Ship IntentGuard as a native hook for Claude Code, Copilot, and Cursor

[temp-noob]

Why

This is the single most important strategic issue.

Claude Code, GitHub Copilot, and Cursor all now ship native hooks (PreToolUse/PostToolUse). Instead of competing with hooks, IntentGuard should become the brain that hooks call. This flips the competitive threat into a distribution channel.

What

Create a CLI command intent-guard evaluate that:

• Reads hook input JSON from stdin (tool name, arguments, context)
• Runs the full IntentGuard evaluation pipeline (static + semantic)
• Exits 0 (allow) or 1 (block), with JSON verdict on stdout

Ship ready-to-use hook configs for all three platforms.

Acceptance Criteria

• intent-guard evaluate --policy <path> CLI command
• Reads stdin JSON matching each platform's hook input format
• Returns structured JSON verdict on stdout
• Exit code 0 = allow, 1 = block
• Example hook configs shipped in hooks/ directory:
  • hooks/claude-code/settings.json — PreToolUse command hook calling intent-guard
  • hooks/copilot/hooks.json — preToolUse hook
  • hooks/cursor/hooks.json — pre-tool hook
• Documentation: "Use IntentGuard with Claude Code in 2 minutes"
• Tests: end-to-end hook simulation

Strategic context

• Hooks are commoditized static interception. IntentGuard adds semantic intelligence on top.
• IntentGuard's externalized policy is immune to CVE-2025-59536-class supply chain attacks (malicious repo configs auto-executing). Blog/README should highlight this.
• This is how IntentGuard reaches developers who would otherwise just use built-in hooks.

Supersedes #22 (non-MCP agent support) with a pragmatic approach.