Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rafter.so/llms.txt

Use this file to discover all available pages before exploring further.

Codex CLI Integration

Rafter provides two skills for Codex CLI that add remote code analysis and local security.

Skills Architecture

Backend Skill (rafter)

API-based security scanning
  • Trigger remote SAST/SCA scans
  • Retrieve scan results
  • Check usage quota
  • Read-only operations

Local Security Toolkit (rafter-agent-security)

Local security operations
  • Secret scanning in files
  • Policy enforcement
  • Extension auditing
  • Audit logging

Setup

1. Install Rafter CLI

npm install -g @rafter-security/cli

2. Initialize Local Security

rafter agent init --with-codex
Rafter detects Codex CLI via ~/.codex and installs skills to ~/.agents/skills/rafter/. To install all detected integrations at once: 
rafter agent init --all

3. Restart Codex CLI

Restart Codex CLI to load the newly installed skills.

Skill Location

After initialization: 
~/.agents/skills/
├── rafter/
│   └── SKILL.md              # Remote code analysis skill
└── rafter-agent-security/
    └── SKILL.md              # Local security skill

Usage

Backend Scanning

Trigger a security scan of your repository: 
rafter run --format md
Or use the rafter scan alias: 
rafter scan --repo myorg/myrepo --branch main
Backend scanning requires a Rafter API key. Set it via export RAFTER_API_KEY="your-key" or pass --api-key.

Local Security

These commands work locally without an API key: 
# Scan files for secrets
rafter secrets .

# Scan only staged files
rafter secrets --staged

# Execute a command with risk assessment
rafter agent exec "git push --force"

# Audit a third-party skill for malware
rafter agent audit-skill path/to/untrusted-skill.md

# View security event log
rafter agent audit
Note: rafter agent scan still works but is deprecated — it will be removed in a future major version.

Skill Auditing

Treat third-party extension ecosystems as hostile by default. There have been reports of malware distributed via skill marketplaces, using social-engineering instructions to run obfuscated shell commands.
Before installing any third-party skill, audit it: 
rafter agent audit-skill path/to/untrusted-skill.md
This analyzes 12 security dimensions: trust/attribution, network security, command execution, file system access, credential handling, input validation, data exfiltration, obfuscation, scope alignment, error handling, dependencies, and environment manipulation.

Configuration

Risk Levels

# Set during init
rafter agent init --risk-level moderate

# Change later
rafter agent config set agent.riskLevel aggressive
LevelBehavior
MinimalBasic guidance, most commands allowed
ModerateApproval for high-risk commands, secrets always blocked (default)
AggressiveApproval for most operations, maximum security

View Configuration

rafter agent config show

Monitoring

View Agent Activity

# Recent events (last 10)
rafter agent audit

# Last 50 events
rafter agent audit --last 50

# Filter by event type
rafter agent audit --event secret_detected

# Filter by agent platform
rafter agent audit --agent claude-code

Troubleshooting

  1. Verify skills are installed: ls ~/.agents/skills/rafter/
  2. Re-run: rafter agent init --with-codex
  3. Restart Codex CLI
Ensure ~/.codex exists, then run: rafter agent init --with-codex

What’s Next?

Secret Scanning

21+ secret patterns detected

Command Execution

Risk-assessed command validation

Command Reference

Full CLI reference