coilysiren/cli-guard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
No description
75 commits 1 branch 0 tags 411 KiB
  • Go 99.7%
  • Shell 0.2%
  • Makefile 0.1%
Find a file
Exact
Kai Siren 7624dc05da
Some checks are pending
ci / test (push) Waiting to run
Details
ci / lint (push) Waiting to run
Details
ci / govulncheck (push) Waiting to run
Details
ci / docs (push) Waiting to run
Details
codeql / analyze (go) (push) Waiting to run
Details
pages / deploy (push) Blocked by required conditions
Details
pages / build (push) Waiting to run
Details
Merge branch 'dispatch/issue-87'
2026-05-21 05:02:01 -07:00
.agent-guard rename: update cross-repo refs after coilyco-ai to agentic-os-kai 2026-05-15 02:32:45 -07:00
.github chore(ci): remove codex-review-gate + undraft-and-poke-codex workflows 2026-05-16 15:42:01 -07:00
audit feat(repocfg): allow_metacharacters opt-in for user exec verbs, closes #81 2026-05-20 14:15:28 -07:00
config config: revert schema, keep only generic primitives 2026-05-14 04:56:59 -07:00
decision decision: absorb per-call profile-aware evaluator from coily 2026-05-14 04:53:04 -07:00
dispatch feat(dispatch): host the dispatch subsystem as a reusable cli-guard package 2026-05-21 04:59:19 -07:00
docs Merge branch 'dispatch/issue-87' 2026-05-21 05:02:01 -07:00
egress Add egress package: CONNECT proxy with consumer-supplied allowlist 2026-05-13 04:26:11 -07:00
examples feat(dispatch): host the dispatch subsystem as a reusable cli-guard package 2026-05-21 04:59:19 -07:00
exitcode exitcode: add Reason() to CodedError so consumers carry the why-line natively 2026-05-14 03:37:04 -07:00
ghcache feat(ghcache): MaybeServeMaxAge + classifier carries per-call max-age, closes #77 2026-05-20 15:28:27 -07:00
ghidcache ghidcache: cache gh auth status and gh api user at 1h TTL, closes #55 2026-05-15 00:23:35 -07:00
ghratelimit ghratelimit: retry gh CLI calls on rate-limit errors with exponential backoff, closes #66 2026-05-15 00:35:19 -07:00
gittree feat(gittree): expose DirtyPaths from porcelain output, closes #73 2026-05-17 17:20:51 -07:00
hook feat(hook): engine-level arbitrary-code-execution deny, closes #87 2026-05-21 05:01:32 -07:00
lockdown feat(hook): engine-level arbitrary-code-execution deny, closes #87 2026-05-21 05:01:32 -07:00
mcporter feat(mcporter): first-class package with pluggable SecretResolver, closes #78 2026-05-20 05:42:26 -07:00
passthrough feat(ghcache): MaybeServeMaxAge + classifier carries per-call max-age, closes #77 2026-05-20 15:28:27 -07:00
policy Match policy.ValidateArgSlice error string in godoc example 2026-05-13 06:19:29 -07:00
profile Add profile package with categorical operating-model axes 2026-05-13 21:55:13 -07:00
profiles profiles: absorb per-host lockdown profile registry from coily 2026-05-14 04:50:57 -07:00
repocfg feat(repocfg): add audit.egress opt-in for per-repo commands, closes #82 2026-05-20 14:18:11 -07:00
respfmt respfmt: absorb JSON-to-yaml/json/text/table renderer from coily 2026-05-14 04:39:22 -07:00
scope Scaffold cli-guard: extract framework primitives from coily/pkg/ 2026-05-13 04:25:19 -07:00
scripts feat(dispatch): host the dispatch subsystem as a reusable cli-guard package 2026-05-21 04:59:19 -07:00
shell Scaffold cli-guard: extract framework primitives from coily/pkg/ 2026-05-13 04:25:19 -07:00
skillgen skillgen: absorb command-tree renderer from coily 2026-05-14 04:42:22 -07:00
ssh ssh: adopt package from coily/pkg/ssh, closes #61 2026-05-14 18:24:44 -07:00
stscache stscache: cache aws sts get-caller-identity at 1h TTL 2026-05-14 07:29:40 -07:00
sudo sudo: absorb policy-free interactive-sudo plumbing from coily 2026-05-14 04:34:50 -07:00
ttlcache feat(ghcache): MaybeServeMaxAge + classifier carries per-call max-age, closes #77 2026-05-20 15:28:27 -07:00
verb audit + verb + repocfg: ssh-passthrough plumbing, closes #62 closes #63 2026-05-14 18:40:48 -07:00
workdir Scaffold cli-guard: extract framework primitives from coily/pkg/ 2026-05-13 04:25:19 -07:00
.gitignore Repository hygiene sweep: tier-A + CONTRIBUTING + godoc-current + auto-merge 2026-05-13 05:47:10 -07:00
.golangci.yaml feat(hook): engine-level arbitrary-code-execution deny, closes #87 2026-05-21 05:01:32 -07:00
.pre-commit-config.yaml chore: complete trifecta + re-enable catalog-doc-size + catalog-trifecta 2026-05-15 23:43:36 -07:00
AGENTS.md docs(AGENTS): trim historical-context framing per agentic-os-kai#574 2026-05-16 13:26:09 -07:00
CODE_OF_CONDUCT.md Adopt Contributor Covenant 2.1 as Code of Conduct 2026-05-13 05:31:35 -07:00
CONTRIBUTING.md Move .coily/coily.yaml to .agent-guard/agent-guard.yaml 2026-05-14 07:10:32 -07:00
go.mod ssh: adopt package from coily/pkg/ssh, closes #61 2026-05-14 18:24:44 -07:00
go.sum ssh: adopt package from coily/pkg/ssh, closes #61 2026-05-14 18:24:44 -07:00
godoc-current.txt Merge branch 'dispatch/issue-87' 2026-05-21 05:02:01 -07:00
LICENSE Scaffold cli-guard: extract framework primitives from coily/pkg/ 2026-05-13 04:25:19 -07:00
Makefile Wire cli-web-docs into docs surface, closes #28 2026-05-13 12:08:23 -07:00
mkdocs-requirements.txt Add mkdocs (urfave palette) + docs CI verification 2026-05-13 05:28:44 -07:00
mkdocs.yml Wire cli-web-docs into docs surface, closes #28 2026-05-13 12:08:23 -07:00
README.md feat(dispatch): host the dispatch subsystem as a reusable cli-guard package 2026-05-21 04:59:19 -07:00
SECURITY.md Add SECURITY.md (urfave shape) + nav and Support links 2026-05-13 05:36:33 -07:00
staticcheck.conf Adopt urfave-shaped README + trifecta + staticcheck.conf 2026-05-13 05:23:19 -07:00

