Skip to main content

Command Reference

Complete reference for all Rafter agent security and MCP commands.

rafter agent init

Initialize agent security system. 
rafter agent init [options]

Options

FlagDescriptionDefault
--risk-level <level>Set risk level: minimal, moderate, aggressivemoderate
--skip-gitleaksSkip Gitleaks binary downloadfalse
--skip-openclawSkip OpenClaw skill installationfalse
--skip-claude-codeSkip Claude Code hook installationfalse
--claude-codeForce Claude Code detectionfalse
--forceReinstall even if already initializedfalse

What It Does

  1. Creates ~/.rafter/config.json configuration
  2. Initializes directory structure (~/.rafter/)
  3. Downloads Gitleaks binary (if not already on PATH)
  4. Detects OpenClaw and installs skill
  5. Detects Claude Code and installs PreToolUse hooks
  6. Sets up audit logging

Examples

# Basic initialization
rafter agent init

# Set aggressive security from start
rafter agent init --risk-level aggressive

# Skip OpenClaw integration
rafter agent init --skip-openclaw

# Reinstall everything
rafter agent init --force

# Skip Gitleaks download (use pattern engine only)
rafter agent init --skip-gitleaks

rafter agent scan

Scan files or directories for secrets. 
rafter agent scan [path] [options]

Arguments

ArgumentDescriptionDefault
pathFile or directory to scan. (current directory)

Options

FlagDescription
-q, --quietOnly output if secrets found
--jsonOutput results as JSON (alias for --format json)
--format <type>Output format: text (default), json, or sarif
--stagedScan only git-staged files
--diff <ref>Scan only files changed since a git ref (e.g. HEAD~1, main)
--engine <type>Scan engine: patterns, gitleaks, or auto (default)

Exit Codes

  • 0 - No secrets found
  • 1 - Secrets detected

Examples

# Scan current directory
rafter agent scan

# Scan specific file
rafter agent scan ./config.js

# Scan with JSON output
rafter agent scan --format json > results.json

# SARIF output (GitHub/GitLab security tab)
rafter agent scan --format sarif > results.sarif

# CI/CD usage (quiet mode)
rafter agent scan --quiet || exit 1

# Scan only changed files
rafter agent scan --diff main

# Use Gitleaks engine
rafter agent scan --engine gitleaks

Detected Patterns

Cloud Providers:
  • AWS Access Keys (AKIA...)
  • AWS Secret Keys
  • Google API Keys (AIza...)
  • Google OAuth credentials
Version Control:
  • GitHub Personal Access Tokens (ghp_...)
  • GitHub OAuth Tokens (gho_...)
  • GitHub App Tokens (ghu_..., ghs_...)
  • GitHub Refresh Tokens (ghr_...)
Payment & SaaS:
  • Stripe API Keys (sk_live_..., rk_live_...)
  • Slack Tokens (xox[baprs]-...)
  • Slack Webhooks
  • Twilio API Keys (SK...)
Package Registries:
  • npm Access Tokens (npm_...)
  • PyPI API Tokens (pypi-...)
General:
  • Database connection strings
  • Private keys (RSA, DSA, EC, OpenSSH)
  • JWT tokens
  • Bearer tokens
  • Generic API keys
  • Generic secrets/passwords

rafter agent exec

Execute command with security validation. 
rafter agent exec <command> [options]

Arguments

ArgumentDescription
commandShell command to execute

Options

FlagDescription
--skip-scanSkip pre-execution file scanning
--forceSkip approval prompts (logged in audit)

Command Risk Levels

  • rm -rf /
  • :(){ :|:& };: (fork bomb)
  • dd if=/dev/zero of=/dev/sda
  • > /dev/sda
  • mkfs.*
  • fdisk, parted
  • rm -rf <dir>
  • sudo rm
  • chmod 777
  • curl ... | sh
  • git push --force
  • npm publish
  • docker system prune
  • sudo
  • chmod
  • chown
  • kill -9
  • systemctl
  • npm install
  • git commit
  • File read operations (ls, cat, grep)
  • Basic file operations (echo, touch)

