CLI REFERENCE

CLI Commands

Most commands support --json for machine-readable output. Install with npm install -g brigs.

Auth

brigs auth loginAuthenticate via browser OAuthno auth

brigs auth login --api-key <key>Authenticate with an API key (CI/agents)no auth

brigs auth logoutClear stored credentialsno auth

brigs auth statusShow authentication statusno auth

brigs auth whoamiShow current user infoAPI key

Local Analysis

brigs agent-scan [dir]Offline governance scan (SARIF output with --sarif)no auth

brigs ai-inventory [dir]Discover AI assets, models, MCP servers, agent configsno auth

Scanning

brigs scan runTrigger a governance scanAPI key

brigs scan listList recent scansAPI key

brigs scan get <id>Get scan statusAPI key

brigs scan watch <id>Poll scan until completeAPI key

Findings

brigs finding listList findings (filterable by --severity, --status, --control)API key

brigs finding get <id>Get finding detailAPI key

brigs finding dismiss <id>Dismiss a findingAPI key

brigs finding resolve <id>Mark finding resolvedAPI key

brigs statusSummary view of findings and postureAPI key

Posture & Compliance

brigs postureOrg-wide posture scoreAPI key

brigs posture [framework]Framework-specific posture (e.g. SOC2, NIST_AI_RMF)API key

Repos

brigs repo listList monitored repositoriesAPI key

brigs repo get <id>Get repository detailsAPI key

brigs repo remove <id>Remove a repository from monitoringAPI key

Controls & Evidence

brigs control listList control definitionsAPI key

brigs control get <key>Get control detailAPI key

brigs evidence generateGenerate compliance evidence packAPI key

Remediation

brigs remediate <finding-id>Auto-fix a finding via AI (requires ANTHROPIC_API_KEY)API key

Config & Keys

brigs config showView CLI configurationno auth

brigs config set <k> <v>Set a configuration valueno auth

brigs config get <key>Get a configuration valueno auth

brigs config pathShow config file pathno auth

brigs config resetReset configuration to defaultsno auth

brigs api-key create <name>Create a new API keyAPI key

brigs api-key listList API keysAPI key

brigs api-key revoke <id>Revoke an API keyAPI key

CI/CD Integration

Run governance scans in your pipeline. The CLI outputs JSON and SARIF for integration with GitHub Code Scanning and other tools.

GitHub Actions

name: Agent Governance
on: [push, pull_request]

jobs:
  brigs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - run: npm install -g brigs

      # Cloud scan (requires API key)
      - run: brigs scan run --json
        env:
          BRIGS_API_KEY: ${{ secrets.BRIGS_API_KEY }}

      # Or: local scan with SARIF upload (no API key)
      - run: brigs agent-scan . --sarif > results.sarif
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

GitLab CI

brigs-scan:
  image: node:20
  script:
    - npm install -g brigs
    - brigs scan run --json
  variables:
    BRIGS_API_KEY: $BRIGS_API_KEY