Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rafter.so/llms.txt

Use this file to discover all available pages before exploring further.

Command Reference

Complete reference for all Rafter local security and MCP commands.

rafter agent init

Initialize local security system. 
rafter agent init [options]

Options

FlagDescriptionDefault
--risk-level <level>Set risk level: minimal, moderate, aggressivemoderate
--with-openclawInstall OpenClaw integrationfalse
--with-claude-codeInstall Claude Code integration (hooks + skills)false
--with-codexInstall Codex CLI integration (skills)false
--with-geminiInstall Gemini CLI integration (MCP server)false
--with-cursorInstall Cursor integration (MCP server)false
--with-windsurfInstall Windsurf integration (MCP server)false
--with-continueInstall Continue.dev integration (MCP server)false
--with-aiderInstall Aider integration (MCP server)false
--with-openclawInstall OpenClaw integration (ClawHub-shaped skill)false
--with-betterleaksDownload and install Betterleaks binary (gitleaks successor)false
--allInstall all detected integrations and download Betterleaksfalse
-i, --interactiveGuided setup — prompts for each detected integrationfalse
--updateRe-download betterleaks and reinstall integrations without resetting configfalse
--dry-runPrint every file path that would be created, modified, or downloaded — make no changesfalse
The legacy --with-gitleaks, --engine gitleaks, and rafter agent update-gitleaks flags were removed in v0.8.0. Use the -betterleaks equivalents. rafter agent verify and rafter agent status still detect a leftover ~/.rafter/bin/gitleaks and tell you to run rafter agent update-betterleaks.

What It Does

  1. Creates ~/.rafter/config.json configuration
  2. Initializes directory structure (~/.rafter/)
  3. Detects installed development environments (~/.claude, ~/.codex, ~/.gemini, etc.)
  4. Installs opted-in integrations (skills, hooks, sub-agents, per-skill rules, or MCP server configs)
  5. Downloads Betterleaks binary if --with-betterleaks or --all is passed

Examples

# Basic initialization (config only, no integrations)
rafter agent init

# Install all detected integrations
rafter agent init --all

# Preview every file path that would change — write nothing
rafter agent init --all --dry-run

# Set aggressive security from start
rafter agent init --risk-level aggressive --all

# Install only Claude Code integration
rafter agent init --with-claude-code

# Install only Codex CLI integration
rafter agent init --with-codex

# Re-download Betterleaks and reinstall
rafter agent init --all --update

rafter agent init-project

Generate project-level instruction files so AI agents discover Rafter at session start. 
rafter agent init-project [options]

Options

FlagDescription
--only <platforms>Comma-separated list of platforms to generate for
--listDry-run — show which files would be created without writing them

What It Does

Creates instruction files in the current project for all 7 supported agent platforms:
PlatformFile Created
Claude Code.claude/CLAUDE.md
Codex CLIAGENTS.md
Gemini CLIGEMINI.md
Cursor.cursor/rules/rafter-security.mdc
Windsurf.windsurfrules
Continue.dev.continuerules
Aider.aider/conventions.md
Each file contains a Rafter security context block with scanning commands, integration tips, and CLI reference pointers. Files use marker comments (<!-- rafter:start/end -->) for idempotent updates — safe to re-run without duplicating content.

Examples

# Generate for all platforms
rafter agent init-project

# Preview what would be created
rafter agent init-project --list

# Generate only for specific platforms
rafter agent init-project --only claude-code,cursor

# Generate for a single platform
rafter agent init-project --only codex
Commit the generated files so every contributor’s agent session sees Rafter security context automatically.

rafter secrets

Note: rafter agent scan still works but is deprecated — it will be removed in a future major version.
Scan files or directories for secrets. 
rafter secrets [path] [options]

Arguments

ArgumentDescriptionDefault
pathFile or directory to scan. (current directory)

Options

FlagDescription
-q, --quietOnly output if secrets found
--jsonOutput results as JSON (alias for --format json)
--format <type>Output format: text (default), json, or sarif
--stagedScan only git-staged files
--diff <ref>Scan only files changed since a git ref (e.g. HEAD~1, main)
--engine <type>Scan engine: patterns, betterleaks, or auto (default)
--historyScan git history for secrets (requires betterleaks engine)
--baselineFilter findings present in the saved baseline
--watchWatch for file changes and re-scan on change
--gitignore / --no-gitignoreHonor .gitignore when walking the scan target (default: on). Honors nested .gitignore, negations, .git/info/exclude, and the global excludes file. Outside any git work tree this flag is a no-op.

