN_FAILURE
         raise e
     finally:
         ai_client.create_event(
@@ -192,9 +200,9 @@ def handle_before_mcp_execution(ctx: typer.Context, payload: AIHookPayload, poli
         if get_policy_value(mcp_config, 'scan_arguments', default=True):
             violation_summary, scan_id = _scan_text_for_secrets(ctx, clipped, timeout_ms)
             if violation_summary:
+                block_reason = BlockReason.SECRETS_IN_MCP_ARGS
                 if mode == 'block' and action == 'block':
                     outcome = AIHookOutcome.BLOCKED
-                    block_reason = BlockReason.SECRETS_IN_MCP_ARGS
                     user_message = f'Cycode blocked MCP tool call "{tool}". {violation_summary}'
                     return response_builder.deny_permission(
                         user_message,
@@ -211,7 +219,7 @@ def handle_before_mcp_execution(ctx: typer.Context, payload: AIHookPayload, poli
         outcome = (
             AIHookOutcome.ALLOWED if get_policy_value(policy, 'fail_open', default=True) else AIHookOutcome.BLOCKED
         )
-        block_reason = BlockReason.SCAN_FAILURE if outcome == AIHookOutcome.BLOCKED else None
+        block_reason = BlockReason.SCAN_FAILURE
         raise e
     finally:
         ai_client.create_event(