shk: A Local-First Security Guardrail CLI for AI Coding Agents

Secret scanning often starts at Git. AI coding agents can make that too late. They can read local files, summarize logs, run commands, and transform sensitive context before anything is committed. shk is a local-first CLI for that messy pre-commit space: scan secrets and PII, mask prompts, and install managed hooks for Claude Code, Cursor, and Codex. The problem is no longer just "secret reaches Git" Most secret-scanning workflows are built around a familiar boundary: stop credentials before the