agent-permission
v0.1.7
Published
Public CLI for Agent Permission checks and agent workspace installation.
Downloads
992
Maintainers
Readme
Agent Permission CLI
Give AI agents a permission gate before they touch external URLs.
Quickstart
For one personal Codex setup that works across repositories:
npx -y agent-permission@latest install --adapter codex
node "$HOME/.config/agent-permission/agent-permission.mjs" config set api-key <YOUR_API_KEY>
node "$HOME/.config/agent-permission/agent-permission.mjs" config doctorinstall --adapter codex defaults to user scope, writes personal Codex instructions under your Agent Permission config directory, and installs a reusable runner there. The install output prints the exact runner command for your machine.
For a repository-owned instruction block:
npx -y agent-permission@latest install --adapter auto --scope projectThis adds an Agent Permission block to the local agent instruction file, such as AGENTS.md, CLAUDE.md, or agent-permission.chatgpt.md, depending on the selected adapter. It also writes a tiny project-local runner at .agent-permission/agent-permission.mjs so repeated checks do not need npm registry access.
To install instructions and configure live checks in one step:
npx -y agent-permission@latest install --adapter codex --api-key <YOUR_API_KEY>To force a project-local Codex install instead:
npx -y agent-permission@latest install --adapter codex --scope projectAdd an API key when you want live checks from the command line, CI, or agent runs:
node "$HOME/.config/agent-permission/agent-permission.mjs" config set api-key <YOUR_API_KEY>
node "$HOME/.config/agent-permission/agent-permission.mjs" check https://example.com/blog-post --action summarize --exit-codeWhat the Agent Runs
After install, project instructions tell compatible agents to run:
node <installed-runner-path> check <url> --action <crawl|summarize|extract|train|transact|post> --exit-codeIf the runner is missing, the installed instructions tell the agent to stop and ask you to repair the installation once:
npx -y agent-permission@latest install --adapter codex --scope userIf the API key is missing, the generated instructions tell the agent to stop and ask you to run the exact config set api-key command for that installed runner. The generated preflight block does not tell agents to run npx ... check during a URL request, so repeated checks do not need registry access or unpinned-code approval.
Commands
agent-permission check <url> --action <crawl|summarize|extract|train|transact|post>
agent-permission batch --file checks.json
agent-permission verify-receipt --file receipt.json
agent-permission install --adapter auto|codex|claude|chatgpt|openclaw [--scope project|user] [--api-key <key>]
agent-permission config set api-key <key>
agent-permission config doctorUse --json for machine-readable output and --exit-code to map decisions to process status:
0: allow2: escalate3: deny1: CLI or API error
Environment
AGENT_PERMISSION_API_KEY=<key>
AGENT_PERMISSION_API_URL=<url>
AGENT_PERMISSION_DEFAULT_MODE=strictAgent Permission evaluates URL access signals from robots.txt, llms.txt, and OpenTerms, then returns a signed receipt for auditability.
