Agnech

CLI API Reference

Complete reference for the Agnech command-line interface. Installation, authentication, commands, and configuration options.

Overview

The Agnech CLI provides powerful security scanning capabilities from your terminal. It's designed for local development, CI/CD pipelines, and automated security workflows.

7 Engines
Deep analysis
CI/CD Ready
Pipeline integration
Multiple Formats
JSON, SARIF, HTML

Installation

Bash
1# Install via npm (recommended)
2npm install -g @agnech/cli
3

4# Or via Homebrew (macOS/Linux)
5brew install agnech/tap/agnech
6

7# Or via curl (Linux/macOS)
8curl -fsSL https://get.agnech.com | bash
9

10# Verify installation
11agnech version
12

13# Output:
14# Agnech CLI v2.4.0
15# Platform: darwin-arm64
16# Engines: 7 active

System Requirements

Node.js 18+ required for npm installation. Binary releases available for Windows, macOS (Intel/ARM), and Linux (x64/ARM).

Authentication

Authenticate with your Agnech API key for full feature access.

Bash
1# Interactive login
2agnech auth login
3

4# Login with API key
5agnech auth login --key YOUR_API_KEY
6

7# Login via environment variable
8export AGNECH_API_KEY=YOUR_API_KEY
9agnech scan .  # Automatically uses env var
10

11# Check authentication status
12agnech auth status
13

14# Output:
15# ✓ Authenticated as: developer@company.com
16# ✓ Organization: Acme Corp
17# ✓ Plan: Pro
18# ✓ API Key: bh_****...****
19

20# Logout
21agnech auth logout

API Key Locations

The CLI checks for API keys in this order:

  1. 1. --key command line flag
  2. 2. AGNECH_API_KEY environment variable
  3. 3. ~/.agnech/credentials file
  4. 4. .agnech.yaml in project root

Basic Usage

Bash
1# Scan current directory
2agnech scan .
3

4# Scan specific path
5agnech scan ./src
6

7# Scan with specific mode
8agnech scan . --mode advanced
9agnech scan . --mode ultimate
10agnech scan . --mode apex
11

12# Output to file
13agnech scan . --output results.json
14agnech scan . --output results.sarif
15agnech scan . --output report.html
16

17# Filter by severity
18agnech scan . --severity critical,high
19

20# Fail on findings (for CI/CD)
21agnech scan . --fail-on high
22agnech scan . --fail-on critical
23

24# Verbose output
25agnech scan . -v
26agnech scan . -vv  # More verbose
27agnech scan . -vvv # Debug level

Command Reference

scan

Run security analysis on code

agnech scan [path] [options]
report

Generate security reports

agnech report [type] [options]
fix

Apply automated fixes

agnech fix [finding-id] [options]
config

Manage configuration

agnech config [action] [options]
auth

Manage authentication

agnech auth [action]
version

Show version information

agnech version
Bash
1# Get help for any command
2agnech --help
3agnech scan --help
4agnech report --help
5

6# Scan command options
7agnech scan [path] [options]
8

9Options:
10  --mode <mode>           Analysis mode (standard|advanced|ultimate|apex)
11  --engines <list>        Comma-separated engines to use
12  --severity <list>       Filter findings by severity
13  --output <file>         Output file path
14  --format <format>       Output format (json|sarif|html|csv|markdown)
15  --fail-on <severity>    Exit with code 1 if findings at severity
16  --config <file>         Config file path
17  --timeout <seconds>     Scan timeout
18  --parallel <n>          Number of parallel workers
19  --incremental           Only scan changed files
20  --quiet                 Suppress non-essential output
21  -v, --verbose           Increase verbosity
22

23# Report command options
24agnech report <type> [options]
25

26Types:
27  executive               Executive summary for leadership
28  technical               Detailed technical analysis
29  catalog                 Full vulnerability catalog
30  roadmap                 Remediation roadmap
31  compliance              Compliance framework report
32  financial               Financial impact analysis
33

34Options:
35  --output <file>         Output file path
36  --format <format>       Output format (pdf|html|json|csv)
37  --period <duration>     Time period (7d|30d|90d|1y)
38  --framework <name>      Compliance framework (soc2|pci|hipaa)
39  --compare-previous      Include comparison to previous period

Configuration

Configure default behavior via agnech.yaml in your project root.

YAML
1# agnech.yaml
2

3version: 1
4

5# Default scan settings
6scan:
7  mode: advanced
8  engines:
9    - pattern
10    - sast
11    - dependencies
12    - taint
13    - ai
14

15  # Paths to include/exclude
16  include:
17    - "src/**"
18    - "lib/**"
19  exclude:
20    - "**/*.test.ts"
21    - "**/__mocks__/**"
22    - "node_modules/**"
23

24  # Severity threshold
25  severity:
26    - critical
27    - high
28    - medium
29

30  # Performance settings
31  parallel: 8
32  timeout: 300
33

34# CI/CD settings
35ci:
36  fail_on: high
37  comment_on_pr: true
38  sarif_upload: true
39

40# Report settings
41reports:
42  default_format: html
43  output_dir: ./security-reports
44

45# Suppressions
46suppressions:
47  - id: "DEPS-001"
48    reason: "False positive - not in production path"
49    expires: "2024-12-31"
50

51  - pattern: "**/*.test.ts"
52    reason: "Test files excluded"
53

54# Custom rules
55rules:
56  - path: ./custom-rules.yaml
Bash
1# Config management commands
2

3# Initialize config in current directory
4agnech config init
5

6# View current config
7agnech config show
8

9# Set specific values
10agnech config set scan.mode ultimate
11agnech config set ci.fail_on critical
12

13# Validate config file
14agnech config validate

Exit Codes

Exit codes for CI/CD integration and scripting.

CodeMeaning
0Success - No findings or only info-level findings
1Findings detected - Critical or high severity findings present
2Configuration error - Invalid config or missing required options
3Authentication error - Invalid or expired API key
4Scan error - Analysis failed to complete
5Network error - Unable to connect to Agnech services
Bash
1# Example CI/CD usage with exit codes
2

3# GitHub Actions
4- name: Security Scan
5  run: agnech scan . --fail-on high
6  continue-on-error: false  # Fail build on exit code 1
7

8# Shell script
9agnech scan .
10EXIT_CODE=$?
11

12if [ $EXIT_CODE -eq 0 ]; then
13  echo "No security issues found"
14elif [ $EXIT_CODE -eq 1 ]; then
15  echo "Security findings detected - review required"
16  exit 1
17else
18  echo "Scan error (code: $EXIT_CODE)"
19  exit $EXIT_CODE
20fi