Examples

# Safe command - executes immediately
rafter agent exec "npm test"

# Git commit - scans staged files first
rafter agent exec "git commit -m 'Add feature'"

# High-risk - requires approval
rafter agent exec "sudo systemctl restart nginx"

# Force execution (skip approval, logged)
rafter agent exec "git push --force" --force

# Skip file scanning
rafter agent exec "git commit -m 'Fix typo'" --skip-scan

Pre-Execution Scanning

For git commands (git commit, git push), Rafter automatically:
  1. Gets list of staged files
  2. Scans each file for secrets
  3. Blocks if secrets detected
  4. Allows if clean
Skip with --skip-scan if needed.

rafter agent config

Manage agent configuration. 
rafter agent config <subcommand> [options]

Subcommands

show

Display full configuration: 
rafter agent config show

get <key>

Get specific configuration value: 
rafter agent config get <key>
Example: 
rafter agent config get agent.riskLevel
# Output: moderate

set <key> <value>

Set configuration value: 
rafter agent config set <key> <value>
Example: 
rafter agent config set agent.riskLevel aggressive

Configuration Keys

KeyTypeOptionsDescription
agent.riskLevelstringminimal, moderate, aggressiveOverall security stance
agent.commandPolicy.modestringallow-all, approve-dangerous, deny-listCommand handling mode
agent.commandPolicy.blockedPatternsarray-Always-blocked command patterns
agent.commandPolicy.requireApprovalarray-Patterns requiring approval
agent.outputFiltering.redactSecretsbooleantrue, falseRedact secrets in output
agent.audit.logAllActionsbooleantrue, falseLog all security events
agent.audit.retentionDaysnumber-Log retention period (days)
agent.audit.logLevelstringdebug, info, warn, errorLog verbosity
agent.environments.openclaw.enabledbooleantrue, falseOpenClaw integration

Examples

# View all config
rafter agent config show

# Get risk level
rafter agent config get agent.riskLevel

# Set to aggressive
rafter agent config set agent.riskLevel aggressive

# Change policy mode
rafter agent config set agent.commandPolicy.mode deny-list

# Enable secret redaction
rafter agent config set agent.outputFiltering.redactSecrets true

# Set log retention
rafter agent config set agent.audit.retentionDays 60

rafter agent audit

View security audit logs. For the full JSONL schema specification, see Audit Log. 
rafter agent audit [options]

Options

FlagDescriptionDefault
--last <n>Show last N entries10
--event <type>Filter by event type-
--agent <type>Filter by agent (openclaw, claude-code)-
--since <date>Show entries since date (YYYY-MM-DD)-

Event Types

EventDescription
command_interceptedCommand execution attempt
secret_detectedSecret found in files
content_sanitizedOutput redacted
policy_overrideUser override of policy
scan_executedFile scan performed
config_changedConfiguration modified

Examples

# Show recent logs
rafter agent audit

# Show last 20 entries
rafter agent audit --last 20

# Filter by event type
rafter agent audit --event command_intercepted

# Filter by agent
rafter agent audit --agent openclaw

# Show logs since date
rafter agent audit --since 2026-02-01

# Combine filters
rafter agent audit --event secret_detected --last 50

Output Format

🛡️ [2026-02-02 10:30:45] command_intercepted
   Agent: openclaw
   Command: git commit -m 'Add feature'
   Risk: medium
   Check: PASSED
   Action: allowed

🔑 [2026-02-02 10:25:12] secret_detected
   Agent: openclaw
   Risk: critical
   Check: FAILED
   Reason: AWS Access Key detected in config.js
   Action: blocked

rafter agent verify

Check agent security integration status. 
rafter agent verify

What It Does

Validates your Rafter setup by checking four things in order:
  1. Config~/.rafter/config.json exists and is valid JSON
  2. Gitleaks — Binary available on PATH or at ~/.rafter/bin/gitleaks
  3. Claude Code~/.claude/settings.json has PreToolUse hooks installed (optional)
  4. OpenClaw~/.openclaw/skills/rafter-security.md exists (optional)
Config and Gitleaks are hard requirements (failure → exit 1). Claude Code and OpenClaw are optional integrations (failure → warning only, exit 0).

