integrations
Gemini CLI Use Gemini CLI hooks to check brin before installing packages
Gemini CLI's hooks system lets you intercept agent tool calls. Use the BeforeTool hook to check brin before any package install command runs.
1. Create .gemini/settings.json:
{ "hooks" : { "BeforeTool" : [ { "matcher" : "shell|bash|run_shell_command" , "hooks" : [ { "name" : "brin-check" , "type" : "command" , "command" : "$GEMINI_PROJECT_DIR/.gemini/hooks/brin-check.sh" , "timeout" : 5000 } ] } ] } } 2. Create .gemini/hooks/brin-check.sh:
#!/bin/bash input = $( cat ) cmd = $( echo " $input " | jq -r '.input.command // .input.args.command // empty' )
# Match install commands if [[ " $cmd " =~ ^(npm \ (i | install | add) | yarn \ add | pnpm \ (add | i) | bun \ (add | i) | pip \ install | cargo \ add) \ (. + )$ ]]; then pkg = "${ BASH_REMATCH [4]}"
# Detect origin if [[ " $cmd " =~ ^pip ]]; then origin = "pypi" elif [[ " $cmd " =~ ^cargo ]]; then origin = "crate" else origin = "npm" fi
# Check brin using response headers for speed verdict = $( curl -sf -o /dev/null -w "%header{x-brin-verdict}" "https://api.brin.sh/${ origin }/${ pkg }" )
if [[ " $verdict " == "dangerous" || " $verdict " == "suspicious" ]]; then score = $( curl -sf -o /dev/null -w "%header{x-brin-score}" "https://api.brin.sh/${ origin }/${ pkg }" ) jq -n --arg v " $verdict " --arg s " $score " --arg p " $pkg " \ '{decision:"block", reason:"brin: \($p) is \($v) (score: \($s)). Do not install."}' else echo '{"decision":"allow"}' fi else echo '{"decision":"allow"}' fi 3. Make it executable:
chmod +x .gemini/hooks/brin-check.sh The hook reads x-brin-verdict and x-brin-score from curl response headers. Only valid JSON may be written to stdout — write any debug output to stderr. If brin is unreachable, the hook allows the command through.
To apply to all projects, add the configuration to ~/.gemini/settings.json and reference an absolute path for the hook script.