Exit Codes

  • 0 - No secrets found
  • 1 - Secrets detected
  • 2 - Runtime error (path not found, not a git repo, invalid ref)

Examples

# Scan current directory
rafter secrets

# Scan specific file
rafter secrets ./config.js

# Scan with JSON output
rafter secrets --json > results.json

# CI/CD usage (quiet mode)
rafter secrets --quiet || exit 1

# Scan only changed files
rafter secrets --diff main

# Use Betterleaks engine explicitly (default: auto-pick if installed)
rafter secrets --engine betterleaks

# Watch for changes and re-scan
rafter secrets --watch .

Detected Patterns

Cloud Providers:
  • AWS Access Keys (AKIA...)
  • AWS Secret Keys
  • Google API Keys (AIza...)
  • Google OAuth credentials
Version Control:
  • GitHub Personal Access Tokens (ghp_...)
  • GitHub OAuth Tokens (gho_...)
  • GitHub App Tokens (ghu_..., ghs_...)
  • GitHub Refresh Tokens (ghr_...)
Payment & SaaS:
  • Stripe API Keys (sk_live_..., rk_live_...)
  • Slack Tokens (xox[baprs]-...)
  • Slack Webhooks
  • Twilio API Keys (SK...)
Package Registries:
  • npm Access Tokens (npm_...)
  • PyPI API Tokens (pypi-...)
General:
  • Database connection strings
  • Private keys (RSA, DSA, EC, OpenSSH)
  • JWT tokens
  • Bearer tokens
  • Generic API keys
  • Generic secrets/passwords

rafter agent exec

Execute command with security validation. 
rafter agent exec <command> [options]

Arguments

ArgumentDescription
commandShell command to execute

Options

FlagDescription
--skip-scanSkip pre-execution file scanning
--forceSkip approval prompts (logged in audit)

Command Risk Levels

  • rm -rf /
  • :(){ :|:& };: (fork bomb)
  • dd if=/dev/zero of=/dev/sda
  • > /dev/sda
  • mkfs.*
  • fdisk, parted
  • rm -rf <dir>
  • sudo rm
  • chmod 777
  • curl ... | sh
  • git push --force
  • npm publish
  • docker system prune
  • sudo
  • chmod
  • chown
  • kill -9
  • systemctl
  • npm install
  • git commit
  • File read operations (ls, cat, grep)
  • Basic file operations (echo, touch)

Examples

# Safe command - executes immediately
rafter agent exec "npm test"

# Git commit - evaluates risk, then scans staged files
rafter agent exec "git commit -m 'Add feature'"

# High-risk - requires approval
rafter agent exec "sudo systemctl restart nginx"

# Force execution (skip approval, logged)
rafter agent exec "git push --force" --force

# Skip file scanning
rafter agent exec "git commit -m 'Fix typo'" --skip-scan

Pre-Execution Scanning

For all commands, Rafter first evaluates the command against risk rules. For git commands (git commit, git push), it additionally:
  1. Gets list of staged files
  2. Scans each file for secrets
  3. Blocks if secrets detected
  4. Allows if clean
Skip with --skip-scan if needed.

rafter agent config

Manage agent configuration. 
rafter agent config <subcommand> [options]

Subcommands

show

Display full configuration: 
rafter agent config show

get <key>

Get specific configuration value: 
rafter agent config get <key>
Example: 
rafter agent config get agent.riskLevel
# Output: moderate

set <key> <value>

Set configuration value: 
rafter agent config set <key> <value>
Example: 
rafter agent config set agent.riskLevel aggressive

Configuration Keys

KeyTypeOptionsDescription
agent.riskLevelstringminimal, moderate, aggressiveOverall security stance
agent.commandPolicy.modestringallow-all, approve-dangerous, deny-listCommand handling mode
agent.commandPolicy.blockedPatternsarray-Always-blocked command patterns
agent.commandPolicy.requireApprovalarray-Patterns requiring approval
agent.outputFiltering.redactSecretsbooleantrue, falseRedact secrets in output
agent.audit.logAllActionsbooleantrue, falseLog all security events
agent.audit.retentionDaysnumber-Log retention period (days)
agent.audit.logLevelstringdebug, info, warn, errorLog verbosity
agent.notifications.webhookstring-Webhook URL to POST notifications to
agent.notifications.minRiskLevelstring"high", "critical"Minimum risk level to trigger notification