Exit Codes

CodeMeaning
0All required checks passed (optional checks may warn)
1One or more required checks failed

Examples

# Run health check
rafter agent verify

# Example output (all passing):
# ✓ Config        ~/.rafter/config.json
# ✓ Gitleaks      8.21.0 (/usr/local/bin/gitleaks)
# ✓ Claude Code   PreToolUse hook installed
# ✓ OpenClaw      rafter-security.md skill present

# Example output (optional checks absent):
# ✓ Config        ~/.rafter/config.json
# ✓ Gitleaks      8.21.0 (/usr/local/bin/gitleaks)
# ⚠  Claude Code   Not detected — run: rafter agent init (optional)
# ⚠  OpenClaw      Not detected (optional)
Run rafter agent verify after rafter agent init to confirm everything installed correctly, and after system updates to catch binary incompatibilities.

rafter agent status

Show a live dashboard of your Rafter agent security setup. 
rafter agent status

What It Shows

SectionDetails
ConfigPresence and validity of ~/.rafter/config.json; risk level, audit log path
GitleaksVersion string and binary path
HooksWhether PreToolUse and PostToolUse hooks are registered in Claude Code settings
OpenClawWhether the rafter-security.md skill is installed
Audit LogTotal event count + 5 most recent events (type, timestamp, risk)

Example Output

rafter agent status

# Rafter Agent Status
# ─────────────────────────────────
# Config:    ~/.rafter/config.json  (risk: medium)
# Gitleaks:  8.21.0  (/usr/local/bin/gitleaks)
# Hooks:     PreToolUse ✓  PostToolUse ✓
# OpenClaw:  rafter-security.md ✓
#
# Audit Log: 142 events
#   [2026-02-21 14:32] command_allowed      low
#   [2026-02-21 14:31] secret_detected      high
#   [2026-02-21 14:28] command_intercepted  critical
#   [2026-02-21 14:20] command_allowed      low
#   [2026-02-21 14:18] command_allowed      low

rafter agent install-hook

Install a git pre-commit hook that scans staged files for secrets before each commit. 
rafter agent install-hook [options]

Options

FlagDescriptionDefault
--globalInstall for all git repos on this machinefalse (local only)

What It Does

Without --global (local install):
  • Writes hook to .git/hooks/pre-commit in the current repo
  • Backs up any existing hook before overwriting
With --global (global install):
  • Writes hook to ~/.rafter/git-hooks/pre-commit
  • Sets git config --global core.hooksPath ~/.rafter/git-hooks
  • Applies to every git repo on the machine
When git commit runs, the hook calls rafter agent scan --staged. If secrets are detected the commit is blocked. Pass git commit --no-verify to bypass (not recommended).

Examples

# Install for current repo
rafter agent install-hook

# Install globally for all repos
rafter agent install-hook --global

# Remove global hook
git config --global --unset core.hooksPath

rafter agent audit-skill

Security audit of a Claude Code or OpenClaw skill file. 
rafter agent audit-skill <skill-path> [options]

Arguments

ArgumentDescription
<skill-path>Path to the skill file to audit (required)

Options

FlagDescription
--skip-openclawSkip OpenClaw integration; print manual review prompt instead
--jsonOutput results as JSON

What It Does

Performs deterministic security analysis on the skill file:
  1. Secret detection — Scans for hardcoded API keys, tokens, and credentials
  2. URL extraction — Lists all external HTTP/HTTPS URLs
  3. High-risk command patterns — Detects 11 dangerous patterns: rm -rf /, sudo rm, curl|sh, wget|sh, eval(), exec(), chmod 777, fork bombs, dd /dev/xyz, mkfs, base64 -d|sh
If OpenClaw is available, the command routes the skill to the /rafter-audit-skill slash command for a deeper 12-dimension security review covering trust, network access, credential handling, obfuscation, supply chain, and more.

