fix: address CodeRabbit review — convert to PreToolUse, add type annotations, logging

Critical fixes: - Convert hook from PostToolUse to PreToolUse so exit(2) blocking works - Change all python references to python3 for cross-platform compat - Add insaits-security-wrapper.js to bridge run-with-flags.js to Python Standard fixes: - Wrap hook with run-with-flags.js so users can disable via ECC_DISABLED_HOOKS="pre:insaits-security" - Add "async": true to hooks.json entry - Add type annotations to all function signatures (Dict, List, Tuple, Any) - Replace all print() statements with logging module (stderr) - Fix silent OSError swallow in write_audit — now logs warning - Remove os.environ.setdefault('INSAITS_DEV_MODE') — pass dev_mode=True through monitor constructor instead - Update hooks/README.md: moved to PreToolUse table, "detects" not "catches", clarify blocking vs non-blocking behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-30 13:43:26 +08:00 · 2026-03-10 17:52:44 +01:00
parent 540f738cc7
commit 44dc96d2c6
5 changed files with 166 additions and 76 deletions
--- a/mcp-configs/mcp-servers.json
+++ b/mcp-configs/mcp-servers.json
@@ -90,7 +90,7 @@
      "description": "Filesystem operations (set your path)"
    },
    "insaits": {
-      "command": "python",
+      "command": "python3",
      "args": ["-m", "insa_its.mcp_server"],
      "description": "AI-to-AI security monitoring — anomaly detection, credential exposure, hallucination checks, forensic tracing. 23 anomaly types, OWASP MCP Top 10 coverage. 100% local. Install: pip install insa-its"
    }