Add one-command security tools setup and pre-push scanning (#1185)

* feat(security): add /setup-security-tools and pre-push scanning

One command to set up AgentShield, zizmor, and Socket Firewall.
Downloads binaries with SHA-256 verification, creates PATH shims
(bash + Windows .cmd), and adds blocking scans to pre-push hook.

* fix(security): address review feedback on setup-security-tools

- Remove GIT_SSL_NO_VERIFY=true from SFW free shims (MITM risk)
- Remove dead sha256File function and unused createReadStream/createHash imports
- Fix pre-push: skip scan when no baseline exists instead of scanning all history
- Fix pre-push: use remote_sha..local_sha for existing branches to avoid
  re-scanning already-pushed commits

* fix(security): use $remote var, remove dead code, fix setupSfw return

* fix(security): address round-2 review feedback

- Use $remote variable instead of hardcoded 'origin' in pre-push hook
- Remove unused YELLOW color variable
- Return false from setupSfw when no shims were created
- Add sync note referencing .husky/security-checks.sh

* fix(security): add API key env file loading to Windows enterprise shims

Windows .cmd shims for enterprise SFW had no equivalent of the bash
shim's .env.local/.env file reading logic. Enterprise features would
silently fail unless SOCKET_API_KEY was set as an OS-level env variable.

* fix(security): redirect stdin for pre-checks, fix rebase suggestion

- Redirect agentshield and zizmor stdin from /dev/null to prevent them
  from consuming git's ref data pipe, which would cause the while-read
  loop to silently iterate zero times
- Use computed range base instead of $remote_sha in rebase suggestion
  so new-branch pushes don't print the zero SHA

* fix: pin SFW version in download URL and fix shell range parsing

- SFW: Replace /releases/latest/download/ with pinned /releases/download/v1.6.1/
  to match hardcoded checksums. Latest URL breaks on new releases.
- pre-push: Fix ${range%..*} → ${range%%\.\.*} for correct base SHA extraction.

* refactor: load security tool config from external-tools.json

Extract hardcoded zizmor/sfw versions, checksums, platform maps, and
ecosystems into external-tools.json with Zod schema validation. Makes
tool updates a JSON edit instead of code changes.

Author: jdalton

.claude/commands/setup-security-tools.md

@@ -0,0 +1,38 @@
+Set up all Socket security tools for local development.
+
+## What this sets up
+
+1. **AgentShield** — scans Claude config for prompt injection and secrets
+2. **Zizmor** — static analysis for GitHub Actions workflows
+3. **SFW (Socket Firewall)** — intercepts package manager commands to scan for malware
+
+## Setup
+
+First, ask the user if they have a Socket API key for SFW enterprise features.
+
+If they do:
+1. Ask them to provide it
+2. Write it to `.env.local` as `SOCKET_API_KEY=<their-key>` (create if needed)
+3. Verify `.env.local` is in `.gitignore` — if not, add it and warn
+
+If they don't, proceed with SFW free mode.
+
+Then run:
+```bash
+node .claude/hooks/setup-security-tools/index.mts
+```
+
+After the script completes, add the SFW shim directory to PATH:
+```bash
+export PATH="$HOME/.socket/sfw/shims:$PATH"
+```
+
+## Notes
+
+- Safe to re-run (idempotent)
+- AgentShield needs `pnpm install` (it's a devDep)
+- Zizmor is cached at `~/.socket/zizmor/bin/`
+- SFW binary is cached via dlx at `~/.socket/_dlx/`
+- SFW shims are shared across repos at `~/.socket/sfw/shims/`
+- `.env.local` must NEVER be committed
+- `/update` will check for new versions of these tools via `node .claude/hooks/setup-security-tools/update.mts`