Examples

# View all config
rafter agent config show

# Get risk level
rafter agent config get agent.riskLevel

# Set to aggressive
rafter agent config set agent.riskLevel aggressive

# Change policy mode
rafter agent config set agent.commandPolicy.mode deny-list

# Enable secret redaction
rafter agent config set agent.outputFiltering.redactSecrets true

# Set log retention
rafter agent config set agent.audit.retentionDays 60

# Configure webhook notifications
rafter agent config set agent.notifications.webhook https://hooks.slack.com/services/T.../B.../xxx
rafter agent config set agent.notifications.minRiskLevel critical

rafter agent audit

View security audit logs. For the full JSONL schema specification, see Audit Log. 
rafter agent audit [options]

Options

FlagDescriptionDefault
--last <n>Show last N entries10
--event <type>Filter by event type-
--agent <type>Filter by agent (openclaw, claude-code)-
--since <date>Show entries since date (YYYY-MM-DD)-

Event Types

EventDescription
command_interceptedCommand execution attempt
secret_detectedSecret found in files
content_sanitizedOutput redacted
policy_overrideUser override of policy
scan_executedFile scan performed
config_changedConfiguration modified

Examples

# Show recent logs
rafter agent audit

# Show last 20 entries
rafter agent audit --last 20

# Filter by event type
rafter agent audit --event command_intercepted

# Filter by agent
rafter agent audit --agent openclaw

# Show logs since date
rafter agent audit --since 2026-02-01

# Combine filters
rafter agent audit --event secret_detected --last 50

Output Format

🛡️ [2026-02-02 10:30:45] command_intercepted
   Agent: openclaw
   Command: git commit -m 'Add feature'
   Risk: medium
   Check: PASSED
   Action: allowed

🔑 [2026-02-02 10:25:12] secret_detected
   Agent: openclaw
   Risk: critical
   Check: FAILED
   Reason: AWS Access Key detected in config.js
   Action: blocked

rafter agent verify

Check local security integration status across all 8 supported platforms. 
rafter agent verify [--json] [--probe]

What It Does

Validates your Rafter setup by checking 10 things in order:
  1. Config~/.rafter/config.json exists and is valid JSON
  2. Betterleaks — Binary available on PATH or at ~/.rafter/bin/betterleaks (legacy ~/.rafter/bin/gitleaks is detected and surfaced as an “upgrade needed” hint, not an error)
  3. Claude Code~/.claude/settings.json has PreToolUse hooks installed (optional)
  4. OpenClaw~/.openclaw/workspace/skills/rafter-security/SKILL.md exists with ClawHub frontmatter (optional)
  5. Codex CLI~/.agents/skills/rafter/SKILL.md and ~/.agents/skills/rafter-agent-security/SKILL.md exist (optional)
  6. Gemini CLI — MCP server configured for Gemini (optional)
  7. Cursor — hooks + per-skill rules + sub-agent installed (optional)
  8. Windsurf — per-skill rules + AGENTS.md + MCP entry installed (optional)
  9. Continue.dev — MCP entry + per-skill rules installed (optional)
  10. AiderRAFTER.md present and listed in .aider.conf.yml’s read: (optional)
Config and Betterleaks are hard requirements (failure → exit 1). Everything else is an optional integration (failure → warning only, exit 0).

Options

FlagDescription
--jsonEmit a single JSON object (checks[] + summary) with stable pass | warn | fail status. Intended for CI consumption.
--probeRuntime probe for Claude Code: synthesize a PreToolUse stdin payload with a known-dangerous sentinel command, invoke rafter hook pretool, and confirm ~/.rafter/audit.jsonl recorded a command_intercepted entry. Catches the “wrote file but the hook never fires” failure mode that file-presence checks miss.

Exit Codes

CodeMeaning
0All required checks passed (optional checks may warn)
1One or more required checks failed

Examples

# Run health check
rafter agent verify

# CI consumption — single JSON object on stdout
rafter agent verify --json

# Runtime probe — confirms Claude Code's PreToolUse hook actually fires
rafter agent verify --probe

# Example output (all passing):
# ✓ Config        ~/.rafter/config.json
# ✓ Betterleaks   1.1.2 (/home/you/.rafter/bin/betterleaks)
# ✓ Claude Code   PreToolUse hook installed
# ✓ OpenClaw      rafter-security SKILL.md present

# Example output (legacy gitleaks needs upgrade):
# ✓ Config        ~/.rafter/config.json
# ⚠  Betterleaks   legacy gitleaks at ~/.rafter/bin/gitleaks — run: rafter agent update-betterleaks
# ✓ Claude Code   PreToolUse hook installed
Run rafter agent verify after rafter agent init to confirm everything installed correctly, and after system updates to catch binary incompatibilities. Use --probe in CI/post-install to catch hook regressions that file-presence checks miss.

