CLI Overview
The Inkog CLI is a lightweight, stateless pre-flight check for AI agent code. It detects logic flaws and security risks locally and performs deep analysis via the Inkog API.
Installation
npx (No Install)
npx -y @inkog-io/cli scan .Install Script
curl -fsSL https://inkog.io/install.sh | shHomebrew
brew tap inkog-io/inkog
brew install inkogGo Install
go install github.com/inkog-io/inkog/cmd/inkog@latestBinary Download
Download the latest release from GitHub Releases .
See Installation for full details on each method.
API Key Setup
An API key is required for all scans. Get your free key at app.inkog.io .
export INKOG_API_KEY=sk_live_your_key_hereQuick Start
Scan your current directory:
inkog .Scan a specific path with JSON output:
inkog -output json ./srcScan with minimum severity threshold:
inkog -severity high ./agentsHow It Works
Inkog uses a hybrid privacy model:
- Local Detection - Secrets are detected and redacted locally before any data leaves your machine
- Server Analysis - Only redacted code is sent for deep AST analysis and risk detection
- Merged Results - Local and server findings are combined into a unified report
Your secrets never leave your machine. The server only receives sanitized code with [REDACTED-API_KEY] placeholders.
Architecture
┌─────────────────┐ ┌─────────────────┐
│ Your Code │────▶│ Local Scanner │
└─────────────────┘ │ (Secrets) │
└────────┬────────┘
│ Redacted
▼
┌─────────────────┐
│ Inkog Server │
│ (AST Analysis) │
└────────┬────────┘
│
▼
┌─────────────────┐
│ Unified Report │
└─────────────────┘Next Steps
- Commands - Full command reference
- Output Formats - JSON, Text, and HTML output
- Environment Variables - Configuration options
- CI/CD Integration - GitHub Actions, GitLab CI, and more
Last updated on