ggshield secret scan ai-hook

Description

Scan AI coding tool hook events for secrets. This command is called automatically by AI coding tools (Cursor, Claude Code, VS Code with GitHub Copilot) when ggshield is installed as a hook.

ggshield secret scan ai-hook [OPTIONS]

The command reads a JSON hook event from stdin, scans its content for secrets, and returns a JSON response. The response format is adapted automatically based on the calling tool.

This command is not intended to be called manually. It is invoked by the AI coding tool's hook system. To set up the hooks, use ggshield install with the -t flag.

Options

This command does not have specific options. It reads a JSON hook event from stdin and returns a JSON response.

This command supports all ggshield global options.

Exit codes

In normal operation, this command always returns exit code 0. The block or allow decision is communicated through a JSON payload in stdout, which the AI coding tool uses to display feedback in its UI.

If ggshield cannot identify the calling AI coding tool, it falls back to standard exit codes:

0: No secrets found.
1: An error occurred during scanning.
2: Secrets were found.

ggshield secret scan ai-hook

Description

Options

Exit codes

See also

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Description​

Options​

Exit codes​

See also​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Options

Exit codes

See also