rafter agent status

Show a live dashboard of your Rafter local security setup. 
rafter agent status

What It Shows

SectionDetails
ConfigPresence and validity of ~/.rafter/config.json; risk level, audit log path
BetterleaksVersion string and binary path (legacy gitleaks detected as upgrade-needed hint)
HooksWhether PreToolUse and PostToolUse hooks are registered in Claude Code settings
OpenClawWhether the rafter-security SKILL.md is installed under ~/.openclaw/workspace/skills/
Audit LogTotal event count + 5 most recent events (type, timestamp, risk)

Example Output

rafter agent status

# Rafter Agent Status
# ─────────────────────────────────
# Config:       ~/.rafter/config.json  (risk: medium)
# Betterleaks:  1.1.2  (/home/you/.rafter/bin/betterleaks)
# Hooks:        PreToolUse ✓  PostToolUse ✓
# OpenClaw:     rafter-security SKILL.md ✓
#
# Audit Log: 142 events
#   [2026-02-21 14:32] command_allowed      low
#   [2026-02-21 14:31] secret_detected      high
#   [2026-02-21 14:28] command_intercepted  critical
#   [2026-02-21 14:20] command_allowed      low
#   [2026-02-21 14:18] command_allowed      low

rafter agent install-hook

Install a git pre-commit hook that scans staged files for secrets before each commit. 
rafter agent install-hook [options]

Options

FlagDescriptionDefault
--globalInstall for all git repos on this machinefalse (local only)

What It Does

Without --global (local install):
  • Writes hook to .git/hooks/pre-commit in the current repo
  • Backs up any existing hook before overwriting
With --global (global install):
  • Writes hook to ~/.rafter/git-hooks/pre-commit
  • Sets git config --global core.hooksPath ~/.rafter/git-hooks
  • Applies to every git repo on the machine
When git commit runs, the hook calls rafter secrets --staged. If secrets are detected the commit is blocked. Pass git commit --no-verify to bypass (not recommended).

Examples

# Install for current repo
rafter agent install-hook

# Install globally for all repos
rafter agent install-hook --global

# Remove global hook
git config --global --unset core.hooksPath

rafter agent audit-skill

Security audit of a Claude Code or OpenClaw skill file. 
rafter agent audit-skill <skill-path> [options]

Arguments

ArgumentDescription
<skill-path>Path to the skill file to audit (required)

Options

FlagDescription
--skip-openclawSkip OpenClaw integration; print manual review prompt instead
--jsonOutput results as JSON

What It Does

Performs deterministic security analysis on the skill file:
  1. Secret detection — Scans for hardcoded API keys, tokens, and credentials
  2. URL extraction — Lists all external HTTP/HTTPS URLs
  3. High-risk command patterns — Detects 11 dangerous patterns: rm -rf /, sudo rm, curl|sh, wget|sh, eval(), exec(), chmod 777, fork bombs, dd /dev/xyz, mkfs, base64 -d|sh
If OpenClaw is available, the command routes the skill to the /rafter-audit-skill slash command for a deeper 12-dimension security review covering trust, network access, credential handling, obfuscation, supply chain, and more.

Exit Codes

CodeMeaning
0No secrets or high-risk commands detected
1Secrets or high-risk commands found

Examples

# Audit a skill file
rafter agent audit-skill ~/.claude/skills/github-integration/SKILL.md

# JSON output for scripting
rafter agent audit-skill skill.md --json

# Skip OpenClaw (prints manual review prompt)
rafter agent audit-skill skill.md --skip-openclaw

JSON Output

rafter agent audit-skill skill.md --json

{
  "skill": "skill.md",
  "path": "/absolute/path/to/skill.md",
  "quickScan": {
    "secrets": 0,
    "urls": ["https://api.example.com"],
    "highRiskCommands": []
  },
  "openClawAvailable": true,
  "rafterSkillInstalled": true
}

rafter ci init

Generate CI/CD workflow files for your project. 
rafter ci init [options]

Options

FlagDescriptionDefault
--platform <type>Target platform: github, gitlab, circleciAuto-detected
--output <path>Output file pathPlatform default
--with-backendInclude API-based security audit jobfalse

What It Does

  1. Detects your CI platform from project files (.github/, .gitlab-ci.yml, .circleci/)
  2. Generates a workflow file with secret scanning and security checks
  3. Optionally adds a backend scan job using the Rafter API

Examples

# Auto-detect platform and generate config
rafter ci init

# Generate GitHub Actions workflow
rafter ci init --platform github

# Include backend scanning job
rafter ci init --platform github --with-backend

rafter brief

Print rafter knowledge reformatted for CLI output. Designed for any agent on any platform — pipe to memory, save to instructions, or just read in-session. 
rafter brief [topic]

