feat(ai_hook): reduce coupling between verticals

Author: paulpetit-gg-ext

.importlinter

@@ -10,7 +10,7 @@ type = layers
 layers = 
 	ggshield.__main__
 	ggshield.cmd.auth | ggshield.cmd.config | ggshield.cmd.hmsl | ggshield.cmd.honeytoken | ggshield.cmd.install | ggshield.cmd.plugin | ggshield.cmd.quota | ggshield.cmd.secret | ggshield.cmd.status | ggshield.cmd.utils
-	ggshield.verticals.auth | ggshield.verticals.hmsl | ggshield.verticals.secret
+	ggshield.verticals.ai | ggshield.verticals.auth | ggshield.verticals.hmsl | ggshield.verticals.secret
 	ggshield.core
 	click | ggshield.utils | pygitguardian
 ignore_imports = 
@@ -33,6 +33,7 @@ source_modules =
 	ggshield.cmd.status
 	ggshield.cmd.utils
 forbidden_modules = 
+	ggshield.verticals.ai
 	ggshield.verticals.auth
 	ggshield.verticals.hmsl
 	ggshield.verticals.secret
@@ -46,6 +47,7 @@ ignore_imports =
 	ggshield.cmd.hmsl.** -> ggshield.verticals.hmsl.**
 	ggshield.cmd.honeytoken.** -> ggshield.verticals.honeytoken
 	ggshield.cmd.honeytoken.** -> ggshield.verticals.honeytoken.**
+	ggshield.cmd.install -> ggshield.verticals.ai.installation
 	ggshield.cmd.install.** -> ggshield.verticals.install
 	ggshield.cmd.install.** -> ggshield.verticals.install.**
 	ggshield.cmd.plugin.** -> ggshield.core.plugin
@@ -54,6 +56,7 @@ ignore_imports =
 	ggshield.cmd.quota.** -> ggshield.verticals.quota.**
 	ggshield.cmd.secret.** -> ggshield.verticals.secret
 	ggshield.cmd.secret.** -> ggshield.verticals.secret.**
+	ggshield.cmd.secret.scan.ai_hook -> ggshield.verticals.ai.hooks
 	ggshield.cmd.status.** -> ggshield.verticals.status
 	ggshield.cmd.status.** -> ggshield.verticals.status.**
 	ggshield.cmd.utils.** -> ggshield.verticals.utils

ggshield/cmd/secret/scan/ai_hook.py

@@ -10,8 +10,8 @@
 from ggshield.core import ui
 from ggshield.core.client import create_client_from_config
 from ggshield.core.scan import ScanContext, ScanMode
+from ggshield.verticals.ai.hooks import AIHookScanner
 from ggshield.verticals.secret import SecretScanner
-from ggshield.verticals.secret.ai_hook import AIHookScanner
 
 
 MAX_READ_SIZE = 1024 * 1024 * 10  # We restrict stdin read to 10MB

ggshield/core/scan/__init__.py

@@ -3,6 +3,7 @@
 from .scan_context import ScanContext
 from .scan_mode import ScanMode
 from .scannable import DecodeError, NonSeekableFileError, Scannable, StringScannable
+from .scanner import ResultsProtocol, ScannerProtocol, SecretProtocol
 
 
 __all__ = [
@@ -11,8 +12,11 @@
     "DecodeError",
     "File",
     "NonSeekableFileError",
+    "ResultsProtocol",
     "ScanContext",
     "ScanMode",
     "Scannable",
+    "ScannerProtocol",
+    "SecretProtocol",
     "StringScannable",
 ]