.claude/hooks/setup-security-tools/README.md

@@ -0,0 +1,73 @@
+# setup-security-tools Hook
+
+Sets up all three Socket security tools for local development in one command.
+
+## Tools
+
+### 1. AgentShield
+Scans your Claude Code configuration (`.claude/` directory) for security issues like prompt injection, leaked secrets, and overly permissive tool permissions.
+
+**How it's installed**: Already a devDependency (`ecc-agentshield`). The setup script just verifies it's available — if not, run `pnpm install`.
+
+### 2. Zizmor
+Static analysis tool for GitHub Actions workflows. Catches unpinned actions, secret exposure, template injection, and permission issues.
+
+**How it's installed**: Binary downloaded from [GitHub releases](https://github.com/woodruffw/zizmor/releases), SHA-256 verified, cached at `~/.socket/zizmor/bin/zizmor`. If you already have it via `brew install zizmor`, the download is skipped.
+
+### 3. SFW (Socket Firewall)
+Intercepts package manager commands (`npm install`, `pnpm add`, etc.) and scans packages against Socket.dev's malware database before installation.
+
+**How it's installed**: Binary downloaded from GitHub, SHA-256 verified, cached via the dlx system at `~/.socket/_dlx/`. Small wrapper scripts ("shims") are created at `~/.socket/sfw/shims/` that transparently route commands through the firewall.
+
+**Free vs Enterprise**: If you have a `SOCKET_API_KEY` (in env, `.env`, or `.env.local`), enterprise mode is used with additional ecosystem support (gem, bundler, nuget, go). Otherwise, free mode covers npm, yarn, pnpm, pip, uv, and cargo.
+
+## How to use
+
+```
+/setup-security-tools
+```
+
+Claude will ask if you have an API key, then run the setup script.
+
+## What gets installed where
+
+| Tool | Location | Persists across repos? |
+|------|----------|----------------------|
+| AgentShield | `node_modules/.bin/agentshield` | No (per-repo devDep) |
+| Zizmor | `~/.socket/zizmor/bin/zizmor` | Yes |
+| SFW binary | `~/.socket/_dlx/<hash>/sfw` | Yes |
+| SFW shims | `~/.socket/sfw/shims/npm`, etc. | Yes |
+
+## Pre-push integration
+
+The `.git-hooks/pre-push` hook automatically runs:
+- **AgentShield scan** (blocks push on failure)
+- **Zizmor scan** (blocks push on failure)
+
+This means every push is checked — you don't have to remember to run `/security-scan`.
+
+## Re-running
+
+Safe to run multiple times:
+- AgentShield: just re-checks availability
+- Zizmor: skips download if cached binary matches expected version
+- SFW: skips download if cached, only rewrites shims if content changed
+
+## Copying to another repo
+
+Self-contained. To add to another Socket repo:
+
+1. Copy `.claude/hooks/setup-security-tools/` and `.claude/commands/setup-security-tools.md`
+2. Run `cd .claude/hooks/setup-security-tools && npm install`
+3. Ensure `.claude/hooks/` is not gitignored (add `!/.claude/hooks/` to `.gitignore`)
+4. Ensure `ecc-agentshield` is a devDep in the target repo
+
+## Troubleshooting
+
+**"AgentShield not found"** — Run `pnpm install`. It's the `ecc-agentshield` devDependency.
+
+**"zizmor found but wrong version"** — The script downloads the expected version to `~/.socket/zizmor/bin/`. Your system version (e.g. from brew) will be ignored in favor of the correct version.
+
+**"No supported package managers found"** — SFW only creates shims for package managers found on your PATH. Install npm/pnpm/etc. first.
+
+**SFW shims not intercepting** — Make sure `~/.socket/sfw/shims` is at the *front* of PATH. Run `which npm` — it should point to the shim, not the real binary.

