Quick Reference

Rafter Security Audits

For more detailed guides, see the basic and advanced guides.

Scan a Repo

rafter run --format md

# `scan` is an alias for `run`
rafter scan --format md

Scan Modes

# Fast scan (default)
rafter run --format md --mode fast

# Plus scan (deeper analysis with additional agent passes)
rafter run --format md --mode plus
rafter run --format md -m plus

Scan a Specific Repo and Branch

rafter run --repo myorg/myrepo --branch main --format md

Scan in the Background

rafter run --skip-interactive

Save Report to File

rafter run --format md > security-report-$(date +%Y-%m-%d-%H-%M-%S).md

Count Vulnerabilities

rafter run | jq -r '.vulnerabilities | length // 0'

# Count critical vulnerabilities
rafter run | jq '[.vulnerabilities[] | select(.level == "error")] | length'

Check Quota

rafter usage

Rafter Security

Local security features. No API key required.

Initialize

rafter agent init                          # auto-detect agents
rafter agent init --risk-level aggressive  # set risk level
rafter agent init --codex                  # force Codex CLI detection
rafter agent init --claude-code            # force Claude Code detection

Secret Scanning

rafter agent scan .              # scan current directory
rafter agent scan --staged       # scan git staged files only
rafter agent scan --json         # output as JSON
rafter agent scan --engine gitleaks  # use Gitleaks engine

Command Execution

rafter agent exec "git push"         # execute with risk assessment
rafter agent exec "rm -rf /" --force # bypass approval (not recommended)

Skill Auditing

rafter agent audit-skill path/to/skill.md

Pre-Commit Hook

rafter agent install-hook           # current repo only
rafter agent install-hook --global  # all repos

Audit Logs

rafter agent audit                # view recent events
rafter agent audit --limit 50     # last 50 events
rafter agent audit --risk high    # filter by risk level

Configuration

rafter agent config show                              # view all config
rafter agent config get agent.riskLevel               # get a value
rafter agent config set agent.riskLevel aggressive    # set a value

Exit Codes

Rafter Code Analysis (`rafter run`, `rafter get`, `rafter usage`)

Code	Meaning
0	Success
1	General error
2	Scan not found
3	Quota exhausted (per-mode scan limit reached)
4	Insufficient API key scope

Rafter Security (`rafter scan local`)

Code	Meaning
0	No secrets found
1	Secrets detected
2	Runtime error (path not found, not a git repo, invalid ref)

Get Started

CLI Guides

Agent Security

References

Quick Reference

Rafter Security Audits

Scan a Repo

Scan Modes

Scan a Specific Repo and Branch

Scan in the Background

Save Report to File

Count Vulnerabilities

Check Quota

Rafter Security

Initialize

Secret Scanning

Command Execution

Skill Auditing

Pre-Commit Hook

Audit Logs

Configuration

Exit Codes

Rafter Code Analysis (`rafter run`, `rafter get`, `rafter usage`)

Rafter Security (`rafter scan local`)

Get Started

CLI Guides

Agent Security

References

​Rafter Security Audits

​Scan a Repo

​Scan Modes

​Scan a Specific Repo and Branch

​Scan in the Background

​Save Report to File

​Count Vulnerabilities

​Check Quota

​Rafter Security

​Initialize

​Secret Scanning

​Command Execution

​Skill Auditing

​Pre-Commit Hook

​Audit Logs

​Configuration

​Exit Codes

​Rafter Code Analysis (rafter run, rafter get, rafter usage)

​Rafter Security (rafter scan local)

Rafter Security Audits

Scan a Repo

Scan Modes

Scan a Specific Repo and Branch

Scan in the Background

Save Report to File

Count Vulnerabilities

Check Quota

Rafter Security

Initialize

Secret Scanning

Command Execution

Skill Auditing

Pre-Commit Hook

Audit Logs

Configuration

Exit Codes

Rafter Code Analysis (`rafter run`, `rafter get`, `rafter usage`)

Rafter Security (`rafter scan local`)