Skip to main content

Local Development

Hardpoint is designed for developers who use AI coding assistants. Here’s how to integrate it into your daily workflow.

Installation

Go Install

go install github.com/dotsetlabs/hardpoint/cmd/hardpoint@latest

Binary Download

# macOS (Apple Silicon)
curl -sSL https://github.com/dotsetlabs/hardpoint/releases/latest/download/hardpoint_darwin_arm64.tar.gz | tar xz

# macOS (Intel)
curl -sSL https://github.com/dotsetlabs/hardpoint/releases/latest/download/hardpoint_darwin_amd64.tar.gz | tar xz

# Linux
curl -sSL https://github.com/dotsetlabs/hardpoint/releases/latest/download/hardpoint_linux_amd64.tar.gz | tar xz

Daily Workflow

Before Starting Work

Scan your environment for any issues: 
hardpoint scan

After Cloning a Repository

Check for suspicious files in new projects: 
cd new-project
hardpoint scan --path .

Before Committing

Ensure you’re not committing secrets or malicious patterns: 
hardpoint scan ai secrets --path .

Git Hook Integration

Pre-commit Hook

Add to .git/hooks/pre-commit: 
#!/bin/sh
# Run hardpoint on staged files
hardpoint scan --path . --severity high
if [ $? -ne 0 ]; then
    echo "Security issues detected. Fix before committing."
    exit 1
fi
Make executable: 
chmod +x .git/hooks/pre-commit

With pre-commit Framework

Add to .pre-commit-config.yaml: 
repos:
  - repo: local
    hooks:
      - id: hardpoint
        name: Hardpoint Security Scan
        entry: hardpoint scan --severity high --path .
        language: system
        pass_filenames: false

Editor Integration

VS Code Task

Add to .vscode/tasks.json: 
{
  "version": "2.0.0",
  "tasks": [
    {
      "label": "Hardpoint Scan",
      "type": "shell",
      "command": "hardpoint",
      "args": ["scan", "--path", "${workspaceFolder}"],
      "problemMatcher": [],
      "group": "build"
    }
  ]
}
Run with Cmd+Shift+P → “Tasks: Run Task” → “Hardpoint Scan”

Neovim

Add keybinding in your config: 
vim.keymap.set('n', '<leader>hs', ':!hardpoint scan --path .<CR>', { desc = 'Hardpoint scan' })

Watching for Changes

Run Hardpoint when files change: 
# Using fswatch (macOS)
fswatch -o . | xargs -n1 -I{} hardpoint scan --path . --quiet

# Using inotifywait (Linux)
while inotifywait -r -e modify .; do
    hardpoint scan --path . --quiet
done

Creating a Baseline

After initial scan, suppress known-safe findings: 
# Create baseline directory
mkdir -p .hardpoint

# Create baseline file
cat > .hardpoint/baseline.yaml << 'EOF'
suppressions:
  - id: SHELL-002
    pattern: "homebrew|nvm|rvm"
    reason: Known safe package managers
EOF
Add to your .bashrc or .zshrc: 
alias hp='hardpoint'
alias hps='hardpoint scan'
alias hpf='hardpoint fix'
alias hpq='hardpoint scan --quiet'

Periodic Full Scan

Set up a cron job for regular scans: 
# Every day at 9 AM
0 9 * * * /usr/local/bin/hardpoint scan > ~/.hardpoint/daily-scan.log 2>&1