ggshield/core/scan/scanner.py

@@ -0,0 +1,50 @@
+"""
+Protocols for SecretScanner and its results,
+so that other verticals can use the scanner if they are provided one.
+"""
+
+from collections.abc import Sequence
+from typing import Iterable, Optional, Protocol
+
+from pygitguardian.models import Match
+
+from ggshield.core.scanner_ui import ScannerUI
+
+from . import Scannable
+
+
+class SecretProtocol(Protocol):
+    """Abstract base class for secrets.
+
+    We use getters instead of properties to have a .
+    """
+
+    @property
+    def detector_display_name(self) -> str: ...
+
+    @property
+    def validity(self) -> str: ...
+
+    @property
+    def matches(self) -> Sequence[Match]: ...
+
+
+class ResultProtocol(Protocol):
+    @property
+    def secrets(self) -> Sequence[SecretProtocol]: ...
+
+
+class ResultsProtocol(Protocol):
+    @property
+    def results(self) -> Sequence[ResultProtocol]: ...
+
+
+class ScannerProtocol(Protocol):
+    """Protocol for scanners."""
+
+    def scan(
+        self,
+        files: Iterable[Scannable],
+        scanner_ui: ScannerUI,
+        scan_threads: Optional[int] = None,
+    ) -> ResultsProtocol: ...

ggshield/verticals/ai/__init__.py

@@ -0,0 +1,10 @@
+from .agents import AGENTS
+from .hooks import AIHookScanner
+from .installation import install_hooks
+
+
+__all__ = [
+    "AGENTS",
+    "AIHookScanner",
+    "install_hooks",
+]

ggshield/verticals/ai/hooks.py

@@ -3,9 +3,16 @@
 import re
 from typing import Any, Dict, List, Sequence, Set
 
-from ggshield.verticals.ai.agents import Claude, Copilot, Cursor
+from notifypy import Notify
 
-from .models import Agent, EventType, HookPayload, Tool
+from ggshield.core.filter import censor_match
+from ggshield.core.scan import ScannerProtocol
+from ggshield.core.scan import SecretProtocol as Secret
+from ggshield.core.scanner_ui import create_message_only_scanner_ui
+from ggshield.core.text_utils import pluralize, translate_validity
+
+from .agents import Claude, Copilot, Cursor
+from .models import Agent, EventType, HookPayload, HookResult, Tool
 
