> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rafter.so/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

> Rafter is the way to shift security left — into your AI coding agent's feedback loop. Secret scanning, command interception, policy enforcement, extension auditing, audit logging, and remote SAST/SCA — one CLI, every agent.

## Welcome to Rafter

**Rafter is the way to shift security left.** It moves vulnerability detection, secret scanning, dependency auditing, and policy enforcement out of post-merge review queues and into your AI coding agent's feedback loop — where mistakes get caught while code is still being written, not after it ships.

Rafter sits between your agent and your codebase, scanning for secrets, intercepting dangerous commands, evaluating extensions, and (with an API key) running deep SAST/SCA passes through the Code Security Engine.

One command installs across every supported agent. Free to start, MIT-licensed, works offline.

<Card title="Wire Rafter into your agent" icon="shield-check" href="/guides/agent-security/getting-started" horizontal>
  Install Rafter and put security inside your agent's loop in under a minute.
</Card>

## The Shift-Left Loop

Rafter's job is to make security a first-class signal your agent consults at every step:

<Columns cols={2}>
  <Card title="During design and planning" icon="compass">
    Your agent anticipates risks before code is written — auth, data flow, permissions, external integrations.
  </Card>

  <Card title="While writing and modifying code" icon="code">
    Sensitive logic gets scanned the moment it appears. Secrets never reach git. Risky dependencies are flagged on install.
  </Card>

  <Card title="When reviewing changes or diffs" icon="eye">
    Your agent runs Rafter against the diff and explains tradeoffs as part of its review pass.
  </Card>

  <Card title="Before finalizing implementations" icon="circle-check">
    A final scan with the Code Security Engine catches anything the local pass missed — SAST, SCA, agentic deep dive.
  </Card>
</Columns>

## Two Layers, One Loop

<Columns cols={2}>
  <Card title="Local: Agent Security (Free, No Account)" icon="robot" href="/guides/agent-security/getting-started">
    Lives inside your agent's session. Secret scanning, command interception, policy enforcement, extension auditing, MCP server, pre-commit hooks, and audit logging. Works offline. Supports Claude Code, Codex CLI, Gemini CLI, Cursor, Windsurf, Continue.dev, Aider, and OpenClaw.
  </Card>

  <Card title="Remote: Code Security Engine (API key)" icon="shield-check" href="/guides/basics">
    Hand your agent an API key and it can run deep SAST, SCA, secret detection, and agentic deep-dive audits whenever it needs to — tracing data flows, reasoning about business logic, cross-referencing with static analysis. Structured reports the agent can act on directly.
  </Card>
</Columns>

## Agent-First Design

<Columns cols={3}>
  <Card title="Stable Output Contract" icon="file-code">
    JSON to stdout, status to stderr, documented exit codes. Agents classify outcomes without parsing prose.
  </Card>

  <Card title="Deterministic Results" icon="equals">
    Same inputs produce the same findings for a given CLI version. No flaky scans, no surprises.
  </Card>

  <Card title="9 Platforms, One Command" icon="plug">
    `rafter agent init --all` auto-detects and installs across every supported agent and IDE.
  </Card>
</Columns>

## Platform Integrations

<Columns cols={3}>
  <Card title="Claude Code" icon="robot" href="/guides/agent-security/claude-code-integration">
    PreToolUse hooks and security skills.
  </Card>

  <Card title="Codex CLI" icon="code" href="/guides/agent-security/codex-integration">
    Security skills for OpenAI Codex.
  </Card>

  <Card title="MCP Clients" icon="plug" href="/guides/agent-security/mcp-integration">
    Cursor, Windsurf, Gemini CLI, Continue.dev, Aider, Claude Desktop, Cline.
  </Card>
</Columns>

## Quick Start

```bash theme={null}
npm install -g @rafter-security/cli
rafter agent init --all
```

That's it. Your agents now have secret scanning, command interception, and policy enforcement.

<Card title="Full Quick Start Guide" icon="rocket" href="/quickstart" horizontal>
  Detailed setup including remote scanning, CI/CD, and API access.
</Card>

## More Resources

<Columns cols={3}>
  <Card title="CLI Reference" icon="terminal" href="/guides/quick-reference">
    All commands at a glance.
  </Card>

  <Card title="REST API" icon="code" href="/api-reference/introduction">
    Programmatic scanning for custom integrations.
  </Card>

  <Card title="CI/CD" icon="rotate" href="/guides/ci-cd">
    GitHub Actions, GitLab CI, CircleCI.
  </Card>
</Columns>