hookd ● local-first AI governance
hookd intercepts prompts at the OS level — before they hit the network. Redact secrets, block leaks, and keep a tamper-evident log. No SDK. No cloud. Nothing leaves your machine unless you say so.
Unlike Langfuse, Portkey, or any cloud observability layer — hookd runs on your OS, not between your tool and a vendor relay.
Works with Claude Code · Cursor · Copilot · Ollama · GPT · Gemini · Gemini CLI · Codex CLI · Aider
Early builds ship to the list before public launch.
View the code on GitHub ↗$ claude code --write-code auth-middleware.go
[hookd] intercepted outbound → api.anthropic.com
✗ .env:3 AWS_SECRET_ACCESS_KEY=AKIA···
✗ .env:7 DATABASE_URL=postgres://prod:···
✗ src/config.go:14 STRIPE_SECRET=sk_live_···
→ BLOCKED policy: no-secrets ref: a3c2f9
prompt not sent · logged to ~/.hookd/audit.log
Apache 2.0
Open source
Read every line. The desktop tier is fully open.
OS-level
Pre-send hook
Kills the request before it hits the network — not after.
Zero egress
Local-first
Captured content never leaves your machine by default.
No SDK
Drop-in
No code changes. Install and it works.
Every prompt is a file read. Most engineers just haven't looked at what rides along.
Cursor sends your full file context. Claude Code sends your repo. The API key three lines above the function you're asking about goes with it.
Custom instructions and AI memory are advisory. Under context pressure or across sessions, the model deviates from its own rules. Governance that lives inside the model isn't governance.
SOC 2, HIPAA, and GDPR auditors want a tamper-evident record of what AI saw. SaaS LLM vendors do not give you one.
Native OS hooks. No SDK. No cloud. Works with any LLM your team talks to.
native OS hooks
Every prompt is intercepted at the OS level before it reaches the network. No SDK to install, no browser extension, no proxy server.
local classifier
A local rule set flags secrets, code fragments, and regulated identifiers. Rules live in your repo — versioned, reviewed, auditable.
allow · block · query
Every outcome — allow, redact, block — lands in the cockpit in real time and is written to the hash-chained log. Query the full history with the Knowledge API.
Live stream of every AI session. Intercept events, policy decisions, and cost ticks in real time — in a native desktop app. No log tailing.
Build redaction rules and block policies in a local GUI. Rules live in your repo — versioned, reviewed, auditable. No YAML required.
Track spend per session, actor, and project. Set hard limits before they blow up.
Detects AI tools running on your machine that you did not configure hookd to watch. Know your full exposure surface.
Tamper-evident audit answers GDPR access requests. Legal-hold flag. Tombstone entries on demand.
Query your session history. Full-text search over what was sent, blocked, or redacted.
Desktop is free forever. Team Server ships post-beta. Enterprise comes later.
Free
Apache 2.0
For individuals and small teams who want to run hookd on their own machine.
Post-beta
BSL 1.1
Shared policy + central audit for a team. Runs on your own server.
Later
Custom
For regulated industries that need compliance packaging and signed attestations.
License terms are audited on every release. FAQ →
Fresh AI features hookd already knows how to govern.
Track token spend per session, actor, and project. Set hard budget limits that block sends before they exceed the cap — not alerts after the fact.
Tamper-evident audit log answers GDPR subject access requests with real event data. Legal-hold flag prevents accidental deletion. Tombstone command nulls sensitive fields while preserving the chain integrity.
Live stream of every AI session event — intercepts, policy decisions, cost ticks — in a native desktop app. No log tailing or grep required.
Scans your config files and running processes for AI tools that are not registered with hookd. Surfaces your full exposure surface, not just the tools you already know about.
Build redaction rules and block policies in a local GUI. Rules are stored in your repo — versioned, reviewed, and auditable. No YAML to hand-edit.
Feed refreshed daily from the hookd intelligence pipeline.
Founder's note
I was directing Copilot on what not to include in generated code — security boundaries, what to redact, what to exclude. It was writing those instructions into its own memory. I thought I had controls in place. Then I noticed it deviating: context pressure, session resets, additional context crowding out the rules — I'm still not entirely sure why. The instructions were there. The AI chose not to follow them. You can't put enforcement inside the thing you're trying to constrain. That's why hookd works at the OS level.
Will Smith
M365 & email security admin · founder, OpsKern
Join the waitlist. Early builds ship before the public launch.