.claude/hooks/setup-security-tools/external-tools.json

@@ -0,0 +1,64 @@
+{
+  "description": "Security tools for Claude Code hooks (self-contained, no external deps)",
+  "tools": {
+    "zizmor": {
+      "description": "GitHub Actions security scanner",
+      "version": "1.23.1",
+      "repository": "woodruffw/zizmor",
+      "assets": {
+        "darwin-arm64": "zizmor-aarch64-apple-darwin.tar.gz",
+        "darwin-x64": "zizmor-x86_64-apple-darwin.tar.gz",
+        "linux-arm64": "zizmor-aarch64-unknown-linux-gnu.tar.gz",
+        "linux-x64": "zizmor-x86_64-unknown-linux-gnu.tar.gz",
+        "win32-x64": "zizmor-x86_64-pc-windows-msvc.zip"
+      },
+      "checksums": {
+        "zizmor-aarch64-apple-darwin.tar.gz": "2632561b974c69f952258c1ab4b7432d5c7f92e555704155c3ac28a2910bd717",
+        "zizmor-aarch64-unknown-linux-gnu.tar.gz": "3725d7cd7102e4d70827186389f7d5930b6878232930d0a3eb058d7e5b47e658",
+        "zizmor-x86_64-apple-darwin.tar.gz": "89d5ed42081dd9d0433a10b7545fac42b35f1f030885c278b9712b32c66f2597",
+        "zizmor-x86_64-pc-windows-msvc.zip": "33c2293ff02834720dd7cd8b47348aafb2e95a19bdc993c0ecaca9c804ade92a",
+        "zizmor-x86_64-unknown-linux-gnu.tar.gz": "67a8df0a14352dd81882e14876653d097b99b0f4f6b6fe798edc0320cff27aff"
+      }
+    },
+    "sfw-free": {
+      "description": "Socket Firewall (free tier)",
+      "version": "v1.6.1",
+      "repository": "SocketDev/sfw-free",
+      "platforms": {
+        "darwin-arm64": "macos-arm64",
+        "darwin-x64": "macos-x86_64",
+        "linux-arm64": "linux-arm64",
+        "linux-x64": "linux-x86_64",
+        "win32-x64": "windows-x86_64"
+      },
+      "checksums": {
+        "linux-arm64": "df2eedb2daf2572eee047adb8bfd81c9069edcb200fc7d3710fca98ec3ca81a1",
+        "linux-x86_64": "4a1e8b65e90fce7d5fd066cf0af6c93d512065fa4222a475c8d959a6bc14b9ff",
+        "macos-arm64": "bf1616fc44ac49f1cb2067fedfa127a3ae65d6ec6d634efbb3098cfa355e5555",
+        "macos-x86_64": "724ccea19d847b79db8cc8e38f5f18ce2dd32336007f42b11bed7d2e5f4a2566",
+        "windows-x86_64": "c953e62ad7928d4d8f2302f5737884ea1a757babc26bed6a42b9b6b68a5d54af"
+      },
+      "ecosystems": ["npm", "yarn", "pnpm", "pip", "uv", "cargo"]
+    },
+    "sfw-enterprise": {
+      "description": "Socket Firewall (enterprise tier)",
+      "version": "v1.6.1",
+      "repository": "SocketDev/firewall-release",
+      "platforms": {
+        "darwin-arm64": "macos-arm64",
+        "darwin-x64": "macos-x86_64",
+        "linux-arm64": "linux-arm64",
+        "linux-x64": "linux-x86_64",
+        "win32-x64": "windows-x86_64"
+      },
+      "checksums": {
+        "linux-arm64": "671270231617142404a1564e52672f79b806f9df3f232fcc7606329c0246da55",
+        "linux-x86_64": "9115b4ca8021eb173eb9e9c3627deb7f1066f8debd48c5c9d9f3caabb2a26a4b",
+        "macos-arm64": "acad0b517601bb7408e2e611c9226f47dcccbd83333d7fc5157f1d32ed2b953d",
+        "macos-x86_64": "01d64d40effda35c31f8d8ee1fed1388aac0a11aba40d47fba8a36024b77500c",
+        "windows-x86_64": "9a50e1ddaf038138c3f85418dc5df0113bbe6fc884f5abe158beaa9aea18d70a"
+      },
+      "ecosystems": ["npm", "yarn", "pnpm", "pip", "uv", "cargo", "gem", "bundler", "nuget"]
+    }
+  }
+}