integrations
Gemini CLI Add brin to Gemini CLI with a BeforeTool hook. Check every package install against brin before it runs.
Gemini CLI's hooks system lets you intercept agent tool calls. use the BeforeTool hook to check brin before any package install command runs.
1. Create .gemini/settings.json:
{ "hooks" : { "BeforeTool" : [ { "matcher" : "shell|bash|run_shell_command" , "hooks" : [ { "name" : "brin-check" , "type" : "command" , "command" : "$GEMINI_PROJECT_DIR/.gemini/hooks/brin-check.sh" , "timeout" : 5000 } ] } ] } } 2. Create .gemini/hooks/brin-check.sh:
#!/bin/bash input = $( cat ) cmd = $( echo " $input " | jq -r '.input.command // .input.args.command // empty' )
# Match install commands if [[ " $cmd " =~ ^(npm \ (i | install | add) | yarn \ add | pnpm \ (add | i) | bun \ (add | i) | pip \ install | cargo \ add) \ (. + )$ ]]; then pkg = "${ BASH_REMATCH [4]}"
# Detect origin if [[ " $cmd " =~ ^pip ]]; then origin = "pypi" elif [[ " $cmd " =~ ^cargo ]]; then origin = "crate" else origin = "npm" fi
# Check brin using response headers for speed verdict = $( curl -sf -o /dev/null -w "%header{x-brin-verdict}" "https://api.brin.sh/${ origin }/${ pkg }" )
if [[ " $verdict " == "dangerous" || " $verdict " == "suspicious" ]]; then score = $( curl -sf -o /dev/null -w "%header{x-brin-score}" "https://api.brin.sh/${ origin }/${ pkg }" ) jq -n --arg v " $verdict " --arg s " $score " --arg p " $pkg " \ '{decision:"block", reason:"brin: \($p) is \($v) (score: \($s)). Do not install."}' else echo '{"decision":"allow"}' fi else echo '{"decision":"allow"}' fi 3. Make it executable:
chmod +x .gemini/hooks/brin-check.sh the hook reads x-brin-verdict and x-brin-score from curl response headers. only valid JSON may be written to stdout — write debug output to stderr. if brin is unreachable, the hook allows the command through.
to apply to all projects, add the config to ~/.gemini/settings.json and reference an absolute path for the hook script.