Skip to main content

Codex CLI Integration

Rafter provides two skills for Codex CLI that add security scanning and local agent protection.

Skills Architecture

Backend Skill (rafter)

API-based security scanning
  • Trigger remote SAST/SCA scans
  • Retrieve scan results
  • Check usage quota
  • Read-only operations

Agent Security (rafter-agent-security)

Local security operations
  • Secret detection in files
  • Command risk assessment
  • Skill auditing
  • Audit logging

Setup

1. Install Rafter CLI

npm install -g @rafter-security/cli

2. Initialize Agent Security

rafter agent init
Rafter auto-detects Codex CLI via ~/.codex and installs skills to ~/.agents/skills/rafter/. If Codex CLI isn’t detected automatically, force it: 
rafter agent init --codex

3. Restart Codex CLI

Restart Codex CLI to load the newly installed skills.

Skill Location

After initialization: 
~/.agents/skills/
├── rafter/
│   └── SKILL.md              # Backend scanning skill
└── rafter-agent-security/
    └── SKILL.md              # Agent security skill

Usage

Backend Scanning

Trigger a security scan of your repository: 
rafter run --format md
Or use the rafter scan alias: 
rafter scan --repo myorg/myrepo --branch main
Backend scanning requires a Rafter API key. Set it via export RAFTER_API_KEY="your-key" or pass --api-key.

Agent Security

These commands work locally without an API key: 
# Scan files for secrets
rafter agent scan .

# Scan only staged files
rafter agent scan --staged

# Execute a command with risk assessment
rafter agent exec "git push --force"

# Audit a third-party skill for malware
rafter agent audit-skill path/to/untrusted-skill.md

# View security event log
rafter agent audit

Skill Auditing

Treat third-party skill ecosystems as hostile by default. There have been reports of malware distributed via AI agent skill marketplaces, using social-engineering instructions to run obfuscated shell commands.
Before installing any third-party skill, audit it: 
rafter agent audit-skill path/to/untrusted-skill.md
This analyzes 12 security dimensions: trust/attribution, network security, command execution, file system access, credential handling, input validation, data exfiltration, obfuscation, scope alignment, error handling, dependencies, and environment manipulation.

Configuration

Risk Levels

# Set during init
rafter agent init --risk-level moderate

# Change later
rafter agent config set agent.riskLevel aggressive
LevelBehavior
MinimalBasic guidance, most commands allowed
ModerateApproval for high-risk commands, secrets always blocked (default)
AggressiveApproval for most operations, maximum security

View Configuration

rafter agent config show

Monitoring

View Agent Activity

# Recent events
rafter agent audit

# Last 50 events
rafter agent audit --limit 50

# Filter by risk level
rafter agent audit --risk high

Troubleshooting

  1. Verify skills are installed: ls ~/.agents/skills/rafter/
  2. Re-run: rafter agent init --codex
  3. Restart Codex CLI
Force detection with: rafter agent init --codex

What’s Next?

Secret Scanning

21+ secret patterns detected

Command Execution

Risk-assessed command validation

Command Reference

Full CLI reference