CLI, REST API, and local analysis tools for AI agent governance.
Three paths depending on your environment. Pick one and go.
npm install -g brigs brigs auth login # opens browser brigs scan run # auto-detects local repo brigs finding list # view results
npm install -g brigs export BRIGS_API_KEY=brigs_sk_... brigs scan run --json
Or without installing: curl -s -H "Authorization: Bearer $BRIGS_API_KEY" https://api.brigs.ai/scans -X POST | jq .
npm install -g brigs brigs agent-scan . # offline governance scan brigs ai-inventory . # discover AI assets
Runs entirely offline. Outputs JSON with --json or SARIF with --sarif for GitHub Code Scanning.
The CLI and REST API both support API key authentication. The CLI also supports browser-based OAuth for interactive use.
The fastest path for humans. Opens your default browser, signs you in, and stores the session locally.
brigs auth login
For headless environments where you have an API key. The key is stored in your local config.
brigs auth login --api-key brigs_sk_your_key_here
Set BRIGS_API_KEY and skip login entirely. Recommended for CI/CD and agent workflows.
export BRIGS_API_KEY=brigs_sk_your_key_here brigs scan run --json
When multiple credentials exist, the CLI uses this order:
--api-key flag (highest)BRIGS_API_KEY environment variablebrigs auth loginAll API requests require a Bearer token. API keys use the brigs_sk_ prefix for easy identification in secret scanners.
curl https://api.brigs.ai/repos \ -H "Authorization: Bearer brigs_sk_your_key_here"
Security: Only the SHA-256 hash of your key is stored. The plaintext is shown once at creation. Treat it like a password.
# Authenticate (pick one) brigs auth login # browser OAuth brigs auth login --api-key brigs_sk_... # paste key # Scan and review brigs scan run brigs finding list --severity CRITICAL # Posture score (machine-readable) brigs posture --json | jq '.score' # Local analysis (no auth needed) brigs agent-scan . --sarif > results.sarif brigs ai-inventory . --json
# List findings
curl https://api.brigs.ai/findings \
-H "Authorization: Bearer $BRIGS_API_KEY"
# Response: { "findings": [...], "total": 42 }
# Trigger a scan
curl -X POST https://api.brigs.ai/scans \
-H "Authorization: Bearer $BRIGS_API_KEY" \
-H "Content-Type: application/json" \
-d '{"repoId": "repo_123"}'
# Response: { "scan": { "id": "scn_...", "status": "QUEUED" } }import requests
API_KEY = "brigs_sk_..."
BASE = "https://api.brigs.ai"
headers = {"Authorization": f"Bearer {API_KEY}"}
# Get posture score
r = requests.get(f"{BASE}/posture/summary", headers=headers)
data = r.json()
print(f"Score: {data['score']}, Coverage: {data['coverage']}")
# List open findings
r = requests.get(f"{BASE}/findings?status=OPEN", headers=headers)
for f in r.json()["findings"]:
print(f"{f['severity']} {f['controlKey']}: {f['summary']}")const API_KEY = process.env.BRIGS_API_KEY;
const BASE = "https://api.brigs.ai";
const headers = {
Authorization: `Bearer ${API_KEY}`,
"Content-Type": "application/json",
};
// Trigger a scan and poll until complete
const { scan } = await fetch(`${BASE}/scans`, {
method: "POST", headers, body: JSON.stringify({})
}).then(r => r.json());
console.log("Scan started:", scan.id, scan.status);All environment variables recognized by the CLI and REST API.
| Variable | Description |
|---|---|
| BRIGS_API_KEY | API key — skips interactive login |
| BRIGS_API_URL | API endpoint URL |
| BRIGS_WEB_URL | Web app URL (for browser login) |
| ANTHROPIC_API_KEY | Anthropic key for AI remediation (brigs remediate) |
Start with brigs auth login or set BRIGS_API_KEY for headless use.