Skip to main content

​
Getting Started

Rafter provides local security features for autonomous agents to prevent secrets leakage and dangerous operations.

​
What is Agent Security?

Agent Security adds a safety layer to autonomous coding agents by:
  • πŸ” Detecting secrets before they’re committed to git
  • πŸ›‘οΈ Validating commands before execution
  • πŸ“ Audit logging all security events
  • βš™οΈ Configurable policies for different risk levels

​
Installation

Install the Rafter CLI globally: 
npm install -g @rafter-security/cli
Python 3.10+ required for pip installs. Verify your version:
python3 --version   # Must be 3.10 or higher
On Ubuntu/Debian, Python and pip may not be installed by default:
sudo apt update && sudo apt install -y python3 python3-pip python3-venv
On Fedora/RHEL: sudo dnf install python3 python3-pip. macOS: brew install python. Windows: install from python.org β€” pip is included.

​
Quick Setup

Initialize agent security with one command: 
rafter agent init
This will:
  1. Create ~/.rafter/config.json configuration
  2. Initialize directory structure
  3. Auto-detect installed agents and install skills:
    • Claude Code (~/.claude) β€” installs to ~/.claude/skills/rafter/
    • Codex CLI (~/.codex) β€” installs to ~/.agents/skills/rafter/
    • OpenClaw (~/.openclaw) β€” installs to ~/.openclaw/skills/
  4. Download Gitleaks binary for enhanced secret detection
  5. Set up audit logging

​
Choose Your Risk Level

During setup, choose from three risk levels:
  • Basic guidance only
  • Most commands allowed
  • Good for local development
  • Maximum security
  • Requires approval for most operations
  • Best for sensitive environments
# Set risk level during init
rafter agent init --risk-level moderate

# Or change it later
rafter agent config set agent.riskLevel aggressive

​
Verify Installation

Run the built-in health check to confirm everything is set up correctly: 
rafter agent verify
This checks your config, Gitleaks binary, and all detected agent integrations (Claude Code, Codex, OpenClaw). If any check fails, the output includes actionable fix instructions. You can also test individual components: 
# Scan current directory for secrets
rafter agent scan .

# View configuration
rafter agent config show

# Check audit logs
rafter agent audit

​
What’s Next?

Secret Scanning

Learn how to detect secrets in your code

Command Execution

Safely execute shell commands with validation

Claude Code

Set up Rafter with Claude Code

Codex CLI

Set up Rafter with OpenAI Codex CLI

OpenClaw

Set up Rafter with OpenClaw agents

MCP Integration

Use with Cursor, Windsurf, Claude Desktop, Cline

Command Reference

Complete CLI command reference

Troubleshooting

Fix common install and runtime issues

​
Directory Structure

After initialization, Rafter creates: 
~/.rafter/
β”œβ”€β”€ config.json      # Configuration file
β”œβ”€β”€ audit.log        # Security event log
β”œβ”€β”€ bin/             # Binary tools (Gitleaks, etc.)
└── patterns/        # Custom secret patterns

​
Agent Auto-Detection

rafter agent init detects all supported agents and installs the appropriate skills:
AgentDetected viaSkills installed toSkip flag
Claude Code~/.claude~/.claude/skills/rafter/--skip-claude-code
Codex CLI~/.codex~/.agents/skills/rafter/--skip-codex
OpenClaw~/.openclaw~/.openclaw/skills/--skip-openclaw
You can also force detection with --claude-code or --codex flags. Restart your agent after initialization to load the installed skills.

​
Support

Need Help?