CLI Overview

The Inkog CLI is a lightweight, stateless security scanner for AI agent code. It detects vulnerabilities locally and performs deep analysis via the Inkog API.

Installation

Go Install (Recommended)

go install github.com/inkog-io/inkog@latest

Homebrew

brew install inkog-io/tap/inkog

Binary Download

Download the latest release from GitHub Releases .

Quick Start

Scan your current directory:

inkog .

Scan a specific path with JSON output:

inkog -output json ./src

Scan with minimum severity threshold:

inkog -severity high ./agents

How It Works

Inkog uses a hybrid privacy model:

1. Local Detection - Secrets are detected and redacted locally before any data leaves your machine
2. Server Analysis - Only redacted code is sent for deep AST analysis and vulnerability detection
3. Merged Results - Local and server findings are combined into a unified report

Your secrets never leave your machine. The server only receives sanitized code with [REDACTED-API_KEY] placeholders.

Architecture

┌─────────────────┐     ┌─────────────────┐
│   Your Code     │────▶│  Local Scanner  │
└─────────────────┘     │  (Secrets)      │
                        └────────┬────────┘
                                 │ Redacted
                                 ▼
                        ┌─────────────────┐
                        │  Inkog Server   │
                        │  (AST Analysis) │
                        └────────┬────────┘
                                 │
                                 ▼
                        ┌─────────────────┐
                        │  Unified Report │
                        └─────────────────┘

Next Steps

• Commands - Full command reference
• Output Formats - JSON, Text, and HTML output
• Environment Variables - Configuration options
• CI/CD Integration - GitHub Actions, GitLab CI, and more