Exit Codes

CodeMeaning
0No secrets or high-risk commands detected
1Secrets or high-risk commands found

Examples

# Audit a skill file
rafter agent audit-skill ~/.claude/skills/github-integration/SKILL.md

# JSON output for scripting
rafter agent audit-skill skill.md --json

# Skip OpenClaw (prints manual review prompt)
rafter agent audit-skill skill.md --skip-openclaw

JSON Output

rafter agent audit-skill skill.md --json

{
  "skill": "skill.md",
  "path": "/absolute/path/to/skill.md",
  "quickScan": {
    "secrets": 0,
    "urls": ["https://api.example.com"],
    "highRiskCommands": []
  },
  "openClawAvailable": true,
  "rafterSkillInstalled": true
}

rafter ci init

Generate CI/CD workflow files for your project. 
rafter ci init [options]

Options

FlagDescriptionDefault
--platform <type>Target platform: github, gitlab, circleciAuto-detected
--output <path>Output file pathPlatform default
--with-backendInclude API-based security audit jobfalse

What It Does

  1. Detects your CI platform from project files (.github/, .gitlab-ci.yml, .circleci/)
  2. Generates a workflow file with secret scanning and security checks
  3. Optionally adds a backend scan job using the Rafter API

Examples

# Auto-detect platform and generate config
rafter ci init

# Generate GitHub Actions workflow
rafter ci init --platform github

# Include backend scanning job
rafter ci init --platform github --with-backend

rafter mcp serve

Start an MCP server exposing Rafter security tools over stdio transport. Works with any MCP-compatible client. 
rafter mcp serve [options]

Options

FlagDescriptionDefault
--transport <type>Transport type (only stdio supported in v0.5.0)stdio

Tools Provided

ToolDescriptionRequired Params
scan_secretsScan for hardcoded secretspath
evaluate_commandCheck if command is allowed by policycommand
read_audit_logRead audit log entries(none)
get_configRead Rafter configuration(none)

Resources Provided

URIDescription
rafter://configCurrent Rafter configuration
rafter://policyActive security policy (merged .rafter.yml + config)

MCP Client Config

{
  "rafter": {
    "command": "rafter",
    "args": ["mcp", "serve"]
  }
}
See MCP Integration for platform-specific setup.

rafter hook pretool

PreToolUse hook handler for Claude Code. Reads tool input JSON from stdin, writes decision to stdout. 
rafter hook pretool
Evaluates Bash tool calls against command policy and scans Write/Edit content for secrets. See Claude Code Integration for setup.

rafter hook posttool

PostToolUse hook handler for Claude Code. Reads tool result JSON from stdin, logs security-relevant events to the audit log. 
rafter hook posttool
Logs completed Bash, Write, and Edit tool executions with their outcome and risk level. Useful for auditing what an agent actually did (vs. what was blocked at pretool). See Claude Code Integration for setup.

rafter policy export

Export Rafter security policy for agent platforms. 
rafter policy export --format <claude|codex> [--output <path>]

Options

FlagDescription
--format <type>Target format: claude (Claude Code hooks JSON) or codex (Codex rules TOML)
--output <path>Write to file instead of stdout

rafter completion

Generate shell completion scripts for rafter. 
rafter completion <shell>

Arguments

ArgumentDescription
<shell>Target shell: bash, zsh, or fish

Setup

# Bash — add to ~/.bashrc
eval "$(rafter completion bash)"

# Zsh — add to ~/.zshrc
eval "$(rafter completion zsh)"

# Fish — saves directly to completions directory
rafter completion fish

Global Flags

Available on all commands:
FlagDescription
-h, --helpDisplay help for command
-V, --versionOutput version number

Environment Variables

VariableDescription
RAFTER_API_KEYAPI key for backend scanning
RAFTER_CONFIG_PATHCustom config file location

File Locations

PathDescription
~/.rafter/config.jsonConfiguration file
~/.rafter/audit.jsonlAudit log (JSONL format, see Audit Log)
~/.rafter/bin/Binary tools (Gitleaks, etc.)
~/.rafter/patterns/Custom secret patterns (*.txt or *.json)
~/.rafter/.rafterignoreFindings suppression rules (path globs, optional :pattern-name qualifier)
.rafter.ymlProject-level policy file (see Policy File)
~/.openclaw/skills/rafter-security.mdOpenClaw skill file

Exit Codes

CodeMeaning
0Success
1Error or secrets found

Support

Need Help?