Arguments

ArgumentDescription
[topic]Topic to display (optional — lists available topics if omitted)

Topics

TopicDescription
securityLocal security toolkit — scanning, auditing, policy enforcement
scanningRemote SAST/SCA code analysis via Rafter API
commandsCondensed command reference for all rafter commands
setupSetup instructions for all supported agent platforms
setup/<platform>Platform-specific setup (claude-code, codex, gemini, cursor, windsurf, aider, openclaw, continue, generic)
allEverything — full security + scanning + setup briefing

Examples

# List available topics
rafter brief

# Get the local security briefing
rafter brief security

# Platform-specific setup guide
rafter brief setup/claude-code

# For agents without native skill support — load context manually
rafter brief security    # save to memory/instructions
rafter brief commands    # save command reference

# Pipe to a file for manual skill creation
rafter brief scanning > ~/.agents/skills/rafter/SKILL.md
rafter brief works on any platform — use it to bootstrap agent knowledge when skill auto-install isn’t available.

rafter mcp serve

Start an MCP server exposing Rafter security tools over stdio transport. Works with any MCP-compatible client. 
rafter mcp serve [options]

Options

FlagDescriptionDefault
--transport <type>Transport type (stdio)stdio

Tools Provided

ToolDescriptionRequired Params
scan_secretsScan for hardcoded secretspath
evaluate_commandCheck if command is allowed by policycommand
read_audit_logRead audit log entries(none)
get_configRead Rafter configuration(none)

Resources Provided

URIDescription
rafter://configCurrent Rafter configuration
rafter://policyActive security policy (merged .rafter.yml + config)

MCP Client Config

{
  "rafter": {
    "command": "rafter",
    "args": ["mcp", "serve"]
  }
}
See MCP Integration for platform-specific setup.

rafter hook pretool

PreToolUse hook handler for Claude Code. Reads tool input JSON from stdin, writes decision to stdout. 
rafter hook pretool
Evaluates Bash tool calls against command policy and scans Write/Edit content for secrets. See Claude Code Integration for setup.

rafter hook posttool

PostToolUse hook handler for Claude Code. Reads tool result JSON from stdin, logs security-relevant events to the audit log. 
rafter hook posttool
Logs completed Bash, Write, and Edit tool executions with their outcome and risk level. Useful for auditing what an agent actually did (vs. what was blocked at pretool). See Claude Code Integration for setup.

rafter policy export

Export Rafter security policy for agent platforms. 
rafter policy export --format <claude|codex> [--output <path>]

Options

FlagDescription
--format <type>Target format: claude (Claude Code hooks JSON) or codex (Codex rules TOML)
--output <path>Write to file instead of stdout

rafter completion

Generate shell completion scripts for rafter. 
rafter completion <shell>

Arguments

ArgumentDescription
<shell>Target shell: bash, zsh, or fish

Setup

# Bash — add to ~/.bashrc
eval "$(rafter completion bash)"

# Zsh — add to ~/.zshrc
eval "$(rafter completion zsh)"

# Fish — saves directly to completions directory
rafter completion fish

Global Flags

Available on all commands:
FlagDescription
-h, --helpDisplay help for command
-V, --versionOutput version number

Environment Variables

VariableDescription
RAFTER_API_KEYAPI key for backend scanning
RAFTER_GITHUB_TOKENGitHub PAT for private repo scanning (needs Contents:Read scope)
RAFTER_CONFIG_PATHCustom config file location

File Locations

PathDescription
~/.rafter/config.jsonConfiguration file
~/.rafter/audit.jsonlAudit log (JSONL format, see Audit Log)
~/.rafter/bin/Binary tools (Betterleaks, etc.)
~/.rafter/patterns/Custom secret patterns (*.txt or *.json)
~/.rafter/.rafterignoreFindings suppression rules (path globs, optional :pattern-name qualifier)
.rafter.ymlProject-level policy file (see Policy File)
~/.openclaw/workspace/skills/rafter-security/SKILL.mdOpenClaw skill file (canonical ClawHub path; v0.8.0+)

Exit Codes

Local Security (rafter agent *, rafter secrets)

CodeMeaning
0Success / no secrets found
1Error or secrets found
2Runtime error (path not found, not a git repo, invalid ref)

Remote Code Analysis (rafter run, rafter get, rafter usage)

CodeMeaning
0Success
1General error
2Scan not found (HTTP 404)
3Quota exhausted (HTTP 429 or 403 scan-mode limit)
4Insufficient scope / forbidden (HTTP 403)

Support

Need Help?