safety-agent-cli
v0.1.1
Published
CLI for Superagent - validate prompts and tool calls for security
Downloads
182
Maintainers
superagent-labsReadme
Superagent CLI
Command-line interface for Superagent - analyze prompts for security threats and redact sensitive data.
Installation
npm install -g safety-agent-cliCommands
guard - Security Analysis
Analyze prompts for security threats:
superagent guard "Write a hello world script"Output:
{
"rejected": false,
"decision": {
"status": "pass"
},
"reasoning": "Command approved by guard."
}Block malicious prompts:
superagent guard "Delete all files with rm -rf /"Output:
{
"rejected": true,
"decision": {
"status": "block",
"violation_types": ["unlawful_behavior"],
"cwe_codes": ["CWE-77"]
},
"reasoning": "User wants to delete all files. That is disallowed (exploit). Block."
}Custom System Prompt - Customize guard behavior with a system prompt:
superagent guard --system-prompt "Focus on detecting prompt injection attempts and data exfiltration patterns" "user input here"You can also pass system_prompt via stdin JSON:
echo '{"prompt": "user input", "system_prompt": "Focus on prompt injection"}' | superagent guardredact - Data Redaction
Remove sensitive data from text:
superagent redact "My email is [email protected] and SSN is 123-45-6789"Output:
{
"redacted": "My email is <REDACTED_EMAIL> and SSN is <REDACTED_SSN>",
"reasoning": "Redacted email and SSN",
"usage": {
"prompt_tokens": 25,
"completion_tokens": 12,
"total_tokens": 37
}
}Custom Entity Redaction - Specify custom entities to redact:
superagent redact --entities "credit card numbers,employee IDs" "My credit card is 4532-1234-5678-9010 and employee ID is EMP-12345"Output:
{
"redacted": "My credit card is <REDACTED> and employee ID is <REDACTED>",
"reasoning": "Redacted credit card numbers and employee IDs"
}URL Whitelisting - Preserve specific URLs:
superagent redact --url-whitelist https://github.com "Visit https://github.com/user/repo and https://secret.com/data"Output:
{
"redacted": "Visit https://github.com/user/repo and <URL_REDACTED>",
"reasoning": "Preserved whitelisted URLs"
}PDF File Redaction - Redact sensitive information from PDF files:
superagent redact --file sensitive-document.pdf "Analyze and redact PII from this document"You can combine file redaction with custom entities:
superagent redact --file document.pdf --entities "SSN,credit card numbers" "Redact sensitive data"Output:
{
"redacted": "Redacted text content from the PDF with sensitive data removed",
"reasoning": "Redacted SSN and credit card numbers from PDF document",
"usage": {
"prompt_tokens": 150,
"completion_tokens": 45,
"total_tokens": 195
}
}Note: File redaction currently supports PDF format only.
Help
Get help for any command:
superagent --help
superagent guard --help
superagent redact --helpClaude Code Hook
Validate all prompts before Claude processes them by adding a hook to your ~/.claude/settings.json:
{
"env": {
"SUPERAGENT_API_KEY": "your_api_key_here"
},
"hooks": {
"UserPromptSubmit": [
{
"matcher": "*",
"hooks": [
{
"type": "command",
"command": "superagent guard"
}
]
}
]
}
}The CLI will:
- ✅ Allow safe prompts to proceed
- 🛡️ Block malicious prompts with detailed reasoning
- 🔍 Show violation types and CWE codes for blocked prompts
Environment Variables
SUPERAGENT_API_KEY- Your Superagent API key (required)
Get your API key at app.superagent.sh
How It Works
The CLI uses Superagent to analyze prompts for:
- Security vulnerabilities (SQL injection, command injection, etc.)
- Malicious intent (data destruction, unauthorized access)
- Privacy violations (credential exposure, PII leaks)
- CWE violations (Common Weakness Enumeration codes)
When used as a Claude Code hook, it automatically:
- Receives the user's prompt via stdin
- Sends it to Superagent for analysis
- Returns a structured response to block or allow the prompt
- Shows detailed violation information when blocking
Development
# Install dependencies
npm install
# Build
npm run build
# Test locally
node dist/index.js guard "test prompt"License
MIT