README.md

cli-guard

Go Reference Go Report Card Tests status

cli-guard is a security-boundary framework for urfave/cli v3 applications, designed to sit between AI agents (or any semi-trusted automation) and the host system, featuring:

  • argv validation rejecting shell metacharacters before they reach execve
  • append-only JSONL audit log with lumberjack rotation
  • read / write / delete scope tokens, validated per verb
  • --commit-scope resolution binding every audit row to a git toplevel
  • clean+synced gate refusing repo-shaped verbs on a dirty tree
  • per-repo command allowlist loaded from per-repo YAML config files (e.g. .agent-guard/agent-guard.yaml, .coily/coily.yaml)
  • thin pass-through wrapper for embedding existing CLIs as audited subcommands
  • per-invocation CONNECT proxy with consumer-supplied egress allowlist
  • public exit-code taxonomy for orchestrators
  • reusable dispatch subsystem firing claude against a real open issue, headless or interactive

Documentation

See docs/FEATURES.md for a feature inventory, examples/ for runnable demos one per primitive, and the CLI reference for the rendered command tree of every example. Local dev verbs live in .agent-guard/agent-guard.yaml; agent-guard lint validates that against the Makefile.

Support

If you found a bug or have a feature request, create a new issue. Participation in this community is governed by the Code of Conduct. Security disclosures go through SECURITY.md.

Sibling repos in the cli-* family: cli-mcp, cli-web-docs, cli-web-ops.

License

See LICENSE.

See also

Cross-reference convention from coilysiren/agentic-os#59.