Skip to main content

hookd · from OpsKern

Frequently asked

Why is the repo called hookd-core and the binary opskern-console and the product hookd?
OpsKern is the company that built hookd. "hookd" is the product name. "hookd-core" is the open-source repository at github.com/opskernel-io/hookd. "opskern-console" is the CLI binary — historical naming from when the CLI predated the product split. A "hookd" symlink shim is on the backlog so the public command matches the product name; until then, both names point at the same binary.
How is this different from a DLP or a proxy?
DLPs and proxies run after the request leaves the machine — they detect, then react. hookd intercepts the prompt at the OS level before the request is built, classifies it with a local ruleset, and either redacts, blocks, or allows. The send never happens until hookd decides.
Which LLMs and tools does it work with?
Claude Code, Cursor, GitHub Copilot, Ollama, GPT (via CLI), Gemini CLI, Codex CLI, and Aider on day one. The capture layer is vendor-neutral — any desktop or CLI client that talks HTTPS is reachable. If you use a tool not on this list, ask.
What platforms does hookd run on?
macOS (signed and notarized), Linux (AppImage, unsigned), and Windows (CI-verified build, unsigned pre-launch). Signed Windows builds are on the roadmap pending code-signing cert provisioning.
Does anything leave my machine?
No. The classifier, policy rules, and hash-chained audit log are all local. hookd does not send telemetry. The only network call from this site is your waitlist email, which goes to Buttondown.
What license is it under?
The desktop edition is Apache 2.0. Team Server (post-beta) will be BSL 1.1 with a two-year relicense to Apache 2.0. Enterprise licensing is custom. Each pricing tier lists the license explicitly — no surprises.
How do I get early access?
Join the waitlist. Early access is invite-only — we roll out to the list in small batches before public launch. Priority goes to teams in regulated industries (HIPAA, SOC 2, GDPR) and to individual developers using Claude Code or Cursor daily.
How does the audit trail work?
Every decision — allow, redact, block — is written to a hash-chained log. Each entry references the previous entry's hash, so a tampered entry invalidates every entry after it. The log is exportable for compliance review.
Can I run it air-gapped?
Yes. The desktop edition has no external network requirement. The planned Team Server adds signed attestations and a deploy kit for air-gapped environments.

← hookd home