 
 HOOK_NAME_TO_EVENT_TYPE = {
@@ -163,3 +170,168 @@ def _parse_user_prompt(
             )
         )
     return payloads
+
+
+class AIHookScanner:
+    """AI hook scanner.
+
+    It is called with the payload of a hook event.
+    Note that instead of having a base class with common method and a subclass per supported AI tool,
+    we instead have a single class which detects which protocol to use.
+    This is because some tools sloppily support hooks from others. For instance,
+    Cursor will call hooks defined in the Claude Code format, but send payload in its own format.
+    So we can't assume which tool will call us based on the command line/hook configuration only.
+
+    Raises:
+        ValueError: If the input is not valid.
+    """
+
+    def __init__(self, scanner: ScannerProtocol):
+        self.scanner = scanner
+
+    def scan(self, content: str) -> int:
+        """Scan the content, print the result and return the exit code."""
+
+        payloads = parse_hook_input(content)
+        result = self._scan_payloads(payloads)
+        payload = result.payload
+
+        # Special case: in post-tool use, the action is already done: at least notify the user
+        if result.block and payload.event_type == EventType.POST_TOOL_USE:
+            self._send_secret_notification(
+                result.nbr_secrets,
+                payload.tool or Tool.OTHER,
+                payload.agent.display_name,
+            )
+
+        return payload.agent.output_result(result)
+
+    def _scan_payloads(self, payloads: List[HookPayload]) -> HookResult:
+        """Scan payloads for secrets using the SecretScanner.
+
+        Returns:
+            The result of the first blocking payload, or a non-blocking result.
+            Raises a ValueError if the list is empty (we must have at least one to emit a result).
+        """
+        if not payloads:
+            raise ValueError("Error: no payloads to scan")
+        for payload in payloads:
+            result = self._scan_content(payload)
+            if result.block:
+                return result
+        return HookResult.allow(payloads[0])
+
+    def _scan_content(
+        self,
+        payload: HookPayload,
+    ) -> HookResult:
+        """Scan content for secrets using the SecretScanner."""
+        # Short path: if there is no content, no need to do an API call
+        if payload.empty:
+            return HookResult.allow(payload)
+
+        with create_message_only_scanner_ui() as scanner_ui:
+            results = self.scanner.scan([payload.scannable], scanner_ui=scanner_ui)
+        # Collect all secrets from results
+        secrets: List[Secret] = []
+        for result in results.results:
+            secrets.extend(result.secrets)
+
+        if not secrets:
+            return HookResult.allow(payload)
+
+        message = self._message_from_secrets(
+            secrets,
+            payload,
+            escape_markdown=True,
+        )
+        return HookResult(
+            block=True,
+            message=message,
+            nbr_secrets=len(secrets),
+            payload=payload,
+        )
+
+    @staticmethod
+    def _message_from_secrets(
+        secrets: List[Secret],
+        payload: HookPayload,
+        escape_markdown: bool = False,
+    ) -> str:
+        """
+        Format detected secrets into a user-friendly message.
+
+        Args:
+            secrets: List of detected secrets
+            payload: Text to display after the secrets output
+            escape_markdown: If True, escape asterisks to prevent markdown interpretation
+
+        Returns:
+            Formatted message describing the detected secrets
+        """
+        count = len(secrets)
+        header = f"**🚨 Detected {count} {pluralize('secret', count)} 🚨**"
+
+        secret_lines = []
+        for secret in secrets:
+            validity = translate_validity(secret.validity).lower()
+            if validity == "valid":
+                validity = f"**{validity}**"
+            match_str = ", ".join(censor_match(m) for m in secret.matches)
+            if escape_markdown:
+                match_str = match_str.replace("*", "•")
+            secret_lines.append(
+                f"  - {secret.detector_display_name} ({validity}): {match_str}"
+            )
+
+        if payload.tool == Tool.BASH:
+            if payload.event_type == EventType.POST_TOOL_USE:
+                message = "Secrets detected in the command output."
+            else:
+                message = (
+                    "Please remove the secrets from the command before executing it. "
+                    "Consider using environment variables or a secrets manager instead."
+                )
+        elif payload.tool == Tool.READ:
+            message = f"Please remove the secrets from {payload.identifier} before reading it."
+        elif payload.event_type == EventType.USER_PROMPT:
+            message = "Please remove the secrets from your prompt before submitting."
+        else:
+            message = (
+                "Please remove the secrets from the tool input before executing. "
+                "Consider using environment variables or a secrets manager instead."
+            )
+
+        secrets_block = "\n".join(secret_lines)
+        return f"{header}\n{secrets_block}\n\n{message}"
+
+    @staticmethod
+    def _send_secret_notification(
+        nbr_secrets: int, tool: Tool, agent_name: str
+    ) -> None:
+        """
+        Send desktop notification when secrets are detected.
+
+        Args:
+            nbr_secrets: Number of detected secrets
+            tool: Tool used to detect the secrets
+            agent_name: Name of the agent that detected the secrets
+        """
+        source = "using a tool"
+        if tool == Tool.READ:
+            source = "reading a file"
+        elif tool == Tool.BASH:
+            source = "running a command"
+        notification = Notify()
+        notification.title = "ggshield - Secrets Detected"
+        notification.message = (
+            f"{agent_name} got access to {nbr_secrets}"
+            f" {pluralize('secret', nbr_secrets)} by {source}"
+        )
+        notification.application_name = "ggshield"
+        try:
+            notification.send()
+        except Exception:
+            # This is best effort, we don't want to propagate an error
+            # if the notification fails.
+            pass

ggshield/verticals/ai/installation.py

@@ -80,11 +80,11 @@ def install_hooks(
     # Report what happened
     styled_path = click.style(settings_path, fg="yellow", bold=True)
     if stats.added == 0 and stats.already_present > 0:
-        click.echo(f"{agent.name} hooks already installed in {styled_path}")
+        click.echo(f"{agent.display_name} hooks already installed in {styled_path}")
     elif stats.added > 0 and stats.already_present > 0:
-        click.echo(f"{agent.name} hooks updated in {styled_path}")
+        click.echo(f"{agent.display_name} hooks updated in {styled_path}")
     else:
-        click.echo(f"{agent.name} hooks successfully added in {styled_path}")
+        click.echo(f"{agent.display_name} hooks successfully added in {styled_path}")
 
     return 0